1. Patchew
  2. Xen
  3. [PATCH 0/3] mini-os: fix several double frees and memory leaks
  4. View patch

[PATCH 2/3] mini-os: fix double free() in xenbus

Juergen Gross posted 3 patches 5 years, 10 months ago
[PATCH 2/3] mini-os: fix double free() in xenbus
Posted by Juergen Gross 5 years, 10 months ago 
Commit 973ad0c4de1b48 ("Save/Restore Support: Add suspend/restore
support for xenbus") introduced a double free of some memory and leaked
another memory allocation.

Fix those.

Coverity-ID: 1433640
Fixes: 973ad0c4de1b48 ("Save/Restore Support: Add suspend/restore support for xenbus")
Signed-off-by: Juergen Gross <jgross@suse.com>
---
 xenbus/xenbus.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xenbus/xenbus.c b/xenbus/xenbus.c
index d72dc3a..b12cef7 100644
--- a/xenbus/xenbus.c
+++ b/xenbus/xenbus.c
@@ -413,9 +413,11 @@ void resume_xenbus(int canceled)
 
             rep = xenbus_msg_reply(XS_WATCH, XBT_NIL, req, ARRAY_SIZE(req));
             msg = errmsg(rep);
-            if (msg)
+            if (msg) {
                 xprintk("error on XS_WATCH: %s\n", msg);
-            free(rep);
+                free(msg);
+            } else
+                free(rep);
         }
     }
 
-- 
2.16.4
Re: [PATCH 2/3] mini-os: fix double free() in xenbus
Posted by Samuel Thibault 5 years, 10 months ago 
Juergen Gross, le jeu. 09 avril 2020 16:12:39 +0200, a ecrit:
> Commit 973ad0c4de1b48 ("Save/Restore Support: Add suspend/restore
> support for xenbus") introduced a double free of some memory and leaked
> another memory allocation.
> 
> Fix those.
> 
> Coverity-ID: 1433640
> Fixes: 973ad0c4de1b48 ("Save/Restore Support: Add suspend/restore support for xenbus")
> Signed-off-by: Juergen Gross <jgross@suse.com>

Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>

> ---
>  xenbus/xenbus.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/xenbus/xenbus.c b/xenbus/xenbus.c
> index d72dc3a..b12cef7 100644
> --- a/xenbus/xenbus.c
> +++ b/xenbus/xenbus.c
> @@ -413,9 +413,11 @@ void resume_xenbus(int canceled)
>  
>              rep = xenbus_msg_reply(XS_WATCH, XBT_NIL, req, ARRAY_SIZE(req));
>              msg = errmsg(rep);
> -            if (msg)
> +            if (msg) {
>                  xprintk("error on XS_WATCH: %s\n", msg);
> -            free(rep);
> +                free(msg);
> +            } else
> +                free(rep);
>          }
>      }
>  
> -- 
> 2.16.4
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.