[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()
Ian Jackson writes ("Re: [PATCH] tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()"): > Andrew Cooper writes ("[PATCH] tools/libxl: Fix free() of wild pointer in > libxl__initiate_device_remove()"): > > libxl__initiate_device_remove() had a preexisting error path issue where > > libxl_dominfo_dispose() could be called on a libxl_dominfo object before it > > had been initialised with libxl_dominfo_init(). ... > Acked-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> > Committed-by: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> This has been backported to 4.4. It isn't applicable to 4.3 and earlier. FYI: While investigating why it didn't apply, I discovered that the changeset blamed by Andrew isn't actually the real culprit. The real culprit IMO is f39b1af257e3 "libxl: remove the Qemu bodge for driver domain devices" which was by Roger and acked by me. That change moves libxl_dominfo_init(&info) from the start of the function to a branch of an if(), but doesn't move the corresponding variable. Ie it introduced a violation of our principle that variables should all be initialised to a (noop)-freeable value; that violation was latent bug. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |