From 319ae529b8d55ea60b1036809aaab2130048d0e1 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Fri, 28 Jan 2011 11:21:46 +0100 Subject: blockdev: Fix drive_add for drives without media Watch this: (qemu) drive_add 0 if=none (qemu) info block none0: type=hd removable=0 [not inserted] (qemu) drive_del none0 Segmentation fault (core dumped) add_init_drive() is confused about drive_init()'s failure modes, and cleans up when it shouldn't. This leaves the DriveInfo with member opts dangling. drive_del attempts to free it, and dies. drive_init() behaves as follows: * If it created a drive with media, it returns its DriveInfo. * If it created a drive without media, it clears *fatal_error and returns NULL. * If it couldn't create a drive, it sets *fatal_error and returns NULL. Of its three callers: * drive_init_func() is correct. * usb_msd_init() assumes drive_init() failed when it returns NULL. This is correct only because it always passes option "file", and "drive without media" can't happen then. * add_init_drive() assumes drive_init() failed when it returns NULL. This is incorrect. Clean up drive_init() to return NULL on failure and only on failure. Drop its parameter fatal_error. Signed-off-by: Markus Armbruster Signed-off-by: Kevin Wolf --- vl.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'vl.c') diff --git a/vl.c b/vl.c index f86724f83a..ce5708bbbd 100644 --- a/vl.c +++ b/vl.c @@ -631,13 +631,8 @@ static int bt_parse(const char *opt) static int drive_init_func(QemuOpts *opts, void *opaque) { int *use_scsi = opaque; - int fatal_error = 0; - if (drive_init(opts, *use_scsi, &fatal_error) == NULL) { - if (fatal_error) - return 1; - } - return 0; + return drive_init(opts, *use_scsi) == NULL; } static int drive_enable_snapshot(QemuOpts *opts, void *opaque) @@ -666,7 +661,7 @@ static void default_drive(int enable, int snapshot, int use_scsi, if (snapshot) { drive_enable_snapshot(opts, NULL); } - if (drive_init_func(opts, &use_scsi)) { + if (!drive_init(opts, use_scsi)) { exit(1); } } -- cgit v1.2.1