From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48869)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1VaoL4-0000EM-BG
	for qemu-devel@nongnu.org; Mon, 28 Oct 2013 11:02:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1VaoKy-0003D2-Ql
	for qemu-devel@nongnu.org; Mon, 28 Oct 2013 11:02:42 -0400
Received: from nodalink.pck.nerim.net ([62.212.105.220]:36997
	helo=paradis.irqsave.net) by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <benoit.canet@irqsave.net>) id 1VaoKy-0003Ct-Gj
	for qemu-devel@nongnu.org; Mon, 28 Oct 2013 11:02:36 -0400
Date: Mon, 28 Oct 2013 16:02:32 +0100
From: =?iso-8859-1?Q?Beno=EEt?= Canet <benoit.canet@irqsave.net>
Message-ID: <20131028150232.GD2890@irqsave.net>
References: <1382795083-28591-1-git-send-email-mreitz@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
In-Reply-To: <1382795083-28591-1-git-send-email-mreitz@redhat.com>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] block: Don't copy backing file name on
	error
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Max Reitz <mreitz@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@redhat.com>

Le Saturday 26 Oct 2013 =E0 15:44:43 (+0200), Max Reitz a =E9crit :
> bdrv_open_backing_file() tries to copy the backing file name using
> pstrcpy directly after calling bdrv_open() to open the backing file
> without checking whether that was actually successful. If it was not,
> ps->backing_hd->file will probably be NULL and qemu will crash.
>=20
> Fix this by moving pstrcpy after checking whether bdrv_open() succeeded=
.
>=20
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
>  block.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>=20
> diff --git a/block.c b/block.c
> index 4474012..61795fe 100644
> --- a/block.c
> +++ b/block.c
> @@ -1005,8 +1005,6 @@ int bdrv_open_backing_file(BlockDriverState *bs, =
QDict *options, Error **errp)
>      ret =3D bdrv_open(bs->backing_hd,
>                      *backing_filename ? backing_filename : NULL, optio=
ns,
>                      back_flags, back_drv, &local_err);
> -    pstrcpy(bs->backing_file, sizeof(bs->backing_file),
> -            bs->backing_hd->file->filename);
>      if (ret < 0) {
>          bdrv_unref(bs->backing_hd);
>          bs->backing_hd =3D NULL;
> @@ -1014,6 +1012,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, =
QDict *options, Error **errp)
>          error_propagate(errp, local_err);
>          return ret;
>      }
> +    pstrcpy(bs->backing_file, sizeof(bs->backing_file),
> +            bs->backing_hd->file->filename);
>      return 0;
>  }
> =20
> --=20
> 1.8.4.1
>=20
>=20
Reviewed-by: Benoit Canet <benoit@irqsave.net>