summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKevin Wolf <kwolf@redhat.com>2010-07-14 10:30:31 +0200
committerKevin Wolf <kwolf@redhat.com>2010-07-14 10:30:42 +0200
commit2020dd5535affec319c03bf8ecd92818dee8d30b (patch)
tree5b2fa04323fde4b3d307199fee8aaa1e9fe3dd84
parentqemu-options: add documentation for stdio signal=on|off (diff)
downloadqemu-kvm-2020dd5535affec319c03bf8ecd92818dee8d30b.tar.gz
qemu-kvm-2020dd5535affec319c03bf8ecd92818dee8d30b.tar.bz2
qemu-kvm-2020dd5535affec319c03bf8ecd92818dee8d30b.zip
vmdk: fix double free
fail_gd error case would also free rgd_buf that was already freed Signed-off-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com> (cherry picked from commit a161329b61106ab093aab6d3227ac85e0b8251a9) Conflicts: block/vmdk.c Signed-off-by: Kevin Wolf <kwolf@redhat.com>
-rw-r--r--block/vmdk.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/block/vmdk.c b/block/vmdk.c
index 4e486225b..765e95a28 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -285,7 +285,6 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file)
goto fail_rgd;
if (write(snp_fd, rgd_buf, gd_size) == -1)
goto fail_rgd;
- qemu_free(rgd_buf);
/* write GD */
gd_buf = qemu_malloc(gd_size);
@@ -298,6 +297,7 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file)
if (write(snp_fd, gd_buf, gd_size) == -1)
goto fail_gd;
qemu_free(gd_buf);
+ qemu_free(rgd_buf);
close(p_fd);
close(snp_fd);