1. Patchew
  2. Xen
  3. [PATCH for-4.21 0/6] tools/{lib,}xl: Coverity falllout from the json-c switch
  4. View patch

[PATCH for-4.21 2/6] tools/libxl: avoid freeing stack rubble in libxl__json_object_to_json()

Roger Pau Monne posted 6 patches 2 weeks, 1 day ago
[PATCH for-4.21 2/6] tools/libxl: avoid freeing stack rubble in libxl__json_object_to_json()
Posted by Roger Pau Monne 2 weeks, 1 day ago 
It's possible for libxl__json_object_to_json_object() to not set the passed
jso_out parameter, hence initialize it in libxl__json_object_to_json() to
avoid freeing an uninitialized pointer in case of failure.

Reported by XenServer internal Coverity instance.

Fixes: 75fa670e582c ("libxl: Convert libxl__json_object_to_json() to json_object")
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 tools/libs/light/libxl_json.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/libs/light/libxl_json.c b/tools/libs/light/libxl_json.c
index a9e06b06932d..b01d86363550 100644
--- a/tools/libs/light/libxl_json.c
+++ b/tools/libs/light/libxl_json.c
@@ -1533,7 +1533,7 @@ char *libxl__json_object_to_json(libxl__gc *gc,
 {
 #ifdef HAVE_LIBJSONC
     const char *buf;
-    json_object *root;
+    json_object *root = NULL;
     char *ret = NULL;
     int rc;
 
-- 
2.51.0
Re: [PATCH for-4.21 2/6] tools/libxl: avoid freeing stack rubble in libxl__json_object_to_json()
Posted by Jason Andryuk 2 weeks, 1 day ago 
On 2025-10-15 09:40, Roger Pau Monne wrote:
> It's possible for libxl__json_object_to_json_object() to not set the passed
> jso_out parameter, hence initialize it in libxl__json_object_to_json() to
> avoid freeing an uninitialized pointer in case of failure.
> 
> Reported by XenServer internal Coverity instance.
> 
> Fixes: 75fa670e582c ("libxl: Convert libxl__json_object_to_json() to json_object")
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>

Reviewed-by: Jason Andryuk <jason.andryuk@amd.com>

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.