[libvirt] [PATCH] libxl: Resolve possible resource leak in dom0 maximum memory setting
Michal Privoznik
mprivozn at redhat.com
Fri Feb 10 15:22:00 UTC 2017
On 02/10/2017 02:06 PM, John Ferlan wrote:
> If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
> or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
> is hit, control goes back to the outer loop processing 'cmd_tokens' and
> it's possible that the 'mem_tokens' would be overwritten.
>
> Found by Coverity
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>
> Of course this is what led me down the path of the recently sent virusbmock
> patch...
>
> src/libxl/libxl_conf.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
> index 6ce2e0a..f5b788b 100644
> --- a/src/libxl/libxl_conf.c
> +++ b/src/libxl/libxl_conf.c
> @@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
> goto cleanup;
> }
> }
> + virStringListFree(mem_tokens);
> }
>
> physmem:
>
This will work. The other possible location is just before:
if (!(mem_tokens = virStringSplit(cmd_tokens[i], ",", 0)))
line.
ACK
Michal
More information about the libvir-list
mailing list