From: Josh Durgin <josh.durgin@dreamhost.com>
Date: Wed, 7 Dec 2011 01:05:10 +0000 (-0800)
Subject: rbd: always set out parameter in qemu_rbd_snap_list
X-Git-Tag: TizenStudio_2.0_p2.3.2~208^2~4871^2~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b9c532903fa528891c0eceb34ea40a0c47bfb5db;p=sdk%2Femulator%2Fqemu.git

rbd: always set out parameter in qemu_rbd_snap_list

The caller expects psn_tab to be NULL when there are no snapshots or
an error occurs. This results in calling g_free on an invalid address.

Reported-by: Oliver Francke <Oliver@filoo.de>
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---

diff --git a/block/rbd.c b/block/rbd.c
index 312584a..7a2384c 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -805,7 +805,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
     } while (snap_count == -ERANGE);
 
     if (snap_count <= 0) {
-        return snap_count;
+        goto done;
     }
 
     sn_tab = g_malloc0(snap_count * sizeof(QEMUSnapshotInfo));
@@ -824,6 +824,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
     }
     rbd_snap_list_end(snaps);
 
+ done:
     *psn_tab = sn_tab;
     return snap_count;
 }