fix memory leaks reported by GCC -fanalyzer

[PATCH v1 2/2] backup_ptes: fix leak on realloc failure

Posted by Edwin Török 2 years, 11 months ago

From: Edwin Török <edwin.torok@cloud.com>

From `man 2 realloc`:
`If realloc() fails, the original block is left untouched; it is not freed or moved.`

Found using GCC -fanalyzer:
```
|  184 |         backup->entries = realloc(backup->entries,
|      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|      |         |               | |
|      |         |               | (91) when ‘realloc’ fails
|      |         |               (92) ‘old_ptes.entries’ leaks here; was allocated at (44)
|      |         (90) ...to here
```

Signed-off-by: Edwin Török <edwin.torok@cloud.com>
---
 tools/libs/guest/xg_offline_page.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c
index c594fdba41..a8bcea768b 100644
--- a/tools/libs/guest/xg_offline_page.c
+++ b/tools/libs/guest/xg_offline_page.c
@@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
 
     if (backup->max == backup->cur)
     {
-        backup->entries = realloc(backup->entries,
+        void* orig = backup->entries;
+        backup->entries = realloc(orig,
                             backup->max * 2 * sizeof(struct pte_backup_entry));
-        if (backup->entries == NULL)
+        if (backup->entries == NULL) {
+            free(orig);
             return -1;
+        }
         else
             backup->max *= 2;
     }
-- 
2.39.1

Re: [PATCH v1 2/2] backup_ptes: fix leak on realloc failure

Posted by Andrew Cooper 2 years, 11 months ago

On 24/02/2023 1:36 pm, Edwin Török wrote:
> From: Edwin Török <edwin.torok@cloud.com>
>
> From `man 2 realloc`:
> `If realloc() fails, the original block is left untouched; it is not freed or moved.`
>
> Found using GCC -fanalyzer:
> ```
> |  184 |         backup->entries = realloc(backup->entries,
> |      |         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> |      |         |               | |
> |      |         |               | (91) when ‘realloc’ fails
> |      |         |               (92) ‘old_ptes.entries’ leaks here; was allocated at (44)
> |      |         (90) ...to here
> ```
>
> Signed-off-by: Edwin Török <edwin.torok@cloud.com>

In terms of the fix, Acked-by: Andrew Cooper
<andrew.cooper3@citrix.com>, but

> ---
>  tools/libs/guest/xg_offline_page.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c
> index c594fdba41..a8bcea768b 100644
> --- a/tools/libs/guest/xg_offline_page.c
> +++ b/tools/libs/guest/xg_offline_page.c
> @@ -181,10 +181,13 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset,
>  
>      if (backup->max == backup->cur)
>      {
> -        backup->entries = realloc(backup->entries,
> +        void* orig = backup->entries;

void *orig, and a newline.

> +        backup->entries = realloc(orig,
>                              backup->max * 2 * sizeof(struct pte_backup_entry));
> -        if (backup->entries == NULL)
> +        if (backup->entries == NULL) {

Newline.

Can be fixed on commit.

~Andrew

> +            free(orig);
>              return -1;
> +        }
>          else
>              backup->max *= 2;
>      }

[PATCH v1 1/2] xc_core_arch_map_p2m_tree_rw: fix memory leak
[PATCH v1 2/2] backup_ptes: fix leak on realloc failure