Le Wednesday 25 Sep 2013 à 16:37:18 (+0200), Max Reitz a écrit :
> In l2_allocate, the fail path is executed if qcow2_cache_flush fails.
> However, the L2 table has not yet been fetched from the L2 table cache.
> The qcow2_cache_put in the fail path therefore basically gives an
> undefined argument as the L2 table address (in this case).
>
> Signed-off-by: Max Reitz <mre...@redhat.com>
> ---
> block/qcow2-cluster.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/block/qcow2-cluster.c b/block/qcow2-cluster.c
> index 738ff73..f6d47c9 100644
> --- a/block/qcow2-cluster.c
> +++ b/block/qcow2-cluster.c
> @@ -188,7 +188,7 @@ static int l2_allocate(BlockDriverState *bs, int
> l1_index, uint64_t **table)
> {
> BDRVQcowState *s = bs->opaque;
> uint64_t old_l2_offset;
> - uint64_t *l2_table;
> + uint64_t *l2_table = NULL;
> int64_t l2_offset;
> int ret;
>
> @@ -265,7 +265,9 @@ static int l2_allocate(BlockDriverState *bs, int
> l1_index, uint64_t **table)
>
> fail:
> trace_qcow2_l2_allocate_done(bs, l1_index, ret);
> - qcow2_cache_put(bs, s->l2_table_cache, (void**) table);
> + if (l2_table != NULL) {
> + qcow2_cache_put(bs, s->l2_table_cache, (void**) table);
> + }
> s->l1_table[l1_index] = old_l2_offset;
> return ret;
> }
> --
> 1.8.3.1
>
>
Reviewed-by: Benoit Canet <ben...@irqsave.net>
