diff options
| author |   Josh Durgin <josh.durgin@dreamhost.com> | 2011-12-06 17:05:10 -0800 |
|---|---|---|
| committer |   Justin M. Forbes <jforbes@redhat.com> | 2012-01-10 13:37:11 -0600 |
| commit | e47c212cb5af148ab6d9dcf49bc0e054fe9c2e1d (patch) | |
| tree | a94751357402271b08d38a8eaeecff0133b12ddc | |
| parent | 8afe984ef7aa25cb2f8af51da021fdc8a242884d (diff) | |
rbd: always set out parameter in qemu_rbd_snap_list
The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.
Reported-by: Oliver Francke <Oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
| -rw-r--r-- | block/rbd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/block/rbd.c b/block/rbd.c index 9088c52d2..54a696173 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -808,7 +808,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } while (snap_count == -ERANGE); if (snap_count <= 0) { - return snap_count; + goto done; } sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo)); @@ -827,6 +827,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } rbd_snap_list_end(snaps); + done: *psn_tab = sn_tab; return snap_count; } |