From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Wed, 18 Jun 2014 18:04:14 +0000 (+0100)
Subject: tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()
X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~4801
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ddb4aa5dfa13781e8f31ba20923c14c1a083ce83;p=xen.git

tools/libxl: Fix free() of wild pointer in libxl__initiate_device_remove()

libxl__initiate_device_remove() had a preexisting error path issue where
libxl_dominfo_dispose() could be called on a libxl_dominfo object before it
had been initialised with libxl_dominfo_init().

This was safe until c/s ab44401 added the pointer ssid_label, which point
libxl_dominfo_dispose() free()s.

Unconditionally initialise info in libxl__initiate_device_remove() before
taking an error path which will free it.

Coverity-ID: 1223212
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Wei Liu <wei.liu2@citrix.com>
CC: Ian Campbell <Ian.Campbell@citrix.com>
CC: Ian Jackson <Ian.Jackson@eu.citrix.com>
---

diff --git a/tools/libxl/libxl_device.c b/tools/libxl/libxl_device.c
index 90ae564ffb..788895b9b2 100644
--- a/tools/libxl/libxl_device.c
+++ b/tools/libxl/libxl_device.c
@@ -772,6 +772,8 @@ void libxl__initiate_device_remove(libxl__egc *egc,
     uint32_t my_domid, domid = aodev->dev->domid;
     int rc = 0;
 
+    libxl_dominfo_init(&info);
+
     rc = libxl__get_domid(gc, &my_domid);
     if (rc) {
         LOG(ERROR, "unable to get my domid");
@@ -779,7 +781,6 @@ void libxl__initiate_device_remove(libxl__egc *egc,
     }
 
     if (my_domid == LIBXL_TOOLSTACK_DOMID) {
-        libxl_dominfo_init(&info);
         rc = libxl_domain_info(CTX, &info, domid);
         if (rc) {
             LOG(ERROR, "unable to get info for domain %d", domid);