From eb909c7f72362e3c891d679f6f4eab0885fdb1c1 Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 6 Mar 2014 16:34:46 +0100
Subject: block: Fix error path segfault in bdrv_open()

Using an invalid option for a block device that is opened with
BDRV_O_PROTOCOL led to drv = NULL, and when trying to include the driver
name in the error message, qemu dereferenced it:

    $ x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/test.qcow2,file.foo=bar
    Segmentation fault (core dumped)

With this patch applied, the expected error message is printed:

    $ x86_64-softmmu/qemu-system-x86_64 -drive file=/tmp/test.qcow2,file.foo=bar
    qemu-system-x86_64: -drive file=/tmp/test.qcow2,file.foo=bar: could
    not open disk image /tmp/test.qcow2: Block protocol 'file' doesn't
    support the option 'foo'

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Benoit Canet <benoit@irqsave.net>
---
 block.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'block.c')

diff --git a/block.c b/block.c
index e7387f1556..f1ef4b0109 100644
--- a/block.c
+++ b/block.c
@@ -1234,6 +1234,7 @@ int bdrv_open(BlockDriverState **pbs, const char *filename,
         ret = bdrv_file_open(bs, filename, &options, flags & ~BDRV_O_PROTOCOL,
                              &local_err);
         if (!ret) {
+            drv = bs->drv;
             goto done;
         } else if (bs->drv) {
             goto close_and_fail;
-- 
cgit v1.2.1