| Message ID | CC0ED444C2C80B429092A9F3715307D9D457069E@H3CMLB12-EX.srv.huawei-3com.com |
|---|---|
| State | New |
| Headers | show |
| Series | HMP: Initialize err before using | expand |
* Zhangjixiang (jixiang_zhang@h3c.com) wrote: > When bdrv_snapshot_delete return fail, the errp will not be > assigned a valid value in error_propagate as errp didn't be > initialized in hmp_delvm, then error_reportf_err will use an > uninitialized value(call by hmp_delvm), and qemu crash. > > Signed-off-by: zhangjixiang <jixiang_zhang@h3c.com> Thanks; it's already noted to go in my next HMP pull. (And this time the mail is the right format, thanks). Dave > --- > hmp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hmp.c b/hmp.c > index 7870d6a300..4a4da004e9 100644 > --- a/hmp.c > +++ b/hmp.c > @@ -1340,7 +1340,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict) > void hmp_delvm(Monitor *mon, const QDict *qdict) > { > BlockDriverState *bs; > - Error *err; > + Error *err = NULL; > const char *name = qdict_get_str(qdict, "name"); > if (bdrv_all_delete_snapshot(name, &bs, &err) < 0) { > -- > 2.11.0 -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
* Zhangjixiang (jixiang_zhang@h3c.com) wrote: > When bdrv_snapshot_delete return fail, the errp will not be > assigned a valid value in error_propagate as errp didn't be > initialized in hmp_delvm, then error_reportf_err will use an > uninitialized value(call by hmp_delvm), and qemu crash. > > Signed-off-by: zhangjixiang <jixiang_zhang@h3c.com> Queued. Note, that even in this version something is corrupting the patch; something has lost the space at the start of the line in the first two lines of the patch; so something is still a bit odd in your mail/patch generation. Dave > --- > hmp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/hmp.c b/hmp.c > index 7870d6a300..4a4da004e9 100644 > --- a/hmp.c > +++ b/hmp.c > @@ -1340,7 +1340,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict) > void hmp_delvm(Monitor *mon, const QDict *qdict) > { > BlockDriverState *bs; > - Error *err; > + Error *err = NULL; > const char *name = qdict_get_str(qdict, "name"); > if (bdrv_all_delete_snapshot(name, &bs, &err) < 0) { > -- > 2.11.0 -- Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
diff --git a/hmp.c b/hmp.c index 7870d6a300..4a4da004e9 100644 --- a/hmp.c +++ b/hmp.c @@ -1340,7 +1340,7 @@ void hmp_savevm(Monitor *mon, const QDict *qdict) void hmp_delvm(Monitor *mon, const QDict *qdict) { BlockDriverState *bs; - Error *err; + Error *err = NULL; const char *name = qdict_get_str(qdict, "name"); if (bdrv_all_delete_snapshot(name, &bs, &err) < 0) { -- 2.11.0
When bdrv_snapshot_delete return fail, the errp will not be assigned a valid value in error_propagate as errp didn't be initialized in hmp_delvm, then error_reportf_err will use an uninitialized value(call by hmp_delvm), and qemu crash. Signed-off-by: zhangjixiang <jixiang_zhang@h3c.com> --- hmp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)