[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1 2/2] backup_ptes: fix leak on realloc failure

  • To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Edwin Török <edvin.torok@xxxxxxxxxx>
  • Date: Fri, 24 Feb 2023 13:36:46 +0000
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: Edwin Török <edwin.torok@xxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>
  • Delivery-date: Fri, 24 Feb 2023 13:37:00 +0000
  • Ironport-data: A9a23:VkUb7aNvXiD9M5TvrR2tl8FynXyQoLVcMsEvi/4bfWQNrUon1DZRz mMaCG+DM6yJYGLyKowkPIu+8EtS6p6GyIRjSQto+SlhQUwRpJueD7x1DKtS0wC6dZSfER09v 63yTvGacajYm1eF/k/F3oDJ9CU6jufQAOKnUoYoAwgpLSd8UiAtlBl/rOAwh49skLCRDhiE/ Nj/uKUzAnf8s9JPGj9Suv3rRC9H5qyo42tC5ABmP5ingXeF/5UrJMNHTU2OByOQrrl8RoaSW +vFxbelyWLVlz9F5gSNy+uTnuUiG9Y+DCDW4pZkc/HKbitq/0Te5p0TJvsEAXq7vh3S9zxHJ HehgrTrIeshFvWkdO3wyHC0GQkmVUFN0OevzXRSLaV/ZqAJGpfh66wGMa04AWEX0slYLEpQz 6E1EWFXUjCutsCkzq6KF9A506zPLOGzVG8eknRpzDWfBvc6W5HTBa7N4Le03h9p2JoIR6yHI ZNEN3w2Nk+ojx5nYz/7DLozkPmpgD/jdCdfq3qepLYt4niVxwt0uFToGIuFJoXWG5QK9qqej jP+zkjwKwpLDfy092aPrSiombbzugquDer+E5Xnr6U30TV/3Fc7ChIMUkCgieKkkUP4UNVaQ 2QL/gI+oK5081akJvHtUhv9rHOasxo0X9tLD/Z8+AyL0rDT4QuSGi4DVDEpVTA9nJZoH3pwj AbPxo63Q2U169V5VE5x6J+7gh6ZJxJIAFZTPxMkYDon8df/kdwK20enoslYLIa5idj8GDfVy j+MrTQji7h7sfPnx5lX7nic3Wvy+8Ghohodo1yOAzn7tl8RiJuNPdTA1LTN0RpXwG91pHGlt WNMpcWR5ftm4XqlxH3UG7Vl8F1ECp+43NzgbbxHRcRJG9eFoSTLkWVsDNZWdS9U3j4sI2OBX aMqkVo5CGVvFHWrd7RrRIm6Ft4ny6Ptffy8CK+LN4UROMcsJV/WlM2LWaJ39zqw+HXAbIllY cvLGSpSJSty5VtbIMqeGL5GjO5DKtEWzmLPX5HrpylLIpLHDEN5vYwtaQPUBshgtfPsnekg2 4oHXyd840kFAbKWj+i+2dJ7EG3m2lBiX8iu9JYIK7/TSuekcUl4Y8LsLXoaU9QNt8xoei3gp RlRhmcwJILDuED6
  • Ironport-hdrordr: A9a23:Ib6Edq9yrJCVMQYRarJuk+DiI+orL9Y04lQ7vn2YSXRuE/Bw8P re5MjztCWE8Qr5N0tQ+uxoVJPufZqYz+8Q3WBzB8bFYOCFghrLEGgK1+KLqFeMdxEWtNQtsp uIG5IOc+EYZmIbsS+V2meF+q4bsby6zJw=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
From: Edwin Török <edwin.torok@xxxxxxxxx>

>From `man 2 realloc`:
`If realloc() fails, the original block is left untouched; it is not freed or 
moved.`

Found using GCC -fanalyzer:
```
|  184 |         backup->entries = realloc(backup->entries,
|      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|      |         |               | |
|      |         |               | (91) when ‘realloc’ fails
|      |         |               (92) ‘old_ptes.entries’ leaks here; was 
allocated at (44)
|      |         (90) ...to here
```

Signed-off-by: Edwin Török <edwin.torok@xxxxxxxxx>
---
 tools/libs/guest/xg_offline_page.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c 
b/tools/libs/guest/xg_offline_page.c
index c594fdba41..a8bcea768b 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
 
     if (backup->max == backup->cur)
     {
-        backup->entries = realloc(backup->entries,
+        void* orig = backup->entries;
+        backup->entries = realloc(orig,
                             backup->max * 2 * sizeof(struct pte_backup_entry));
-        if (backup->entries == NULL)
+        if (backup->entries == NULL) {
+            free(orig);
             return -1;
+        }
         else
             backup->max *= 2;
     }
-- 
2.39.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.