[libvirt] [PATCH] virsh: Fix segfault of snapshot-list
Peter Krempa
pkrempa at redhat.com
Mon Oct 22 14:25:02 UTC 2012
On 10/22/12 16:04, Osier Yang wrote:
> "snaps" is used after free'ed, and the additional one entry should
> be added to the list.
> ---
> tools/virsh-snapshot.c | 6 +++---
> 1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
> index 6dd8bf2..635edd8 100644
> --- a/tools/virsh-snapshot.c
> +++ b/tools/virsh-snapshot.c
> @@ -856,9 +856,6 @@ vshSnapshotListCollect(vshControl *ctl, virDomainPtr dom,
> snaplist->snaps = vshCalloc(ctl, count + (tree && from),
> sizeof(*snaplist->snaps));
> snaplist->nsnaps = count;
> - for (i = 0; i < count; i++)
> - snaplist->snaps[i].snap = snaps[i];
> - VIR_FREE(snaps);
> if (tree) {
> for (i = 0; i < count; i++) {
> if (vshGetSnapshotParent(ctl, snaplist->snaps[i].snap,
The fix isn't 100% correct. Here vshGetSnapshotParent expects the
snaplist to be populated.
A few lines behind this context,
if (from) {
snaps[snaplist->nsnaps++] = from;
This line needs to be changed to access snaplist instead of snaps.
virDomainSnapshotRef(from);
}
Peter
More information about the libvir-list
mailing list