Commit 61ed2684 authored Oct 26, 2013 by Max Reitz Committed by Kevin Wolf Oct 28, 2013

block: Don't copy backing file name on error



bdrv_open_backing_file() tries to copy the backing file name using
pstrcpy directly after calling bdrv_open() to open the backing file
without checking whether that was actually successful. If it was not,
ps->backing_hd->file will probably be NULL and qemu will crash.

Fix this by moving pstrcpy after checking whether bdrv_open() succeeded.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
Reviewed-by: Amos Kong <kongjianjun@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>

parent d1f3a23b

block.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -1004,8 +1004,6 @@ int bdrv_open_backing_file(BlockDriverState bs, QDict options, Error **errp)
		ret = bdrv_open(bs->backing_hd,
		*backing_filename ? backing_filename : NULL, options,
		back_flags, back_drv, &local_err);
		pstrcpy(bs->backing_file, sizeof(bs->backing_file),
		bs->backing_hd->file->filename);
		if (ret < 0) {
		bdrv_unref(bs->backing_hd);
		bs->backing_hd = NULL;
		@@ -1013,6 +1011,8 @@ int bdrv_open_backing_file(BlockDriverState bs, QDict options, Error **errp)
		error_propagate(errp, local_err);
		return ret;
		}
		pstrcpy(bs->backing_file, sizeof(bs->backing_file),
		bs->backing_hd->file->filename);
		return 0;
		}