| Message ID | 1255620661-6810-1-git-send-email-kwolf@redhat.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c index 609eee1..3026678 100644 --- a/block/qcow2-refcount.c +++ b/block/qcow2-refcount.c @@ -182,7 +182,6 @@ static int grow_refcount_table(BlockDriverState *bs, int min_size) qcow2_free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t)); return 0; fail: - qcow2_free_clusters(bs, table_offset, new_table_size2); qemu_free(new_table); return -EIO; }
In case of failure, we haven't increased the refcount for the newly allocated cluster yet. Therefore we must not free the cluster or its refcount will become negative (and endless recursion is possible). Signed-off-by: Kevin Wolf <kwolf@redhat.com> --- block/qcow2-refcount.c | 1 - 1 files changed, 0 insertions(+), 1 deletions(-)