From: Joshua Otto <jtotto@uwaterloo.ca>
Date: Mon, 27 Mar 2017 09:06:22 +0000 (-0400)
Subject: libxc/xc_sr_save.c: initialise rec.data before free()
X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2387
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=5c53c93998e370ab3da0b3d1d12e6bc760224d67;p=xen.git

libxc/xc_sr_save.c: initialise rec.data before free()

colo_merge_secondary_dirty_bitmap() unconditionally free()s the .data
member of its local xc_sr_record structure rec on its exit path.
However, if the initial call to read_record() fails then this member is
uninitialised.  Initialise it.

Signed-off-by: Joshua Otto <jtotto@uwaterloo.ca>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
---

diff --git a/tools/libxc/xc_sr_save.c b/tools/libxc/xc_sr_save.c
index f98c8276d4..ca6913b723 100644
--- a/tools/libxc/xc_sr_save.c
+++ b/tools/libxc/xc_sr_save.c
@@ -520,7 +520,7 @@ static int send_memory_live(struct xc_sr_context *ctx)
 static int colo_merge_secondary_dirty_bitmap(struct xc_sr_context *ctx)
 {
     xc_interface *xch = ctx->xch;
-    struct xc_sr_record rec;
+    struct xc_sr_record rec = { 0, 0, NULL };
     uint64_t *pfns = NULL;
     uint64_t pfn;
     unsigned count, i;