diff mbox

[PATCHv2] libxc: fix segfault on uninitialized xch->fmem

Message ID 20170404124048.9603-1-kirkseraph@gmail.com (mailing list archive)
State New, archived
Headers show

Commit Message

Seraphime Kirkovski April 4, 2017, 12:40 p.m. UTC 
Currently in xc_interface_open, xch->fmem is not initialized
and in some rare case the code fails before ever assigning a value
to it.

I got this in master:

   $ sudo ./xl/xl run
   xencall: error: Could not obtain handle on privileged command interface: No such file or directory
   Segmentation fault

This initializes the whole xch_buff to 0.

Signed-off-by: Seraphime Kirkovski <kirkseraph@gmail.com>
---

 Changes from v1:
   * Initialize the entire struct xc_interface_core to 0

 tools/libxc/xc_private.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Wei Liu April 4, 2017, 12:59 p.m. UTC | #1 
On Tue, Apr 04, 2017 at 02:40:48PM +0200, Seraphime Kirkovski wrote:
> Currently in xc_interface_open, xch->fmem is not initialized
> and in some rare case the code fails before ever assigning a value
> to it.
> 
> I got this in master:
> 
>    $ sudo ./xl/xl run
>    xencall: error: Could not obtain handle on privileged command interface: No such file or directory
>    Segmentation fault
> 
> This initializes the whole xch_buff to 0.
> 
> Signed-off-by: Seraphime Kirkovski <kirkseraph@gmail.com>

Acked-by: Wei Liu <wei.liu2@citrix.com>
Wei Liu April 5, 2017, 3:13 p.m. UTC | #2 
On Tue, Apr 04, 2017 at 01:59:27PM +0100, Wei Liu wrote:
> On Tue, Apr 04, 2017 at 02:40:48PM +0200, Seraphime Kirkovski wrote:
> > Currently in xc_interface_open, xch->fmem is not initialized
> > and in some rare case the code fails before ever assigning a value
> > to it.
> > 
> > I got this in master:
> > 
> >    $ sudo ./xl/xl run
> >    xencall: error: Could not obtain handle on privileged command interface: No such file or directory
> >    Segmentation fault
> > 
> > This initializes the whole xch_buff to 0.
> > 
> > Signed-off-by: Seraphime Kirkovski <kirkseraph@gmail.com>
> 
> Acked-by: Wei Liu <wei.liu2@citrix.com>

Ian, this is a backport candidate.
Ian Jackson April 5, 2017, 3:51 p.m. UTC | #3 
Wei Liu writes ("Re: [PATCHv2] libxc: fix segfault on uninitialized xch->fmem"):
> Ian, this is a backport candidate.

Queued, thanks (until after 4.8.1, given that currently this is in
staging only).

Ian.
diff mbox

Patch

diff --git a/tools/libxc/xc_private.c b/tools/libxc/xc_private.c
index 72e6242417..f395594a8f 100644
--- a/tools/libxc/xc_private.c
+++ b/tools/libxc/xc_private.c
@@ -30,7 +30,7 @@  struct xc_interface_core *xc_interface_open(xentoollog_logger *logger,
                                             xentoollog_logger *dombuild_logger,
                                             unsigned open_flags)
 {
-    struct xc_interface_core xch_buf, *xch = &xch_buf;
+    struct xc_interface_core xch_buf = { 0 }, *xch = &xch_buf;
 
     xch->flags = open_flags;
     xch->dombuild_logger_file = 0;