From 7d403f5bc7b5f045103f67bededd136ac3461e35 Mon Sep 17 00:00:00 2001
From: Jennifer Herbert <Jennifer.Herbert@citrix.com>
Date: Wed, 1 Jul 2015 17:37:09 +0000
Subject: [PATCH] libxc: Prevent dereferencing NULL pointers returned from
 xc_dom_allocate()

The return from xc_dom_allocate is not checked for a NULL value.
This patch fixes this, causing it to return from the function with an error.

Signed-off-by: Jennifer Herbert <jennifer.herbert@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
---
 tools/libxc/xc_dom_compat_linux.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/libxc/xc_dom_compat_linux.c b/tools/libxc/xc_dom_compat_linux.c
index 2c14a0f44c..617cd96ad1 100644
--- a/tools/libxc/xc_dom_compat_linux.c
+++ b/tools/libxc/xc_dom_compat_linux.c
@@ -91,6 +91,8 @@ int xc_linux_build_mem(xc_interface *xch, uint32_t domid,
 
     xc_dom_loginit(xch);
     dom = xc_dom_allocate(xch, cmdline, features);
+    if (dom == NULL)
+        return -1;
     if ( (rc = xc_dom_kernel_mem(dom, image_buffer, image_size)) != 0 )
         goto out;
     if ( initrd && ((rc = xc_dom_ramdisk_mem(dom, initrd, initrd_len)) != 0) )
@@ -123,6 +125,8 @@ int xc_linux_build(xc_interface *xch, uint32_t domid,
 
     xc_dom_loginit(xch);
     dom = xc_dom_allocate(xch, cmdline, features);
+    if (dom == NULL)
+        return -1;
     if ( (rc = xc_dom_kernel_file(dom, image_name)) != 0 )
         goto out;
     if ( initrd_name && strlen(initrd_name) &&
@@ -146,6 +150,8 @@ int xc_get_bit_size(xc_interface *xch,
     int rc;
     *bit_size = 0;
     dom = xc_dom_allocate(xch, cmdline, features);
+    if (dom == NULL)
+        return -1;
     if ( (rc = xc_dom_kernel_file(dom, image_name)) != 0 )
         goto out;
     if ( (rc = xc_dom_parse_image(dom)) != 0 )
-- 
2.39.5