On Sun, May 01, 2016 at 02:34:18PM +0100, George Dunlap wrote: [...] > > + name = malloc(sizeof(*name) * XEN_XSPLICE_NAME_SIZE * MAX_LEN); [...] > > + /* The memset is done to catch errors. */ > > + memset(info, 'A', sizeof(*info) * MAX_LEN); > > + memset(name, 'B', sizeof(*name * MAX_LEN * XEN_XSPLICE_NAME_SIZE)); > > Did you mean to put the "* MAX_LEN * XEN_XSPLICE_NAME_SIZE" inside the > sizeof()? Coverity thinks it's "suspicious", and I do to. :-) >
This is a bug. I've got a patch ready. Wei. > -George _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
