[08/14] rbd: always set out parameter in qemu_rbd_snap_list

Message ID	1323958169-8333-9-git-send-email-kwolf@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Kevin Wolf <kwolf@redhat.com> To: anthony@codemonkey.ws Date: Thu, 15 Dec 2011 15:09:23 +0100 Message-Id: <1323958169-8333-9-git-send-email-kwolf@redhat.com> In-Reply-To: <1323958169-8333-1-git-send-email-kwolf@redhat.com> References: <1323958169-8333-1-git-send-email-kwolf@redhat.com> Cc: kwolf@redhat.com, qemu-devel@nongnu.org Subject: [Qemu-devel] [PATCH 08/14] rbd: always set out parameter in qemu_rbd_snap_list Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1323958169-8333-9-git-send-email-kwolf@redhat.com

State

New

Headers

From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Date: Thu, 15 Dec 2011 15:09:23 +0100
Message-Id: <1323958169-8333-9-git-send-email-kwolf@redhat.com>
In-Reply-To: <1323958169-8333-1-git-send-email-kwolf@redhat.com>
References: <1323958169-8333-1-git-send-email-kwolf@redhat.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PATCH 08/14] rbd: always set out parameter in
	qemu_rbd_snap_list
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Kevin Wolf Dec. 15, 2011, 2:09 p.m. UTC

From: Josh Durgin <josh.durgin@dreamhost.com>

The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.

Reported-by: Oliver Francke <Oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block/rbd.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 312584a..7a2384c 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -805,7 +805,7 @@  static int qemu_rbd_snap_list(BlockDriverState *bs,
     } while (snap_count == -ERANGE);
 
     if (snap_count <= 0) {
-        return snap_count;
+        goto done;
     }
 
     sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));
@@ -824,6 +824,7 @@  static int qemu_rbd_snap_list(BlockDriverState *bs,
     }
     rbd_snap_list_end(snaps);
 
+ done:
     *psn_tab = sn_tab;
     return snap_count;
 }

[08/14] rbd: always set out parameter in qemu_rbd_snap_list

Commit Message

Patch