From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Matthew Daley <mattd@bugfuzz.com>,
Ian Jackson <ian.jackson@eu.citrix.com>,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>,
xen-devel@lists.xen.org
Subject: Re: [PATCH 08/13 v5] libxl: don't leak ptr in libxl_list_vm error case
Date: Tue, 3 Dec 2013 10:30:11 +0000 [thread overview]
Message-ID: <529DB2B3.5060306@citrix.com> (raw)
In-Reply-To: <1386066096.16012.59.camel@kazak.uk.xensource.com>
On 03/12/13 10:21, Ian Campbell wrote:
> On Tue, 2013-12-03 at 14:29 +1300, Matthew Daley wrote:
>> While at it, tidy up the function; there's no point in allocating more
>> than the amount of domains actually returned by xc_domain_getinfolist
>> (barring the caveat described in the newly-added comment)
>>
>> Coverity-ID: 1055888
>> Signed-off-by: Matthew Daley <mattd@bugfuzz.com>
>> ---
>> v5: Use libxl__calloc instead of calloc
>>
>> tools/libxl/libxl.c | 27 +++++++++++++++++----------
>> 1 file changed, 17 insertions(+), 10 deletions(-)
>>
>> diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c
>> index 67a8e0e..3b73d99 100644
>> --- a/tools/libxl/libxl.c
>> +++ b/tools/libxl/libxl.c
>> @@ -671,20 +671,24 @@ out:
>> * be an aggregate of multiple domains. */
>> libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out)
>> {
>> - libxl_vminfo *ptr;
>> + GC_INIT(ctx);
>> + libxl_vminfo *ptr = NULL;
>> int idx, i, ret;
>> xc_domaininfo_t info[1024];
>> - int size = 1024;
>>
>> - ptr = calloc(size, sizeof(libxl_vminfo));
>> - if (!ptr)
>> - return NULL;
>> -
>> - ret = xc_domain_getinfolist(ctx->xch, 1, 1024, info);
>> - if (ret<0) {
>> - LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "geting domain info list");
>> - return NULL;
>> + ret = xc_domain_getinfolist(ctx->xch, 1, ARRAY_SIZE(info), info);
>> + if (ret < 0) {
>> + LIBXL__LOG_ERRNO(ctx, LIBXL__LOG_ERROR, "getting domain info list");
>> + goto out;
>> }
>> +
>> + /*
>> + * Always make sure to allocate at least one element; if we don't and we
>> + * request zero, libxl__calloc (might) think its internal call to calloc
>> + * has failed (if it returns null), if so it would kill our process.
> Is size==0 something we could/should handle in our libxl__*alloc
> wrappers?
>
> Or maybe this is something we should handle here e.g. by returning NULL,
> except perhaps our API doesn't allow for that?
The current API means that returning NULL from here constitutes a
failure, which needs to be distinct from "I did what you asked and there
are no domains".
*nb_vm_out is a second return parameter from this function.
~Andrew
>
>> + */
>> + ptr = libxl__calloc(NOGC, ret ? ret : 1, sizeof(libxl_vminfo));
>> +
>> for (idx = i = 0; i < ret; i++) {
>> if (libxl_is_stubdom(ctx, info[i].domain, NULL))
>> continue;
>> @@ -694,6 +698,9 @@ libxl_vminfo * libxl_list_vm(libxl_ctx *ctx, int *nb_vm_out)
>> idx++;
>> }
>> *nb_vm_out = idx;
>> +
>> +out:
>> + GC_FREE;
>> return ptr;
>> }
>>
>
next prev parent reply other threads:[~2013-12-03 10:30 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-01 10:14 [PATCH 00/13] Coverity fixes for libxl Matthew Daley
2013-12-01 10:14 ` [PATCH 01/13] libxl: fix unsigned less-than-0 comparison in e820_sanitize Matthew Daley
2013-12-13 5:54 ` Matthew Daley
2013-12-13 13:23 ` Andrew Cooper
2013-12-13 17:31 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 02/13] libxl: check for xc_domain_setmaxmem failure in libxl__build_pre Matthew Daley
2013-12-02 11:55 ` Ian Jackson
2013-12-02 12:11 ` [PATCH 02/13 v2] " Matthew Daley
2013-12-13 5:53 ` Matthew Daley
2013-12-13 10:17 ` Dario Faggioli
