Copying George since he maintains xentrace which this relates to. On Thu, 2016-02-11 at 14:02 +0530, Harmandeep Kaur wrote: > Avoid leaking the memory mapping of the trace buffer > > Coverity ID 1351228 > > Signed-off-by: Harmandeep Kaur <write.harmand...@gmail.com> > --- > v2: call to unmapping function reduced to one from two > --- > tools/libxc/xc_tbuf.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/tools/libxc/xc_tbuf.c b/tools/libxc/xc_tbuf.c > index 695939a..d96cc67 100644 > --- a/tools/libxc/xc_tbuf.c > +++ b/tools/libxc/xc_tbuf.c > @@ -70,11 +70,13 @@ int xc_tbuf_get_size(xc_interface *xch, unsigned long > *size) > sysctl.u.tbuf_op.buffer_mfn); > > if ( t_info == NULL || t_info->tbuf_size == 0 ) > - return -1; > + rc = -1; > + else > + *size = t_info->tbuf_size; > > - *size = t_info->tbuf_size; > + xenforeignmemory_unmap(xch->fmem, t_info, *size);
*size could be uninitialised here (in the error path) and even in the success case I don't think t_info->tbus_size is the right argument here, it needs to be the size which was passed to the map function, i.e. sysctl.u.tbuf_op.size. Ian. > > - return 0; > + return rc; > } > > int xc_tbuf_enable(xc_interface *xch, unsigned long pages, unsigned long > *mfn, _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
