On 27/03/17 10:06, Joshua Otto wrote:
> colo_merge_secondary_dirty_bitmap() unconditionally free()s the .data
> member of its local xc_sr_record structure rec on its exit path.
> However, if the initial call to read_record() fails then this member is
> uninitialised. Initialise it.
>
> Signed-off-by: Joshua Otto <jto...@uwaterloo.ca>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
This bugfix should be taken ASAP, and needs backporting to Xen 4.7 and 4.8
> ---
> tools/libxc/xc_sr_save.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/libxc/xc_sr_save.c b/tools/libxc/xc_sr_save.c
> index ac97d93..6acc8d3 100644
> --- a/tools/libxc/xc_sr_save.c
> +++ b/tools/libxc/xc_sr_save.c
> @@ -681,7 +681,7 @@ static int send_memory_live(struct xc_sr_context *ctx)
> static int colo_merge_secondary_dirty_bitmap(struct xc_sr_context *ctx)
> {
> xc_interface *xch = ctx->xch;
> - struct xc_sr_record rec;
> + struct xc_sr_record rec = { 0, 0, NULL };
> uint64_t *pfns = NULL;
> uint64_t pfn;
> unsigned count, i;
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
