Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch
diff options
context:
space:
mode:
Diffstat (limited to '0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch')
-rw-r--r--0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch56
1 files changed, 56 insertions, 0 deletions
diff --git a/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch b/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch
new file mode 100644
index 0000000..d55c095
--- /dev/null
+++ b/0058-libs-guest-Fix-leak-on-realloc-failure-in-backup_pte.patch
@@ -0,0 +1,56 @@
+From fa8250f1920413f02b63551a6a4d8ef0b47891a8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Edwin=20T=C3=B6r=C3=B6k?= <edwin.torok@cloud.com>
+Date: Fri, 3 Mar 2023 08:03:19 +0100
+Subject: [PATCH 58/89] libs/guest: Fix leak on realloc failure in
+ backup_ptes()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From `man 2 realloc`:
+
+ If realloc() fails, the original block is left untouched; it is not freed or moved.
+
+Found using GCC -fanalyzer:
+
+ | 184 | backup->entries = realloc(backup->entries,
+ | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ | | | | |
+ | | | | (91) when ‘realloc’ fails
+ | | | (92) ‘old_ptes.entries’ leaks here; was allocated at (44)
+ | | (90) ...to here
+
+Signed-off-by: Edwin Török <edwin.torok@cloud.com>
+Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
+master commit: 275d13184cfa52ebe4336ed66526ce93716adbe0
+master date: 2023-02-27 15:51:23 +0000
+---
+ tools/libs/guest/xg_offline_page.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c
+index c594fdba41..ccd0299f0f 100644
+--- a/tools/libs/guest/xg_offline_page.c
++++ b/tools/libs/guest/xg_offline_page.c
+@@ -181,10 +181,16 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
+
+ if (backup->max == backup->cur)
+ {
+- backup->entries = realloc(backup->entries,
+- backup->max * 2 * sizeof(struct pte_backup_entry));
++ void *orig = backup->entries;
++
++ backup->entries = realloc(
++ orig, backup->max * 2 * sizeof(struct pte_backup_entry));
++
+ if (backup->entries == NULL)
++ {
++ free(orig);
+ return -1;
++ }
+ else
+ backup->max *= 2;
+ }
+--
+2.40.0
+