diff options
author | Josh Durgin <josh.durgin@dreamhost.com> | 2011-12-06 17:05:10 -0800 |
---|---|---|
committer | Kevin Wolf <kwolf@redhat.com> | 2011-12-15 12:40:08 +0100 |
commit | b9c532903fa528891c0eceb34ea40a0c47bfb5db (patch) | |
tree | 783486233cbbc8c03da1e86f275229349380958f /block | |
parent | 28c1202ba63370d44c003fd35257584b1e68de76 (diff) | |
download | qemu-b9c532903fa528891c0eceb34ea40a0c47bfb5db.tar.gz qemu-b9c532903fa528891c0eceb34ea40a0c47bfb5db.tar.bz2 qemu-b9c532903fa528891c0eceb34ea40a0c47bfb5db.zip |
rbd: always set out parameter in qemu_rbd_snap_list
The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.
Reported-by: Oliver Francke <Oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block')
-rw-r--r-- | block/rbd.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/block/rbd.c b/block/rbd.c index 312584a1bb..7a2384c8f9 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -805,7 +805,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } while (snap_count == -ERANGE); if (snap_count <= 0) { - return snap_count; + goto done; } sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo)); @@ -824,6 +824,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs, } rbd_snap_list_end(snaps); + done: *psn_tab = sn_tab; return snap_count; } |