From: Keir Fraser <keir.fraser@citrix.com>
Date: Tue, 19 Jan 2010 09:40:30 +0000 (+0000)
Subject: xc_domain_save: allocate pfn_err before use
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~12720
X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=7d4ad5a07e7758cd711c828b12c686e52c0fa132;p=xen.git

xc_domain_save: allocate pfn_err before use

Due to recent changes related to xc_map_foreign_bulk, xc_domain_save
segfaults because it tries to use pfn_err without allocating it first.

Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
---

diff --git a/tools/libxc/xc_domain_save.c b/tools/libxc/xc_domain_save.c
index cdaefb7a73..c26330dc9b 100644
--- a/tools/libxc/xc_domain_save.c
+++ b/tools/libxc/xc_domain_save.c
@@ -1273,6 +1273,7 @@ int xc_domain_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
             if ( batch == 0 )
                 goto skip; /* vanishingly unlikely... */
 
+            pfn_err = realloc(pfn_err, sizeof(int) * batch);
             region_base = xc_map_foreign_bulk(
                 xc_handle, dom, PROT_READ, pfn_type, pfn_err, batch);
             if ( region_base == NULL )
@@ -1832,6 +1833,7 @@ int xc_domain_save(int xc_handle, int io_fd, uint32_t dom, uint32_t max_iters,
 
     free(pfn_type);
     free(pfn_batch);
+    free(pfn_err);
     free(to_send);
     free(to_fix);
     free(to_skip);