| Message ID | 20230419100633.13047-1-olaf@aepfle.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v1] tools/libs/guest: assist gcc13's realloc analyzer | expand |
On 19.04.23 12:06, Olaf Hering wrote: > gcc13 fails to track the allocated memory in backup_ptes: > > xg_offline_page.c: In function 'backup_ptes': > xg_offline_page.c:191:13: error: pointer 'orig' may be used after 'realloc' [-Werror=use-after-free] > 191 | free(orig); > > Assist the analyzer by slightly rearranging the code: > In case realloc succeeds, the previous allocation is either extended > or released internally. In case realloc fails, the previous allocation > is left unchanged. Return an error in this case, the caller will > release the currently allocated memory in its error path. > > http://bugzilla.suse.com/show_bug.cgi?id=1210570 > > Signed-off-by: Olaf Hering <olaf@aepfle.de> Reviewed-by: Juergen Gross <jgross@suse.com> Juergen
On Wed, Apr 19, 2023 at 8:55 AM Juergen Gross <jgross@suse.com> wrote: > > On 19.04.23 12:06, Olaf Hering wrote: > > gcc13 fails to track the allocated memory in backup_ptes: > > > > xg_offline_page.c: In function 'backup_ptes': > > xg_offline_page.c:191:13: error: pointer 'orig' may be used after 'realloc' [-Werror=use-after-free] > > 191 | free(orig); > > > > Assist the analyzer by slightly rearranging the code: > > In case realloc succeeds, the previous allocation is either extended > > or released internally. In case realloc fails, the previous allocation > > is left unchanged. Return an error in this case, the caller will > > release the currently allocated memory in its error path. > > > > http://bugzilla.suse.com/show_bug.cgi?id=1210570 > > > > Signed-off-by: Olaf Hering <olaf@aepfle.de> > > Reviewed-by: Juergen Gross <jgross@suse.com> Compile-tested-by: Jason Andryuk <jandryuk@gmail.com> Needed to build on Fedora 38. Thanks, Jason
diff --git a/tools/libs/guest/xg_offline_page.c b/tools/libs/guest/xg_offline_page.c index ccd0299f0f..8f0a252417 100644 --- a/tools/libs/guest/xg_offline_page.c +++ b/tools/libs/guest/xg_offline_page.c @@ -181,18 +181,14 @@ static int backup_ptes(xen_pfn_t table_mfn, int offset, if (backup->max == backup->cur) { - void *orig = backup->entries; + void *entries = realloc(backup->entries, backup->max * 2 * + sizeof(struct pte_backup_entry)); - backup->entries = realloc( - orig, backup->max * 2 * sizeof(struct pte_backup_entry)); - - if (backup->entries == NULL) - { - free(orig); + if (entries == NULL) return -1; - } - else - backup->max *= 2; + + backup->entries = entries; + backup->max *= 2; } backup->entries[backup->cur].table_mfn = table_mfn;
gcc13 fails to track the allocated memory in backup_ptes: xg_offline_page.c: In function 'backup_ptes': xg_offline_page.c:191:13: error: pointer 'orig' may be used after 'realloc' [-Werror=use-after-free] 191 | free(orig); Assist the analyzer by slightly rearranging the code: In case realloc succeeds, the previous allocation is either extended or released internally. In case realloc fails, the previous allocation is left unchanged. Return an error in this case, the caller will release the currently allocated memory in its error path. http://bugzilla.suse.com/show_bug.cgi?id=1210570 Signed-off-by: Olaf Hering <olaf@aepfle.de> --- tools/libs/guest/xg_offline_page.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-)