On 18/05/15 15:00, Boris Ostrovsky wrote:
> On 05/18/2015 08:57 AM, Andrew Cooper wrote:
>> These changesets cause the respective libxc functions to unconditonally
>> dereference their max_cpus/nodes parameters as part of initial memory
>> allocations.  It will fail at obtaining the correct number of
>> cpus/nodes from
>> Xen, as the guest handles will not be NULL.
>>
>> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
>> CC: Ian Campbell <ian.campb...@citrix.com>
>> CC: Ian Jackson <ian.jack...@eu.citrix.com>
>> CC: Wei Liu <wei.l...@citrix.com>
>> CC: Boris Ostrovsky <boris.ostrov...@oracle.com>
>>
>> ---
>> Spotted by XenServers Coverity run.
>> ---
>>   tools/libxl/libxl.c               |    4 ++--
>>   tools/misc/xenpm.c                |    4 ++--
>>   tools/python/xen/lowlevel/xc/xc.c |    4 ++--
>>   3 files changed, 6 insertions(+), 6 deletions(-)
>
> xenpm bug is already fixed (commit
> b315cd9cce5b6da7ca89b2d7bad3fb01e7716044 n the staging tree).
>
> I am not sure I understand why Coverity complains about other spots.
> For example, in libxl_get_cpu_topology() num_cpus can be left
> uninitialized only if xc_cputopoinfo(ctx->xch, &num_cpus, NULL) fails,
> in which case we go to 'GC_FREE;  return ret;', so it's not ever used.

xc_cputopoinfo(ctx->xch, &num_cpus, NULL) unconditionally dereferences
and reads &num_cpus, and performs a memory allocation based on the result.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

Reply via email to