If either the "if (STRPREFIX(mem_tokens[j], "max:"))" is never entered or the "if (virStrToLong_ull(mem_tokens[j] + 4, &p, 10, maxmem) < 0)" break is hit, control goes back to the outer loop processing 'cmd_tokens' and it's possible that the 'mem_tokens' would be overwritten. Found by Coverity Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; --- Of course this is what led me down the path of the recently sent virusbmock patch... src/libxl/libxl_conf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index 6ce2e0a..f5b788b 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1622,6 +1622,7 @@ libxlDriverGetDom0MaxmemConf(libxlDriverConfigPtr cfg, goto cleanup; } } + virStringListFree(mem_tokens); } physmem: