|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v2] tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()
libxl__initiate_device_remove() had a preexisting error path issue where
libxl_dominfo_dispose() could be called on a libxl_dominfo object before it
had been initialised with libxl_dominfo_init().
This was safe until c/s ab44401 "xl / libxl: push parsing of SSID and CPU pool
ID down to libxl" added the ssid_label string into libxl_dominfo, which
libxl_dominfo_dispose() will free().
Unconditionally initialise info in libxl__initiate_device_remove() before
taking an error path which will free it.
Coverity-ID: 1223212
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Wei Liu <wei.liu2@xxxxxxxxxx>
CC: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
CC: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
--
v2: Clearer commit message
---
tools/libxl/libxl_device.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index 90ae564..788895b 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -772,6 +772,8 @@ void libxl__initiate_device_remove(libxl__egc *egc,
uint32_t my_domid, domid = aodev->dev->domid;
int rc = 0;
+ libxl_dominfo_init(&info);
+
rc = libxl__get_domid(gc, &my_domid);
if (rc) {
LOG(ERROR, "unable to get my domid");
@@ -779,7 +781,6 @@ void libxl__initiate_device_remove(libxl__egc *egc,
}
if (my_domid == LIBXL_TOOLSTACK_DOMID) {
- libxl_dominfo_init(&info);
rc = libxl_domain_info(CTX, &info, domid);
if (rc) {
LOG(ERROR, "unable to get info for domain %d", domid);
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |