diff mbox

[V3,1/7] qcow2: restore nb_snapshots when fail in snapshot creation

Message ID 1378695482-29805-2-git-send-email-xiawenc@linux.vnet.ibm.com
State New
Headers show

Commit Message

Wayne Xia Sept. 9, 2013, 2:57 a.m. UTC 
If it is not restored after qcow2_write_snapshots() fail, a core
dump will happen in bdrv_close() since access of invalid pointer.

Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
---
 block/qcow2-snapshot.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

Comments

Eric Blake Sept. 30, 2013, 5:20 p.m. UTC | #1 
On 09/08/2013 08:57 PM, Wenchao Xia wrote:
> If it is not restored after qcow2_write_snapshots() fail, a core
> dump will happen in bdrv_close() since access of invalid pointer.
> 
> Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
> ---
>  block/qcow2-snapshot.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)

Reviewed-by: Eric Blake <eblake@redhat.com>
Stefan Hajnoczi Oct. 2, 2013, 12:26 p.m. UTC | #2 
On Mon, Sep 09, 2013 at 10:57:56AM +0800, Wenchao Xia wrote:
> If it is not restored after qcow2_write_snapshots() fail, a core
> dump will happen in bdrv_close() since access of invalid pointer.
> 
> Signed-off-by: Wenchao Xia <xiawenc@linux.vnet.ibm.com>
> ---
>  block/qcow2-snapshot.c |    4 +++-
>  1 files changed, 3 insertions(+), 1 deletions(-)

Good candidate for -stable.  Please add:

Cc: qemu-stable@nongnu.org
diff mbox

Patch

diff --git a/block/qcow2-snapshot.c b/block/qcow2-snapshot.c
index e7e6013..40393b2 100644
--- a/block/qcow2-snapshot.c
+++ b/block/qcow2-snapshot.c
@@ -331,7 +331,7 @@  int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
     QCowSnapshot *new_snapshot_list = NULL;
     QCowSnapshot *old_snapshot_list = NULL;
     QCowSnapshot sn1, *sn = &sn1;
-    int i, ret;
+    int i, ret, old_snapshot_num = 0;
     uint64_t *l1_table = NULL;
     int64_t l1_table_offset;
 
@@ -403,6 +403,7 @@  int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
         memcpy(new_snapshot_list, s->snapshots,
                s->nb_snapshots * sizeof(QCowSnapshot));
         old_snapshot_list = s->snapshots;
+        old_snapshot_num = s->nb_snapshots;
     }
     s->snapshots = new_snapshot_list;
     s->snapshots[s->nb_snapshots++] = *sn;
@@ -411,6 +412,7 @@  int qcow2_snapshot_create(BlockDriverState *bs, QEMUSnapshotInfo *sn_info)
     if (ret < 0) {
         g_free(s->snapshots);
         s->snapshots = old_snapshot_list;
+        s->nb_snapshots = old_snapshot_num;
         goto fail;
     }