2013-12-13 17:23 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 03/13] libxl: correct file open success check in libxl__device_pci_reset Matthew Daley
2013-12-02 11:57 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 04/13] libxl: don't leak p in libxl__wait_for_backend Matthew Daley
2013-12-01 11:53 ` Andrew Cooper
2013-12-01 23:17 ` Matthew Daley
2013-12-02 0:27 ` [PATCH 04/13 v2] " Matthew Daley
2013-12-02 0:42 ` Andrew Cooper
2013-12-02 0:46 ` Matthew Daley
2013-12-02 0:52 ` Andrew Cooper
2013-12-02 12:00 ` Ian Jackson
2014-01-09 14:51 ` Ian Jackson
2013-12-01 10:14 ` [PATCH 05/13] libxl: remove unsigned less-than-0 comparison Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 06/13] libxl: actually abort if initializing a ctx's lock fails Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 07/13] libxl: don't leak output vcpu info on error in libxl_list_vcpu Matthew Daley
2013-12-02 12:05 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 08/13] libxl: don't leak ptr in libxl_list_vm error case Matthew Daley
2013-12-01 12:20 ` Andrew Cooper
2013-12-02 0:30 ` Matthew Daley
2013-12-02 0:37 ` [PATCH 08/13 v2] " Matthew Daley
2013-12-02 0:39 ` Andrew Cooper
2013-12-02 2:58 ` [PATCH 08/13 v3] " Matthew Daley
2013-12-02 10:35 ` Andrew Cooper
2013-12-02 10:47 ` Matthew Daley
2013-12-02 10:50 ` Ian Campbell
2013-12-02 11:05 ` [PATCH 08/13 v4] " Matthew Daley
2013-12-02 11:10 ` Andrew Cooper
2013-12-02 12:08 ` Ian Jackson
2013-12-02 12:19 ` Matthew Daley
2013-12-02 15:03 ` Ian Jackson
2013-12-03 1:29 ` [PATCH 08/13 v5] " Matthew Daley
2013-12-03 10:21 ` Ian Campbell
2013-12-03 10:30 ` Andrew Cooper [this message]
2013-12-13 16:52 ` [PATCH 08/13 v5] libxl: don't leak ptr in libxl_list_vm error case [and 1 more messages] Ian Jackson
2013-12-13 17:05 ` Andrew Cooper
2013-12-13 17:21 ` Ian Jackson
2013-12-13 23:22 ` Matthew Daley
2013-12-13 23:26 ` Matthew Daley
2013-12-16 11:57 ` Ian Jackson
2013-12-14 1:15 ` [PATCH] xl: check for libxl_list_vm failure in print_uptime Matthew Daley
2013-12-16 11:57 ` Ian Jackson
2013-12-16 11:58 ` Ian Jackson
2013-12-13 5:52 ` [PATCH 08/13 v5] libxl: don't leak ptr in libxl_list_vm error case Matthew Daley
2013-12-01 10:15 ` [PATCH 09/13] libxl: don't leak pcidevs in libxl_pcidev_assignable Matthew Daley
2013-12-02 12:15 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 10/13] libxl: don't try to fclose file twice on error in libxl_userdata_store Matthew Daley
2013-12-02 12:14 ` Ian Jackson
2013-12-02 12:24 ` Matthew Daley
2013-12-02 15:04 ` Ian Jackson
2013-12-02 23:56 ` [PATCH 10/13 v2] " Matthew Daley
2013-12-03 0:00 ` [PATCH 10/13 v3] " Matthew Daley
2013-12-03 17:28 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 11/13] libxl: use pipe instead of temporary file for VNC viewer --autopass Matthew Daley
2013-12-02 12:22 ` Ian Jackson
2013-12-02 12:34 ` Matthew Daley
2013-12-01 10:15 ` [PATCH 12/13] libxl: don't leak buf in libxl_xen_console_read_start error handling Matthew Daley
2013-12-02 12:25 ` Ian Jackson
2013-12-03 1:01 ` [PATCH 12/13 v2] " Matthew Daley
2013-12-03 17:26 ` Ian Jackson
2013-12-01 10:15 ` [PATCH 13/13] libxl: replace for loop with more idiomatic do-while loop Matthew Daley
2013-12-02 12:26 ` Ian Jackson
2013-12-02 12:46 ` Matthew Daley
2013-12-01 12:22 ` [PATCH 00/13] Coverity fixes for libxl Andrew Cooper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=529DB2B3.5060306@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=ian.jackson@eu.citrix.com \
--cc=mattd@bugfuzz.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).