[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image

To: Ian Campbell <Ian.Campbell@xxxxxxxxxx>
From: Matthew Daley <mattjd@xxxxxxxxx>
Date: Fri, 1 Nov 2013 11:12:03 +1300
Cc: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>, Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>
Delivery-date: Thu, 31 Oct 2013 22:12:22 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Fri, Nov 1, 2013 at 10:22 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> On Wed, 2013-10-30 at 20:51 +1300, Matthew Daley wrote:
>> This error case can only be triggered by gzread returning 0 (and having
>> not read anything), so move it there.
>>
>> Coverity-ID: 1056076
>
> Is this right? It seems to correspond to an issue in xc_hvm_build --
> which doesn't look related.

xc_hvm_build calls xc_read_image, which is where the issue itself lies
(click on "show details" on event 8.)

>
>> Signed-off-by: Matthew Daley <mattjd@xxxxxxxxx>
>> ---
>>  tools/libxc/xg_private.c |   14 +++++++-------
>>  1 file changed, 7 insertions(+), 7 deletions(-)
>>
>> diff --git a/tools/libxc/xg_private.c b/tools/libxc/xg_private.c
>> index 8fa068e..a914068 100644
>> --- a/tools/libxc/xg_private.c
>> +++ b/tools/libxc/xg_private.c
>> @@ -71,6 +71,12 @@ char *xc_read_image(xc_interface *xch,
>>              image = NULL;
>>              goto out;
>>          case 0: /* EOF */
>> +            if ( *size == 0 )
>> +            {
>> +                PERROR("Could not read kernel image");
>> +                free(image);
>> +                image = NULL;
>> +            }
>>              goto out;
>>          default:
>>              *size += bytes;
>> @@ -80,13 +86,7 @@ char *xc_read_image(xc_interface *xch,
>>  #undef CHUNK
>>
>>   out:
>> -    if ( *size == 0 )
>> -    {
>> -        PERROR("Could not read kernel image");
>> -        free(image);
>> -        image = NULL;
>> -    }
>> -    else if ( image )
>> +    if ( image )
>>      {
>>          /* Shrink allocation to fit image. */
>>          tmp = realloc(image, *size);
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image
  - From: Ian Campbell

References:
- [Xen-devel] Fixes for various minor Coverity issues, volume 3
  - From: Matthew Daley
- [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image
  - From: Matthew Daley
- Re: [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] Fixes for various minor Coverity issues, volume 3
Next by Date: Re: [Xen-devel] [PATCHv9 0/9] Xen: extend kexec hypercall for use with pv-ops kernels
Previous by thread: Re: [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image
Next by thread: Re: [Xen-devel] [PATCH 06/29] libxc: don't read uninitialized size value in xc_read_image
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.