rbd: always set out parameter in qemu_rbd_snap_list
The caller expects psn_tab to be NULL when there are no snapshots or an error occurs. This results in calling g_free on an invalid address. Reported-by: Oliver Francke <Oliver@filoo.de> Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This commit is contained in:
parent
28c1202ba6
commit
b9c532903f
@ -805,7 +805,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
|
||||
} while (snap_count == -ERANGE);
|
||||
|
||||
if (snap_count <= 0) {
|
||||
return snap_count;
|
||||
goto done;
|
||||
}
|
||||
|
||||
sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));
|
||||
@ -824,6 +824,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
|
||||
}
|
||||
rbd_snap_list_end(snaps);
|
||||
|
||||
done:
|
||||
*psn_tab = sn_tab;
|
||||
return snap_count;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user