On Tue, Jul 09, 2013 at 03:30:10PM +0800, Qiao Nuohan wrote: > +/* write common header, sub header and elf note to vmcore */ > +static int create_header32(DumpState *s) > +{ > + int ret = 0; > + DiskDumpHeader32 *dh; > + KdumpSubHeader32 *kh; > + size_t size; > + > + /* write common header, the version of kdump-compressed format is 5th */ > + size = sizeof(DiskDumpHeader32); > + dh = g_malloc0(size); > + > + strncpy(dh->signature, KDUMP_SIGNATURE, strlen(KDUMP_SIGNATURE)); > + dh->header_version = 5; > + dh->block_size = s->page_size; > + dh->sub_hdr_size = sizeof(struct KdumpSubHeader32) + s->note_size; > + dh->sub_hdr_size = divideup(dh->sub_hdr_size, dh->block_size); > + dh->max_mapnr = s->max_mapnr; > + dh->nr_cpus = s->nr_cpus; > + dh->bitmap_blocks = divideup(s->len_dump_bitmap, s->page_size); > + memcpy(&(dh->utsname.machine), "i686", 4); > + > + if (write_buffer(s->fd, s->flag_flatten, 0, dh, size) < 0) { > + ret = -1; > + goto out; > + } > + > + /* write sub header */ > + size = sizeof(KdumpSubHeader32); > + kh = g_malloc0(size); > + > + kh->phys_base = PHYS_BASE; > + kh->dump_level = DUMP_LEVEL; > + > + kh->offset_note = DISKDUMP_HEADER_BLOCKS * dh->block_size + size; > + kh->note_size = s->note_size; > + > + if (write_buffer(s->fd, s->flag_flatten, dh->block_size, kh, size) < 0) { > + ret = -1; > + goto out; > + } > + > + /* write note */ > + s->note_buf = g_malloc(s->note_size); > + s->note_buf_offset = 0; > + > + /* use s->note_buf to store notes temporarily */ > + if (write_elf32_notes(buf_write_note, s) < 0) { > + ret = -1; > + goto out; > + } > + > + if (write_buffer(s->fd, s->flag_flatten, kh->offset_note, s->note_buf, > + s->note_size) < 0) { > + ret = -1; > + goto out; > + } > + > + /* get offset of dump_bitmap */ > + s->offset_dump_bitmap = (DISKDUMP_HEADER_BLOCKS + dh->sub_hdr_size) * > + dh->block_size; > + > + /* get offset of page */ > + s->offset_page = (DISKDUMP_HEADER_BLOCKS + dh->sub_hdr_size + > + dh->bitmap_blocks) * dh->block_size; > + > +out: > + g_free(dh); > + g_free(kh); > + g_free(s->note_buf);
These variables must be initialized to NULL so that an early goto out does not access uninitialized memory. > + > + return ret; > +} > + > +/* write common header, sub header and elf note to vmcore */ > +static int create_header64(DumpState *s) > +{ > + int ret = 0; > + DiskDumpHeader64 *dh; > + KdumpSubHeader64 *kh; Same here. > diff --git a/include/sysemu/dump.h b/include/sysemu/dump.h > index 81cbaa8..54ae4e5 100644 > --- a/include/sysemu/dump.h > +++ b/include/sysemu/dump.h > @@ -20,6 +20,14 @@ > #define VERSION_FLAT_HEADER (1) /* version of flattened format */ > #define END_FLAG_FLAT_HEADER (-1) > > +#define KDUMP_SIGNATURE "KDUMP " > +#define SIG_LEN (sizeof(KDUMP_SIGNATURE) - 1) > +#define PHYS_BASE (0) > +#define DUMP_LEVEL (1) > +#define DISKDUMP_HEADER_BLOCKS (1) > + > +#define divideup(x, y) (((x) + ((y) - 1)) / (y)) Please use QEMU's DIV_ROUND_UP().