On 07/17/13 09:12, Fam Zheng wrote:
> s->qcow is allocated but not freed if bdrv_open fails. Fix the possible
> leak, remove unnecessary check for bdrv_new(), honor error code of
> bdrv_create().
>
> Signed-off-by: Fam Zheng <f...@redhat.com>
> ---
> block/vvfat.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/block/vvfat.c b/block/vvfat.c
> index 87b0279..733f382 100644
> --- a/block/vvfat.c
> +++ b/block/vvfat.c
> @@ -2927,18 +2927,18 @@ static int enable_write_target(BDRVVVFATState *s)
> set_option_parameter_int(options, BLOCK_OPT_SIZE, s->sector_count * 512);
> set_option_parameter(options, BLOCK_OPT_BACKING_FILE, "fat:");
>
> - if (bdrv_create(bdrv_qcow, s->qcow_filename, options) < 0)
> - return -1;
> + ret = bdrv_create(bdrv_qcow, s->qcow_filename, options);
> + if (ret < 0) {
> + return ret;
> + }
(1) This still seems to leak "s->qcow_filename". Maybe that's not an
actual leak (the reference is not lost), but the error handler just a
little bit higher up frees "s->qcow_filename" and sets it to NULL if
get_tmp_filename() fails.
If this remark is justified then it could apply to the other error branches.
(2) vvfat_open() calls enable_write_target() but doesn't propagate its
retval, any error results in -EIO. Would that be worth fixing as well?
>
> s->qcow = bdrv_new("");
> - if (s->qcow == NULL) {
> - return -1;
> - }
>
> ret = bdrv_open(s->qcow, s->qcow_filename, NULL,
> BDRV_O_RDWR | BDRV_O_CACHE_WB | BDRV_O_NO_FLUSH, bdrv_qcow);
> if (ret < 0) {
> - return ret;
> + bdrv_delete(s->qcow);
> + return ret;
> }
>
> #ifndef _WIN32
>
Thanks
Laszlo
