From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: [PATCH 08/13] libxl: don't leak ptr in
 libxl_list_vm error case
Date: Sun, 1 Dec 2013 12:20:44 +0000
Message-ID: <529B299C.4050800@citrix.com>
References: <1385892907-20084-1-git-send-email-mattd@bugfuzz.com>
	<1385892907-20084-9-git-send-email-mattd@bugfuzz.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <1385892907-20084-9-git-send-email-mattd@bugfuzz.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Matthew Daley <mattd@bugfuzz.com>, xen-devel@lists.xen.org
Cc: Ian Jackson <ian.jackson@eu.citrix.com>, Ian Campbell <ian.campbell@citrix.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>
List-Id: xen-devel@lists.xenproject.org

On 01/12/2013 10:15, Matthew Daley wrote:
> While at it, tidy up the function; there's no point in allocating more
> than the amount of domains actually returned by xc_domain_getinfolist.
>
> Coverity-ID: 1055888
> Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
> ---
>  tools/libxl/libxl.c |   14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
>
> diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
> index a57d571..ca4c2cd 100644
> --- a/tools/libxl/libxl.c
> +++ b/tools/libxl/libxl.c
> @@ -674,17 +674,17 @@ libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out)
>      libxl_vminfo *ptr;
>      int idx, i, ret;
>      xc_domaininfo_t info[1024];
> -    int size = 1024;
>  
> -    ptr = calloc(size, sizeof(libxl_vminfo));
> -    if (!ptr)
> +    ret = xc_domain_getinfolist(ctx->xch, 1, ARRAY_SIZE(info), info);
> +    if (ret < 0) {
> +        LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "getting domain info list");
>          return NULL;
> +    }
>  
> -    ret = xc_domain_getinfolist(ctx->xch, 1, 1024, info);
> -    if (ret<0) {
> -        LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "geting domain info list");
> +    ptr = calloc(ret, sizeof(libxl_vminfo));

We now have a possible case of calling calloc(0, sizeof(libxl_vminfo));

The implementation is free to return NULL which will cause this function
to fail in the eyes of its callers.

Doing a calloc(min(1,ret), sizeof(libxl_vminfo)); will suffice, as the
callers already have to correctly deal with 0 domains but some allocated
memory as a result of this function.

~Andrew

> +    if (!ptr)
>          return NULL;
> -    }
> +
>      for (idx = i = 0; i < ret; i++) {
>          if (libxl_is_stubdom(ctx, info[i].domain, NULL))
>              continue;