From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51686) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W6SRE-0004D0-Nh for qemu-devel@nongnu.org; Thu, 23 Jan 2014 17:07:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W6SRA-0008AF-85 for qemu-devel@nongnu.org; Thu, 23 Jan 2014 17:07:52 -0500 Received: from mx1.redhat.com ([209.132.183.28]:41101) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W6SR9-0008A7-VW for qemu-devel@nongnu.org; Thu, 23 Jan 2014 17:07:48 -0500 Message-ID: <52E192B0.1030804@redhat.com> Date: Thu, 23 Jan 2014 15:07:44 -0700 From: Eric Blake MIME-Version: 1.0 References: <20140123220014.GC22578@irqsave.net> In-Reply-To: <20140123220014.GC22578@irqsave.net> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="5GaecC4tIdwCeUMvlFJ2L0lhvTfGhgbdX" Subject: Re: [Qemu-devel] [PATCH v3 1/3] block: resize backing file image during offline commit, if necessary List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: =?UTF-8?B?QmVub8OudCBDYW5ldA==?= , Jeff Cody Cc: kwolf@redhat.com, famz@redhat.com, qemu-devel@nongnu.org, stefanha@redhat.com This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --5GaecC4tIdwCeUMvlFJ2L0lhvTfGhgbdX Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 01/23/2014 03:00 PM, Beno=C3=AEt Canet wrote: > Le Thursday 23 Jan 2014 =C3=A0 16:48:55 (-0500), Jeff Cody a =C3=A9crit= : >> Currently, if an image file is logically larger than its backing file,= >> commiting it via 'qemu-img commit' will fail. s/commiting/committing/ >> + uint8_t *buf =3D NULL; >=20 > Why assign NULL to buf ? Is it related to the rest of the patch ? >=20 > Reviewed-by: Benoit Canet >=20 >> char filename[PATH_MAX]; >> =20 >> if (!drv) >> @@ -1904,7 +1904,24 @@ int bdrv_commit(BlockDriverState *bs) >> } >> } >> =20 >> - total_sectors =3D bdrv_getlength(bs) >> BDRV_SECTOR_BITS; >> + length =3D bdrv_getlength(bs); >> + backing_length =3D bdrv_getlength(bs->backing_hd); >> + >> + if (length < 0 || backing_length < 0) { >> + goto ro_cleanup; Because this goto now reaches the ro_cleanup label with buf uninitialized, if we don't assign NULL originally. >> + total_sectors =3D length >> BDRV_SECTOR_BITS; >> buf =3D g_malloc(COMMIT_BUF_SECTORS * BDRV_SECTOR_SIZE); The old code only ever reached ro_cleanup after assigning buf, and ro_cleanup blindly frees buf. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --5GaecC4tIdwCeUMvlFJ2L0lhvTfGhgbdX Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJS4ZKwAAoJEKeha0olJ0NqzZwIAJQG7XgWWffVLCVmIHzA8web R7SoZqfvOjZ7xAtErkCnF1ChtGnCVCcg5ljAY0ka0gbH2toG8RReuQidPZArViQj Fg6nMnppKRMsm/DJ4aXOSb/TVn8WKoIXQqH3wPslk7NGKFpuyihdgJjEAuRBy6HF SRp5KgQc51OQSdjCbdFclrnZA/6t/ogCfbG8NDhBFzICgjdJSwLxLWcCS+cWJC7J OEaj8W0dnbBj2oIBbtX3o+CbrK/mC0VOal90+8XTAjW6odQnW2kYppgfugXEUBgh 5sMzSUQt/F5VJpPMEeXCZisAOv5fiKKXXSgd6yrRVwGbAYuLjbtjK+2WDg3VTKg= =iuTJ -----END PGP SIGNATURE----- --5GaecC4tIdwCeUMvlFJ2L0lhvTfGhgbdX--