From 3acda11a1add5b08d3b2f26dcb96de06581ff094 Mon Sep 17 00:00:00 2001
From: Stefan Hajnoczi <stefanha@redhat.com>
Date: Wed, 25 Sep 2013 16:00:48 +0200
Subject: [PATCH] rbd: avoid qemu_rbd_snap_list() memory leaks
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

RH-Author: Stefano Garzarella <sgarzare@redhat.com>
RH-MergeRequest: 118: rbd: avoid qemu_rbd_snap_list() memory leaks
RH-Commit: [1/1] b7270277ecf931b119d5606f644793f32478e4c4
RH-Bugzilla: 2056725
RH-Acked-by: Daniel P. Berrangé <berrange@redhat.com>
RH-Acked-by: Stefan Hajnoczi <stefanha@redhat.com>
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Hanna Reitz <hreitz@redhat.com>

When there are no snapshots qemu_rbd_snap_list() returns 0 and the
snapshot table pointer is NULL.  Don't forget to free the snaps buffer
we allocated for librbd rbd_snap_list().

When the function succeeds don't forget to free the snaps buffer after
calling rbd_snap_list_end().

Cc: qemu-stable@nongnu.org
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9e6337d0818650362149b734d53edf9489f3acaa)
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/rbd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/block/rbd.c b/block/rbd.c
index b982658db4..996e86272e 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -952,7 +952,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
     do {
         snaps = g_malloc(sizeof(*snaps) * max_snaps);
         snap_count = rbd_snap_list(s->image, snaps, &max_snaps);
-        if (snap_count < 0) {
+        if (snap_count <= 0) {
             g_free(snaps);
         }
     } while (snap_count == -ERANGE);
@@ -976,6 +976,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
         sn_info->vm_clock_nsec = 0;
     }
     rbd_snap_list_end(snaps);
+    g_free(snaps);
 
  done:
     *psn_tab = sn_tab;
-- 
2.27.0