Tree - rpms/qemu - src.fedoraproject.org

Blob History Raw

		45e84a0	`From e47c212cb5af148ab6d9dcf49bc0e054fe9c2e1d Mon Sep 17 00:00:00 2001`
		45e84a0	`From: Josh Durgin <josh.durgin@dreamhost.com>`
		45e84a0	`Date: Tue, 6 Dec 2011 17:05:10 -0800`
		45e84a0	`Subject: [PATCH 25/25] rbd: always set out parameter in qemu_rbd_snap_list`
		45e84a0
		45e84a0	`The caller expects psn_tab to be NULL when there are no snapshots or`
		45e84a0	`an error occurs. This results in calling g_free on an invalid address.`
		45e84a0
		45e84a0	`Reported-by: Oliver Francke <Oliver@filoo.de>`
		45e84a0	`Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>`
		45e84a0	`Signed-off-by: Kevin Wolf <kwolf@redhat.com>`
		45e84a0	`---`
		45e84a0	`block/rbd.c \| 3 ++-`
		45e84a0	`1 files changed, 2 insertions(+), 1 deletions(-)`
		45e84a0
		45e84a0	`diff --git a/block/rbd.c b/block/rbd.c`
		45e84a0	`index 9088c52..54a6961 100644`
		45e84a0	`--- a/block/rbd.c`
		45e84a0	`+++ b/block/rbd.c`
		45e84a0	`@@ -808,7 +808,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,`
		45e84a0	`} while (snap_count == -ERANGE);`
		45e84a0
		45e84a0	`if (snap_count <= 0) {`
		45e84a0	`- return snap_count;`
		45e84a0	`+ goto done;`
		45e84a0	`}`
		45e84a0
		45e84a0	`sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));`
		45e84a0	`@@ -827,6 +827,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,`
		45e84a0	`}`
		45e84a0	`rbd_snap_list_end(snaps);`
		45e84a0
		45e84a0	`+ done:`
		45e84a0	`*psn_tab = sn_tab;`
		45e84a0	`return snap_count;`
		45e84a0	`}`
		45e84a0	`--`
		45e84a0	`1.7.7.5`
		45e84a0