From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Matthew Daley <mattd@bugfuzz.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 08/13 v5] libxl: don't leak ptr in libxl_list_vm error case
Date: Tue, 3 Dec 2013 10:30:11 +0000 [thread overview]
Message-ID: <529DB2B3.5060306@citrix.com> (raw)
In-Reply-To: <1386066096.16012.59.camel@kazak.uk.xensource.com>
On 03/12/13 10:21, Ian Campbell wrote:
> On Tue, 2013-12-03 at 14:29 +1300, Matthew Daley wrote:
>> While at it, tidy up the function; there's no point in allocating more
>> than the amount of domains actually returned by xc_domain_getinfolist
>> (barring the caveat described in the newly-added comment)
>>
>> Coverity-ID: 1055888
>> Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
>> ---
>> v5: Use libxl__calloc instead of calloc
>>
>> tools/libxl/libxl.c | 27 +++++++++++++++++----------
>> 1 file changed, 17 insertions(+), 10 deletions(-)
>>
>> diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
>> index 67a8e0e..3b73d99 100644
>> --- a/tools/libxl/libxl.c
>> +++ b/tools/libxl/libxl.c
>> @@ -671,20 +671,24 @@ out:
>> * be an aggregate of multiple domains. */
>> libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out)
>> {
>> - libxl_vminfo *ptr;
>> + GC_INIT(ctx);
>> + libxl_vminfo *ptr = NULL;
>> int idx, i, ret;
>> xc_domaininfo_t info[1024];
>> - int size = 1024;
>>
>> - ptr = calloc(size, sizeof(libxl_vminfo));
>> - if (!ptr)
>> - return NULL;
>> -
>> - ret = xc_domain_getinfolist(ctx->xch, 1, 1024, info);
>> - if (ret<0) {
>> - LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "geting domain info list");
>> - return NULL;
>> + ret = xc_domain_getinfolist(ctx->xch, 1, ARRAY_SIZE(info), info);
>> + if (ret < 0) {
>> + LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "getting domain info list");
>> + goto out;
>> }
>> +
>> + /*
>> + * Always make sure to allocate at least one element; if we don't and we
>> + * request zero, libxl__calloc (might) think its internal call to calloc
>> + * has failed (if it returns null), if so it would kill our process.
> Is size==0 something we could/should handle in our libxl__*alloc
> wrappers?
>
> Or maybe this is something we should handle here e.g. by returning NULL,
> except perhaps our API doesn't allow for that?
The current API means that returning NULL from here constitutes a
failure, which needs to be distinct from "I did what you asked and there
are no domains".
*nb_vm_out is a second return parameter from this function.
~Andrew
>
>> + */
>> + ptr = libxl__calloc(NOGC, ret ? ret : 1, sizeof(libxl_vminfo));
>> +
>> for (idx = i = 0; i < ret; i++) {
>> if (libxl_is_stubdom(ctx, info[i].domain, NULL))
>> continue;
>> @@ -694,6 +698,9 @@ libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out)
>> idx++;
>> }
>> *nb_vm_out = idx;
>> +
>> +out:
>> + GC_FREE;
>> return ptr;
>> }
>>
>
next prev parent reply other threads:[~2013-12-03 10:30 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-01 10:14 [PATCH 00/13] Coverity fixes for libxl Matthew Daley
2013-12-01 10:14 ` [PATCH 01/13] libxl: fix unsigned less-than-0 comparison in e820_sanitize Matthew Daley
2013-12-13 5:54 ` Matthew Daley
2013-12-13 13:23 ` Andrew Cooper
2013-12-13 17:31 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 02/13] libxl: check for xc_domain_setmaxmem failure in libxl__build_pre Matthew Daley
2013-12-02 11:55 ` Ian Jackson
2013-12-02 12:11 ` [PATCH 02/13 v2] " Matthew Daley
2013-12-13 5:53 ` Matthew Daley
