libxl__xs_directory() can potentially return NULL without setting `n`. As `n` isn't initialised, we need to check libxl__xs_directory() return value before checking `n`. Otherwise, `n` might be non-zero with `bdfs` NULL which would lead to a segv.
Reported-by: "G.R." <[email protected]> Fixes: 57bff091f4 ("libxl: add 'name' field to 'libxl_device_pci' in the IDL...") Signed-off-by: Anthony PERARD <[email protected]> --- Hi G.R., you've reported a segv in name2bdf(), and that the only potential segv I've found. I hope it's the same one as you've experienced! --- tools/libs/light/libxl_pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/libs/light/libxl_pci.c b/tools/libs/light/libxl_pci.c index 96f88795b6..f4c4f17545 100644 --- a/tools/libs/light/libxl_pci.c +++ b/tools/libs/light/libxl_pci.c @@ -859,7 +859,7 @@ static int name2bdf(libxl__gc *gc, libxl_device_pci *pci) int rc = ERROR_NOTFOUND; bdfs = libxl__xs_directory(gc, XBT_NULL, PCI_INFO_PATH, &n); - if (!n) + if (!bdfs || !n) goto out; for (i = 0; i < n; i++) { -- Anthony PERARD
