From 702ef63f3e0ba569727a8e01db0ef2c7cbff36e9 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 27 Nov 2009 17:35:55 +0100
Subject: [PATCH] qcow2: Fix some more qemu_malloc fallout

Oh joy...

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
 block/qcow2-refcount.c | 22 +++++++++++++++-------
 block/qcow2-snapshot.c |  7 ++++++-
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 30266786df..54b19f86dd 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -513,7 +513,11 @@ int qcow2_update_snapshot_refcount(BlockDriverState *bs,
     l1_size2 = l1_size * sizeof(uint64_t);
     l1_allocated = 0;
     if (l1_table_offset != s->l1_table_offset) {
-        l1_table = qemu_mallocz(align_offset(l1_size2, 512));
+        if (l1_size2 != 0) {
+            l1_table = qemu_mallocz(align_offset(l1_size2, 512));
+        } else {
+            l1_table = NULL;
+        }
         l1_allocated = 1;
         if (bdrv_pread(s->hd, l1_table_offset,
                        l1_table, l1_size2) != l1_size2)
@@ -769,12 +773,16 @@ static int check_refcounts_l1(BlockDriverState *bs,
                   l1_table_offset, l1_size2);
 
     /* Read L1 table entries from disk */
-    l1_table = qemu_malloc(l1_size2);
-    if (bdrv_pread(s->hd, l1_table_offset,
-                   l1_table, l1_size2) != l1_size2)
-        goto fail;
-    for(i = 0;i < l1_size; i++)
-        be64_to_cpus(&l1_table[i]);
+    if (l1_size2 == 0) {
+        l1_table = NULL;
+    } else {
+        l1_table = qemu_malloc(l1_size2);
+        if (bdrv_pread(s->hd, l1_table_offset,
+                       l1_table, l1_size2) != l1_size2)
+            goto fail;
+        for(i = 0;i < l1_size; i++)
+            be64_to_cpus(&l1_table[i]);
+    }
 
     /* Do the actual checks */
     for(i = 0; i < l1_size; i++) {
diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index 94cb838064..d63c7e17d8 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -266,7 +266,12 @@ int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
     sn->l1_table_offset = qcow2_alloc_clusters(bs, s->l1_size * sizeof(uint64_t));
     sn->l1_size = s->l1_size;
 
-    l1_table = qemu_malloc(s->l1_size * sizeof(uint64_t));
+    if (s->l1_size != 0) {
+        l1_table = qemu_malloc(s->l1_size * sizeof(uint64_t));
+    } else {
+        l1_table = NULL;
+    }
+
     for(i = 0; i < s->l1_size; i++) {
         l1_table[i] = cpu_to_be64(s->l1_table[i]);
     }