On 24/02/2023 1:36 pm, Edwin Török wrote:
> From: Edwin Török
>
> From `man 2 realloc`:
> `If realloc() fails, the original block is left untouched; it is not freed or
> moved.`
>
> Found using GCC -fanalyzer:
> ```
> | 184 | backup->entries = realloc(backup->entries,
> | | ~~
> | | | | |
> | | | | (91) when ‘realloc’ fails
> | | | (92) ‘old_ptes.entries’ leaks here; was
> allocated at (44)
> | | (90) ...to here
> ```
>
> Signed-off-by: Edwin Török
In terms of the fix, Acked-by: Andrew Cooper
, but
> ---
> tools/libs/guest/xg_offline_page.c | 7 +--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/tools/libs/guest/xg_offline_page.c
> b/tools/libs/guest/xg_offline_page.c
> index c594fdba41..a8bcea768b 100644
> --- a/tools/libs/guest/xg_offline_page.c
> +++ b/tools/libs/guest/xg_offline_page.c
> @@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
>
> if (backup->max == backup->cur)
> {
> -backup->entries = realloc(backup->entries,
> +void* orig = backup->entries;
void *orig, and a newline.
> +backup->entries = realloc(orig,
> backup->max * 2 * sizeof(struct
> pte_backup_entry));
> -if (backup->entries == NULL)
> +if (backup->entries == NULL) {
Newline.
Can be fixed on commit.
~Andrew
> +free(orig);
> return -1;
> +}
> else
> backup->max *= 2;
> }
