From: Ian Jackson Date: Thu, 18 Apr 2013 15:27:46 +0000 (+0100) Subject: libxl: Avoid realloc(,0) when libxl__xs_directory returns empty list X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5977 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=48249a140379b6a66cd32438c344a57fa21e00ed;p=xen.git libxl: Avoid realloc(,0) when libxl__xs_directory returns empty list If the named path is a leaf node, libxl__xs_directory can succeed, returning non-null, but set *nb to 0. In three places in libxl this may result in a zero size argument being passed to malloc() or realloc(), which is not adviseable. Signed-off-by: Ian Jackson Acked-by: Roger Pau Monné Acked-by: Ian Campbell --- diff --git a/tools/libxl/libxl.c b/tools/libxl/libxl.c index 9e623c8e8e..0de11122b0 100644 --- a/tools/libxl/libxl.c +++ b/tools/libxl/libxl.c @@ -1864,7 +1864,7 @@ libxl_device_vtpm *libxl_device_vtpm_list(libxl_ctx *ctx, uint32_t domid, int *n fe_path = libxl__sprintf(gc, "%s/device/vtpm", libxl__xs_get_dompath(gc, domid)); dir = libxl__xs_directory(gc, XBT_NULL, fe_path, &ndirs); - if(dir) { + if (dir && ndirs) { vtpms = malloc(sizeof(*vtpms) * ndirs); libxl_device_vtpm* vtpm; libxl_device_vtpm* end = vtpms + ndirs; @@ -2371,7 +2371,7 @@ static int libxl__append_disk_list_of_type(libxl__gc *gc, be_path = libxl__sprintf(gc, "%s/backend/%s/%d", libxl__xs_get_dompath(gc, 0), type, domid); dir = libxl__xs_directory(gc, XBT_NULL, be_path, &n); - if (dir) { + if (dir && n) { libxl_device_disk *tmp; tmp = realloc(*disks, sizeof (libxl_device_disk) * (*ndisks + n)); if (tmp == NULL) @@ -3060,7 +3060,7 @@ static int libxl__append_nic_list_of_type(libxl__gc *gc, be_path = libxl__sprintf(gc, "%s/backend/%s/%d", libxl__xs_get_dompath(gc, 0), type, domid); dir = libxl__xs_directory(gc, XBT_NULL, be_path, &n); - if (dir) { + if (dir && n) { libxl_device_nic *tmp; tmp = realloc(*nics, sizeof (libxl_device_nic) * (*nnics + n)); if (tmp == NULL)