From: Keir Fraser <keir.fraser@citrix.com>
Date: Wed, 3 Dec 2008 15:54:24 +0000 (+0000)
Subject: Fix the HVM save hypercall to avoid freeing an uninitalised pointer.
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~14040^2~4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0a59d0d01a0bf58402226f09ebbd913fd5b279ef;p=xen.git

Fix the HVM save hypercall to avoid freeing an uninitalised pointer.

Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
---

diff --git a/xen/arch/x86/domctl.c b/xen/arch/x86/domctl.c
index 7531cfddff..060435e193 100644
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -326,13 +326,9 @@ long arch_do_domctl(
 
     case XEN_DOMCTL_sethvmcontext:
     { 
-        struct hvm_domain_context c;
-        struct domain             *d;
+        struct hvm_domain_context c = { .size = domctl->u.hvmcontext.size };
+        struct domain *d;
 
-        c.cur = 0;
-        c.size = domctl->u.hvmcontext.size;
-        c.data = NULL;
-        
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
             break;
@@ -367,8 +363,8 @@ long arch_do_domctl(
 
     case XEN_DOMCTL_gethvmcontext:
     { 
-        struct hvm_domain_context c;
-        struct domain             *d;
+        struct hvm_domain_context c = { 0 };
+        struct domain *d;
 
         ret = -ESRCH;
         if ( (d = rcu_lock_domain_by_id(domctl->domain)) == NULL )
@@ -382,9 +378,7 @@ long arch_do_domctl(
         if ( !is_hvm_domain(d) ) 
             goto gethvmcontext_out;
 
-        c.cur = 0;
         c.size = hvm_save_size(d);
-        c.data = NULL;
 
         if ( guest_handle_is_null(domctl->u.hvmcontext.buffer) )
         {