1) :
for example: BDRVQcowState *s = bs->opaque; s->snapshots s->nb_snapshots 1:use the command: qemu-img snapshot ./test.qcow2 -c aa the memory of the s->snapshot don't free, if the s->nb_snapshots is large, Does it have some problems. 2: use the command: qemu-system-x86_64 ./test.qcow2 -snapshot when the program ends, Does it need to free the s->snapshots ? 2): in the function of qcow2_update_snapshot_refcount it has some " goto fail "; if the function runs some times, then something makes it goto fail, I am not sure whether it will make the refcount incorrect.
