[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] virsh: Fix segfault of snapshot-list



On 10/22/12 16:04, Osier Yang wrote:
"snaps" is used after free'ed, and the additional one entry should
be added to the list.
---
  tools/virsh-snapshot.c |    6 +++---
  1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
index 6dd8bf2..635edd8 100644
--- a/tools/virsh-snapshot.c
+++ b/tools/virsh-snapshot.c
@@ -856,9 +856,6 @@ vshSnapshotListCollect(vshControl *ctl, virDomainPtr dom,
          snaplist->snaps = vshCalloc(ctl, count + (tree && from),
                                      sizeof(*snaplist->snaps));
          snaplist->nsnaps = count;
-        for (i = 0; i < count; i++)
-            snaplist->snaps[i].snap = snaps[i];
-        VIR_FREE(snaps);
          if (tree) {
              for (i = 0; i < count; i++) {
                  if (vshGetSnapshotParent(ctl, snaplist->snaps[i].snap,

The fix isn't 100% correct. Here vshGetSnapshotParent expects the snaplist to be populated.

A few lines behind this context,

            if (from) {
                snaps[snaplist->nsnaps++] = from;

This line needs to be changed to access snaplist instead of snaps.

                virDomainSnapshotRef(from);
            }


Peter


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]