If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered
or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break
is hit, control goes back to the outer loop processing 'cmd_tokens' and
it's possible that the 'mem_tokens' would be overwritten.
Found by Coverity
Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx>
---
Of course this is what led me down the path of the recently sent virusbmock
patch...
src/libxl/libxl_conf.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c
index 6ce2e0a..f5b788b 100644
--- a/src/libxl/libxl_conf.c
+++ b/src/libxl/libxl_conf.c
@@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg,
goto cleanup;
}
}
+ virStringListFree(mem_tokens);
}
physmem:
--
2.7.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
