From e47c212cb5af148ab6d9dcf49bc0e054fe9c2e1d Mon Sep 17 00:00:00 2001 From: Josh Durgin Date: Tue, 6 Dec 2011 17:05:10 -0800 Subject: [PATCH 25/25] rbd: always set out parameter in qemu_rbd_snap_list The caller expects psn_tab to be NULL when there are no snapshots or an error occurs. This results in calling g_free on an invalid address. Reported-by: Oliver Francke Signed-off-by: Josh Durgin Signed-off-by: Kevin Wolf --- block/rbd.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/block/rbd.c b/block/rbd.c index 9088c52..54a6961 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -808,7 +808,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } while (snap_count == -ERANGE); if (snap_count <= 0) { - return snap_count; + goto done; } sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo)); @@ -827,6 +827,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } rbd_snap_list_end(snaps); + done: *psn_tab = sn_tab; return snap_count; } -- 1.7.7.5