|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] libxc: fix leak of t_info in xc_tbuf_get_size()
Copying George since he maintains xentrace which this relates to. On Thu, 2016-02-11 at 14:02 +0530, Harmandeep Kaur wrote: > Avoid leaking the memory mapping of the trace buffer > > Coverity ID 1351228 > > Signed-off-by: Harmandeep Kaur <write.harmandeep@xxxxxxxxx> > --- > v2: call to unmapping function reduced to one from two > --- > Âtools/libxc/xc_tbuf.c | 8 +++++--- > Â1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/tools/libxc/xc_tbuf.c b/tools/libxc/xc_tbuf.c > index 695939a..d96cc67 100644 > --- a/tools/libxc/xc_tbuf.c > +++ b/tools/libxc/xc_tbuf.c > @@ -70,11 +70,13 @@ int xc_tbuf_get_size(xc_interface *xch, unsigned long > *size) > ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂsysctl.u.tbuf_op.buffer_mfn); > Â > ÂÂÂÂÂif ( t_info == NULL || t_info->tbuf_size == 0 ) > -ÂÂÂÂÂÂÂÂreturn -1; > +ÂÂÂÂÂÂÂÂrc = -1; > +ÂÂÂÂelse > + *size = t_info->tbuf_size; > Â > -ÂÂÂÂ*size = t_info->tbuf_size; > +ÂÂÂÂxenforeignmemory_unmap(xch->fmem, t_info, *size); *size could be uninitialised here (in the error path) and even in the success case I don't think t_info->tbus_size is the right argument here, it needs to be the size which was passed to the map function, i.e. sysctl.u.tbuf_op.size. Ian. > Â > -ÂÂÂÂreturn 0; > +ÂÂÂÂreturn rc; > Â} > Â > Âint xc_tbuf_enable(xc_interface *xch, unsigned long pages, unsigned long > *mfn, _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |