[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] libxc: fix leak of t_info in xc_tbuf_get_size()



Copying George since he maintains xentrace which this relates to.

On Thu, 2016-02-11 at 14:02 +0530, Harmandeep Kaur wrote:
> Avoid leaking the memory mapping of the trace buffer
> 
> Coverity ID 1351228
> 
> Signed-off-by: Harmandeep Kaur <write.harmandeep@xxxxxxxxx>
> ---
> v2: call to unmapping function reduced to one from two
> ---
> Âtools/libxc/xc_tbuf.c | 8 +++++---
> Â1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/libxc/xc_tbuf.c b/tools/libxc/xc_tbuf.c
> index 695939a..d96cc67 100644
> --- a/tools/libxc/xc_tbuf.c
> +++ b/tools/libxc/xc_tbuf.c
> @@ -70,11 +70,13 @@ int xc_tbuf_get_size(xc_interface *xch, unsigned long
> *size)
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂsysctl.u.tbuf_op.buffer_mfn);
> Â
> ÂÂÂÂÂif ( t_info == NULL || t_info->tbuf_size == 0 )
> -ÂÂÂÂÂÂÂÂreturn -1;
> +ÂÂÂÂÂÂÂÂrc = -1;
> +ÂÂÂÂelse
> +     *size = t_info->tbuf_size;
> Â
> -ÂÂÂÂ*size = t_info->tbuf_size;
> +ÂÂÂÂxenforeignmemory_unmap(xch->fmem, t_info, *size);

*size could be uninitialised here (in the error path) and even in the
success case I don't think t_info->tbus_size is the right argument here, it
needs to be the size which was passed to the map function, i.e.
sysctl.u.tbuf_op.size.

Ian.

> Â
> -ÂÂÂÂreturn 0;
> +ÂÂÂÂreturn rc;
> Â}
> Â
> Âint xc_tbuf_enable(xc_interface *xch, unsigned long pages, unsigned long
> *mfn,

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.