[Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap_list

From:	Josh Durgin
Subject:	[Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap_list
Date:	Tue, 6 Dec 2011 17:05:10 -0800

The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.

Reported-by: Oliver Francke <address@hidden>
Signed-off-by: Josh Durgin <address@hidden>
---
 block/rbd.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 9088c52..54a6961 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -793,55 +793,56 @@ static int qemu_rbd_snap_create(BlockDriverState *bs,
 static int qemu_rbd_snap_list(BlockDriverState *bs,
                               QEMUSnapshotInfo **psn_tab)
 {
     BDRVRBDState *s = bs->opaque;
     QEMUSnapshotInfo *sn_info, *sn_tab = NULL;
     int i, snap_count;
     rbd_snap_info_t *snaps;
     int max_snaps = RBD_MAX_SNAPS;
 
     do {
         snaps = g_malloc(sizeof(*snaps) * max_snaps);
         snap_count = rbd_snap_list(s->image, snaps, &max_snaps);
         if (snap_count < 0) {
             g_free(snaps);
         }
     } while (snap_count == -ERANGE);
 
     if (snap_count <= 0) {
-        return snap_count;
+        goto done;
     }
 
     sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));
 
     for (i = 0; i < snap_count; i++) {
         const char *snap_name = snaps[i].name;
 
         sn_info = sn_tab + i;
         pstrcpy(sn_info->id_str, sizeof(sn_info->id_str), snap_name);
         pstrcpy(sn_info->name, sizeof(sn_info->name), snap_name);
 
         sn_info->vm_state_size = snaps[i].size;
         sn_info->date_sec = 0;
         sn_info->date_nsec = 0;
         sn_info->vm_clock_nsec = 0;
     }
     rbd_snap_list_end(snaps);
 
+ done:
     *psn_tab = sn_tab;
     return snap_count;
 }
 
 static QEMUOptionParameter qemu_rbd_create_options[] = {
     {
      .name = BLOCK_OPT_SIZE,
      .type = OPT_SIZE,
      .help = "Virtual disk size"
     },
     {
      .name = BLOCK_OPT_CLUSTER_SIZE,
      .type = OPT_SIZE,
      .help = "RBD object size"
     },
     {NULL}
 };
 
-- 
1.7.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap_list, Josh Durgin <=
- Re: [Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap_list, Kevin Wolf, 2011/12/07

Prev by Date: [Qemu-devel] x86 mmu emulation in qemu
Next by Date: [Qemu-devel] Power Presentations with Richard La Faber
Previous by thread: [Qemu-devel] x86 mmu emulation in qemu
Next by thread: Re: [Qemu-devel] [PATCH] rbd: always set out parameter in qemu_rbd_snap_list
Index(es):
- Date
- Thread