From b0f9197ca9efa3768253bfab3b938d06e1d2abc1 Mon Sep 17 00:00:00 2001 From: Kevin Wolf Date: Thu, 7 Nov 2013 11:19:18 +0100 Subject: [PATCH 66/87] block: Don't copy backing file name on error RH-Author: Kevin Wolf Message-id: <1383823158-8741-1-git-send-email-kwolf@redhat.com> Patchwork-id: 55596 O-Subject: [RHEL-7.0 qemu-kvm PATCH 25/24] block: Don't copy backing file name on error Bugzilla: 978402 RH-Acked-by: Laszlo Ersek RH-Acked-by: Fam Zheng RH-Acked-by: Miroslav Rezanina From: Max Reitz bdrv_open_backing_file() tries to copy the backing file name using pstrcpy directly after calling bdrv_open() to open the backing file without checking whether that was actually successful. If it was not, ps->backing_hd->file will probably be NULL and qemu will crash. Fix this by moving pstrcpy after checking whether bdrv_open() succeeded. Signed-off-by: Max Reitz Reviewed-by: Benoit Canet Reviewed-by: Amos Kong Signed-off-by: Kevin Wolf (cherry picked from commit 61ed2684539f7f31304e193d7c0e68d57ce6be88) Signed-off-by: Kevin Wolf --- Brewing as: http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6541865 --- block.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Signed-off-by: Miroslav Rezanina --- block.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/block.c b/block.c index beeb600..dccdb2c 100644 --- a/block.c +++ b/block.c @@ -974,8 +974,6 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp) ret = bdrv_open(bs->backing_hd, *backing_filename ? backing_filename : NULL, options, back_flags, back_drv, &local_err); - pstrcpy(bs->backing_file, sizeof(bs->backing_file), - bs->backing_hd->file->filename); if (ret < 0) { bdrv_delete(bs->backing_hd); bs->backing_hd = NULL; @@ -983,6 +981,8 @@ int bdrv_open_backing_file(BlockDriverState *bs, QDict *options, Error **errp) error_propagate(errp, local_err); return ret; } + pstrcpy(bs->backing_file, sizeof(bs->backing_file), + bs->backing_hd->file->filename); return 0; } -- 1.7.1