From nobody Fri Apr 26 10:28:59 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.24
 as permitted sender) client-ip=209.132.183.24;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx3-phx2.redhat.com;
Authentication-Results: mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.24 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx3-phx2.redhat.com (mx3-phx2.redhat.com [209.132.183.24]) by
 mx.zohomail.com
	with SMTPS id 1486732175812199.39752958492988;
 Fri, 10 Feb 2017 05:09:35 -0800 (PST)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by mx3-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v1AD6PQl017624;
	Fri, 10 Feb 2017 08:06:25 -0500
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v1AD6Okr025511 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 10 Feb 2017 08:06:24 -0500
Received: from localhost.localdomain.com (ovpn-116-36.phx2.redhat.com
	[10.3.116.36])
	by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP
	id v1AD6N4k003504
	for <libvir-list@redhat.com>; Fri, 10 Feb 2017 08:06:23 -0500
From: John Ferlan <jferlan@redhat.com>
To: libvir-list@redhat.com
Date: Fri, 10 Feb 2017 08:06:20 -0500
Message-Id: <1486731980-12133-1-git-send-email-jferlan@redhat.com>
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH] libxl: Resolve possible resource leak in dom0
	maximum memory setting
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
is hit, control goes back to the outer loop processing 'cmd_tokens' and
it's possible that the 'mem_tokens' would be overwritten.

Found by Coverity

Signed-off-by: John Ferlan <jferlan@redhat.com>
---

 Of course this is what led me down the path of the recently sent virusbmock
patch...

 src/libxl/libxl_conf.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 6ce2e0a..f5b788b 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
                 goto cleanup;
             }
         }
+        virStringListFree(mem_tokens);
     }
=20
  physmem:
--=20
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list