On 01/23/2014 03:00 PM, Benoît Canet wrote: > Le Thursday 23 Jan 2014 à 16:48:55 (-0500), Jeff Cody a écrit : >> Currently, if an image file is logically larger than its backing file, >> commiting it via 'qemu-img commit' will fail.
s/commiting/committing/
>> + uint8_t *buf = NULL;
>
> Why assign NULL to buf ? Is it related to the rest of the patch ?
>
> Reviewed-by: Benoit Canet <ben...@irqsave.net>
>
>> char filename[PATH_MAX];
>>
>> if (!drv)
>> @@ -1904,7 +1904,24 @@ int bdrv_commit(BlockDriverState *bs)
>> }
>> }
>>
>> - total_sectors = bdrv_getlength(bs) >> BDRV_SECTOR_BITS;
>> + length = bdrv_getlength(bs);
>> + backing_length = bdrv_getlength(bs->backing_hd);
>> +
>> + if (length < 0 || backing_length < 0) {
>> + goto ro_cleanup;
Because this goto now reaches the ro_cleanup label with buf
uninitialized, if we don't assign NULL originally.
>> + total_sectors = length >> BDRV_SECTOR_BITS;
>> buf = g_malloc(COMMIT_BUF_SECTORS * BDRV_SECTOR_SIZE);
The old code only ever reached ro_cleanup after assigning buf, and
ro_cleanup blindly frees buf.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
