[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()



Ian Jackson writes ("Re: [PATCH] tools/libxl: Fix free() of wild pointer in 
libxl__initiate_device_remove()"):
> Andrew Cooper writes ("[PATCH] tools/libxl: Fix free() of wild pointer in 
> libxl__initiate_device_remove()"):
> > libxl__initiate_device_remove() had a preexisting error path issue where
> > libxl_dominfo_dispose() could be called on a libxl_dominfo object before it
> > had been initialised with libxl_dominfo_init().
...
> Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
> Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>

This has been backported to 4.4.  It isn't applicable to 4.3 and
earlier.

FYI:

While investigating why it didn't apply, I discovered that the
changeset blamed by Andrew isn't actually the real culprit.

The real culprit IMO is f39b1af257e3 "libxl: remove the Qemu bodge for
driver domain devices" which was by Roger and acked by me.  That
change moves libxl_dominfo_init(&info) from the start of the function
to a branch of an if(), but doesn't move the corresponding variable.
Ie it introduced a violation of our principle that variables should
all be initialised to a (noop)-freeable value; that violation was
latent bug.

Ian.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.