From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 08/14] rbd: always set out parameter in qemu_rbd_snap_list
Date: Thu, 15 Dec 2011 15:09:23 +0100 [thread overview]
Message-ID: <1323958169-8333-9-git-send-email-kwolf@redhat.com> (raw)
In-Reply-To: <1323958169-8333-1-git-send-email-kwolf@redhat.com>
From: Josh Durgin <josh.durgin@dreamhost.com>
The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.
Reported-by: Oliver Francke <Oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block/rbd.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/block/rbd.c b/block/rbd.c
index 312584a..7a2384c 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -805,7 +805,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
} while (snap_count == -ERANGE);
if (snap_count <= 0) {
- return snap_count;
+ goto done;
}
sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));
@@ -824,6 +824,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
}
rbd_snap_list_end(snaps);
+ done:
*psn_tab = sn_tab;
return snap_count;
}
--
1.7.6.4
next prev parent reply other threads:[~2011-12-15 14:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-15 14:09 [Qemu-devel] [PULL 00/14] Block patches Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 01/14] block: bdrv_aio_* do not return NULL Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 02/14] block: simplify failure handling for bdrv_aio_multiwrite Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 03/14] block: qemu_aio_get does not return NULL Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 04/14] dma: the passed io_func " Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 05/14] block: dma_bdrv_* " Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 06/14] block: avoid useless checks on acb->bh Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 07/14] block/qcow2.c: call qcow2_free_snapshots in the function of qcow2_close Kevin Wolf
2011-12-15 14:09 ` Kevin Wolf [this message]
2011-12-15 14:09 ` [Qemu-devel] [PATCH 09/14] qemu-img rebase: Fix for undersized backing files Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 10/14] Documentation: Add qemu-img -t parameter in man page Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 11/14] qcow2: Allow >4 GB VM state Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 12/14] coroutine: switch per-thread free pool to a global pool Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 13/14] block/cow: Return real error code Kevin Wolf
2011-12-15 14:09 ` [Qemu-devel] [PATCH 14/14] qiov: prevent double free or use-after-free Kevin Wolf
2011-12-19 15:44 ` [Qemu-devel] [PULL 00/14] Block patches Anthony Liguori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1323958169-8333-9-git-send-email-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=anthony@codemonkey.ws \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.