[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1] tools/libs/guest: assist gcc13's realloc analyzer

  • To: xen-devel@xxxxxxxxxxxxxxxxxxxx
  • From: Olaf Hering <olaf@xxxxxxxxx>
  • Date: Wed, 19 Apr 2023 10:06:33 +0000
  • Arc-authentication-results: i=1; strato.com; arc=none; dkim=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1681898804; s=strato-dkim-0002; d=strato.com; h=Message-Id:Date:Subject:Cc:To:From:Cc:Date:From:Subject:Sender; bh=c1TYgW//a9TczZT7Hvd8U4aS6et0hLk47l2yhUc1fsw=; b=JToD897sebkm3zW7d5nmtM2r4dXRgFet4dR2ShIEDId3g7U0T59xtzZ6uJVR5mXKwY vevXLMilymdTM3eQt+h3zBKdQEjGFzflc4vlYCTL5TGtDqNa7bpcXtAhyRo64mEKUFfl RfDlkQQSlTt6XpCfO8lbhXgNwtV4PieBmIi8vUylG1y80JRTIA7z3r+Qgkzdc5EERp4i RXFcCKOWgN+A0SFBrpcoL2HCOJ6iQUuu/6iV+BaWLAoobFI0k0u4Lsr8RRIXcCzEzLCb RZDaIX0Cb2guCZoz6VZJfHC5peimQtOs3pw9IPBrHRNStku3MMtFGSOFfTxa8lSUZrig qSxg==
  • Arc-seal: i=1; a=rsa-sha256; t=1681898804; cv=none; d=strato.com; s=strato-dkim-0002; b=G3w2mbEJJfgCZHDoE6CwY7Ya//D1yAoOULQRypOXY8zxn9mRq1c9EcusXa9uEmdzsZ nlB3O5pjmlZZoEQkden5vIVd9ldDCMBfk1IOwLMYMPJmMxDb6q1Mz7NETgthG+lTzXTW k8a3z6drrS7RqD7wV9WFt2GACTzoaqk9l/T6mBIvZt5bDqJKMMgUc4WEd9MvWLBG9iHq oN22Wyh0rO7AgX+q49kGm5sqVp7q0qRbmBXo3g720HBmvQhbwJHztN71vDrV9/W/YeT5 qmS6S70L3EffHduBXVpYOMFXQp+j/YRYP5E0+CXgk+p8DDGvmuSb0ZxHyQMc68qRFOMy ZdAQ==
  • Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Wed, 19 Apr 2023 10:07:21 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
gcc13 fails to track the allocated memory in backup_ptes:

xg_offline_page.c: In function 'backup_ptes':
xg_offline_page.c:191:13: error: pointer 'orig' may be used after 'realloc' 
[-Werror=use-after-free]
  191 |             free(orig);

Assist the analyzer by slightly rearranging the code:
In case realloc succeeds, the previous allocation is either extended
or released internally. In case realloc fails, the previous allocation
is left unchanged. Return an error in this case, the caller will
release the currently allocated memory in its error path.

http://bugzilla.suse.com/show_bug.cgi?id=1210570

Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
---
 tools/libs/guest/xg_offline_page.c | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c 
b/tools/libs/guest/xg_offline_page.c
index ccd0299f0f..8f0a252417 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,18 +181,14 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
 
     if (backup->max == backup->cur)
     {
-        void *orig = backup->entries;
+        void *entries = realloc(backup->entries, backup->max * 2 *
+                                sizeof(struct pte_backup_entry));
 
-        backup->entries = realloc(
-            orig, backup->max * 2 * sizeof(struct pte_backup_entry));
-
-        if (backup->entries == NULL)
-        {
-            free(orig);
+        if (entries == NULL)
             return -1;
-        }
-        else
-            backup->max *= 2;
+
+        backup->entries = entries;
+        backup->max *= 2;
     }
 
     backup->entries[backup->cur].table_mfn = table_mfn;

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.