[PULL,11/30] block: Don't copy backing file name on error

Message ID	1383234524-372-12-git-send-email-kwolf@redhat.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> From: Kevin Wolf <kwolf@redhat.com> To: anthony@codemonkey.ws Date: Thu, 31 Oct 2013 16:48:25 +0100 Message-Id: <1383234524-372-12-git-send-email-kwolf@redhat.com> In-Reply-To: <1383234524-372-1-git-send-email-kwolf@redhat.com> References: <1383234524-372-1-git-send-email-kwolf@redhat.com> Cc: kwolf@redhat.com, qemu-devel@nongnu.org Subject: [Qemu-devel] [PULL 11/30] block: Don't copy backing file name on error Precedence: list Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

1383234524-372-12-git-send-email-kwolf@redhat.com

State

New

Headers

From: Kevin Wolf <kwolf@redhat.com>
To: anthony@codemonkey.ws
Date: Thu, 31 Oct 2013 16:48:25 +0100
Message-Id: <1383234524-372-12-git-send-email-kwolf@redhat.com>
In-Reply-To: <1383234524-372-1-git-send-email-kwolf@redhat.com>
References: <1383234524-372-1-git-send-email-kwolf@redhat.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 11/30] block: Don't copy backing file name on
	error
Precedence: list
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Kevin Wolf Oct. 31, 2013, 3:48 p.m. UTC

From: Max Reitz <mreitz@redhat.com>

bdrv_open_backing_file() tries to copy the backing file name using
pstrcpy directly after calling bdrv_open() to open the backing file
without checking whether that was actually successful. If it was not,
ps->backing_hd->file will probably be NULL and qemu will crash.

Fix this by moving pstrcpy after checking whether bdrv_open() succeeded.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Amos Kong <kongjianjun@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 block.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/block.c b/block.c
index fd05a80..366999b 100644
--- a/block.c
+++ b/block.c
@@ -1004,8 +1004,6 @@  int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
     ret = bdrv_open(bs->backing_hd,
                     *backing_filename ? backing_filename : NULL, options,
                     back_flags, back_drv, &local_err);
-    pstrcpy(bs->backing_file, sizeof(bs->backing_file),
-            bs->backing_hd->file->filename);
     if (ret < 0) {
         bdrv_unref(bs->backing_hd);
         bs->backing_hd = NULL;
@@ -1013,6 +1011,8 @@  int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp)
         error_propagate(errp, local_err);
         return ret;
     }
+    pstrcpy(bs->backing_file, sizeof(bs->backing_file),
+            bs->backing_hd->file->filename);
     return 0;
 }

[PULL,11/30] block: Don't copy backing file name on error

Commit Message

Patch