2013-12-13 10:17 ` Dario Faggioli
2013-12-13 17:23 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 03/13] libxl: correct file open success check in libxl__device_pci_reset Matthew Daley
2013-12-02 11:57 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 04/13] libxl: don't leak p in libxl__wait_for_backend Matthew Daley
2013-12-01 11:53 ` Andrew Cooper
2013-12-01 23:17 ` Matthew Daley
2013-12-02 0:27 ` [PATCH 04/13 v2] " Matthew Daley
2013-12-02 0:42 ` Andrew Cooper
2013-12-02 0:46 ` Matthew Daley
2013-12-02 0:52 ` Andrew Cooper
2013-12-02 12:00 ` Ian Jackson
2014-01-09 14:51 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 05/13] libxl: remove unsigned less-than-0 comparison Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 06/13] libxl: actually abort if initializing a ctx's lock fails Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 07/13] libxl: don't leak output vcpu info on error in libxl_list_vcpu Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 08/13] libxl: don't leak ptr in libxl_list_vm error case Matthew Daley
2013-12-01 12:20 ` Andrew Cooper
2013-12-02 0:30 ` Matthew Daley
2013-12-02 0:37 ` [PATCH 08/13 v2] " Matthew Daley
2013-12-02 0:39 ` Andrew Cooper
2013-12-02 2:58 ` [PATCH 08/13 v3] " Matthew Daley
2013-12-02 10:35 ` Andrew Cooper
2013-12-02 10:47 ` Matthew Daley
2013-12-02 10:50 ` Ian Campbell
2013-12-02 11:05 ` [PATCH 08/13 v4] " Matthew Daley
2013-12-02 11:10 ` Andrew Cooper
2013-12-02 12:08 ` Ian Jackson
2013-12-02 12:19 ` Matthew Daley
2013-12-02 15:03 ` Ian Jackson
2013-12-03 1:29 ` [PATCH 08/13 v5] " Matthew Daley
2013-12-03 10:21 ` Ian Campbell
2013-12-03 10:30 ` Andrew Cooper [this message]
2013-12-13 5:52 ` Matthew Daley
2013-12-13 16:52 ` [PATCH 08/13 v5] libxl: don't leak ptr in libxl_list_vm error case [and 1 more messages] Ian Jackson
2013-12-13 17:05 ` Andrew Cooper
2013-12-13 17:21 ` Ian Jackson
2013-12-13 23:22 ` Matthew Daley
2013-12-13 23:26 ` Matthew Daley
2013-12-16 11:57 ` Ian Jackson
2013-12-14 1:15 ` [PATCH] xl: check for libxl_list_vm failure in print_uptime Matthew Daley
2013-12-16 11:57 ` Ian Jackson
2013-12-16 11:58 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 09/13] libxl: don't leak pcidevs in libxl_pcidev_assignable Matthew Daley
2013-12-02 12:15 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 10/13] libxl: don't try to fclose file twice on error in libxl_userdata_store Matthew Daley
2013-12-02 12:14 ` Ian Jackson
2013-12-02 12:24 ` Matthew Daley
2013-12-02 15:04 ` Ian Jackson
2013-12-02 23:56 ` [PATCH 10/13 v2] " Matthew Daley
2013-12-03 0:00 ` [PATCH 10/13 v3] " Matthew Daley
2013-12-03 17:28 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 11/13] libxl: use pipe instead of temporary file for VNC viewer --autopass Matthew Daley
2013-12-02 12:22 ` Ian Jackson
2013-12-02 12:34 ` Matthew Daley
2013-12-01 10:15 ` [PATCH 12/13] libxl: don't leak buf in libxl_xen_console_read_start error handling Matthew Daley
2013-12-02 12:25 ` Ian Jackson
2013-12-03 1:01 ` [PATCH 12/13 v2] " Matthew Daley
2013-12-03 17:26 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 13/13] libxl: replace for loop with more idiomatic do-while loop Matthew Daley
2013-12-02 12:26 ` Ian Jackson
2013-12-02 12:46 ` Matthew Daley
2013-12-01 12:22 ` [PATCH 00/13] Coverity fixes for libxl Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529DB2B3.5060306@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=mattd@bugfuzz.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.