From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1L5hWG-0004A4-4i
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 09:07:00 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1L5hWE-00049V-CH
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 09:06:59 -0500
Received: from [199.232.76.173] (port=58683 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1L5hWB-000497-S8
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 09:06:57 -0500
Received: from qw-out-1920.google.com ([74.125.92.144]:25839)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <rosen@sharevm.com>) id 1L5hWB-0006Cu-ER
	for qemu-devel@nongnu.org; Thu, 27 Nov 2008 09:06:55 -0500
Received: by qw-out-1920.google.com with SMTP id 5so350230qwc.4
	for <qemu-devel@nongnu.org>; Thu, 27 Nov 2008 06:06:53 -0800 (PST)
Message-ID: <dbb96ca80811270606l4688f43dr9850d6b5c4359e37@mail.gmail.com>
Date: Thu, 27 Nov 2008 06:06:53 -0800
From: "Rosen Sharma" <rosen@sharevm.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_45086_31060959.1227794813695"
Subject: [Qemu-devel] possible bug in block-vmdk.c
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

------=_Part_45086_31060959.1227794813695
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

bdrv_delete(s->hd) frees the memory pointed to by s->hd.

vmdk_parent_close accesses the freed memory?

----

static void vmdk_close(BlockDriverState *bs)
{
    BDRVVmdkState *s = bs->opaque;

    qemu_free(s->l1_table);
    qemu_free(s->l2_cache);
    bdrv_delete(s->hd);
    // try to close parent image, if exist
    vmdk_parent_close(s->hd);
}

------=_Part_45086_31060959.1227794813695
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<br>bdrv_delete(s-&gt;hd) frees the memory pointed to by s-&gt;hd. <br><br>vmdk_parent_close accesses the freed memory?<br><br>----<br><br>static void vmdk_close(BlockDriverState *bs)<br>{<br>&nbsp;&nbsp;&nbsp; BDRVVmdkState *s = bs-&gt;opaque;<br>
<br>&nbsp;&nbsp;&nbsp; qemu_free(s-&gt;l1_table);<br>&nbsp;&nbsp;&nbsp; qemu_free(s-&gt;l2_cache);<br>&nbsp;&nbsp;&nbsp; bdrv_delete(s-&gt;hd);<br>&nbsp;&nbsp;&nbsp; // try to close parent image, if exist<br>&nbsp;&nbsp;&nbsp; vmdk_parent_close(s-&gt;hd);<br>}<br>

------=_Part_45086_31060959.1227794813695--