From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 25 Sep 2013 14:00:48 +0000 (+0200)
Subject: rbd: avoid qemu_rbd_snap_list() memory leaks
X-Git-Tag: v1.6.1~7
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=fc06b430942e84a2a69e2a80a6d5b376a8064020;p=users%2Fdwmw2%2Fqemu.git

rbd: avoid qemu_rbd_snap_list() memory leaks

When there are no snapshots qemu_rbd_snap_list() returns 0 and the
snapshot table pointer is NULL.  Don't forget to free the snaps buffer
we allocated for librbd rbd_snap_list().

When the function succeeds don't forget to free the snaps buffer after
calling rbd_snap_list_end().

Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9e6337d0818650362149b734d53edf9489f3acaa)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---

diff --git a/block/rbd.c b/block/rbd.c
index cb71751218..7e7c735d75 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -934,7 +934,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
     do {
         snaps = g_malloc(sizeof(*snaps) * max_snaps);
         snap_count = rbd_snap_list(s->image, snaps, &max_snaps);
-        if (snap_count < 0) {
+        if (snap_count <= 0) {
             g_free(snaps);
         }
     } while (snap_count == -ERANGE);
@@ -958,6 +958,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
         sn_info->vm_clock_nsec = 0;
     }
     rbd_snap_list_end(snaps);
+    g_free(snaps);
 
  done:
     *psn_tab = sn_tab;