On 18/02/16 15:36, Harmandeep Kaur wrote: > This is about a Coverity bug (included in the end), which I think is > a false positive. I don't think pagesize can be zero in any case. > pagesize = 1 << (((flags >> TMEM_POOL_PAGESIZE_SHIFT) & > TMEM_POOL_PAGESIZE_MASK) + 12); > > Which means "pagesize > bufsize" will always be true and buf can > not be null in any case if it reaches line 464 (or call may terminate > if realloc(..) returns NULL).
I would agree that given the "1 <<", pagesize will always be larger than 0, and therefore call realloc(). However, every iteration of the "while ( read_exact(io_fd, &pool_id, sizeof(pool_id)) == 0 && pool_id != -1 )" loop leaks buf, as do most of the error paths. This function is currently orphaned code (since Xen 4.6), and in need of some re-development before it can be used again. I wouldn't worry too much about fixing it up. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
