Re: [libvirt] [PATCH] virsh: Fix segfault of snapshot-list
On 10/22/12 16:04, Osier Yang wrote:
"snaps" is used after free'ed, and the additional one
entry should
be added to the list.
---
tools/virsh-snapshot.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/tools/virsh-snapshot.c b/tools/virsh-snapshot.c
index 6dd8bf2..635edd8 100644
--- a/tools/virsh-snapshot.c
+++ b/tools/virsh-snapshot.c
@@ -856,9 +856,6 @@ vshSnapshotListCollect(vshControl *ctl, virDomainPtr dom,
snaplist->snaps = vshCalloc(ctl, count + (tree && from),
sizeof(*snaplist->snaps));
snaplist->nsnaps = count;
- for (i = 0; i < count; i++)
- snaplist->snaps[i].snap = snaps[i];
- VIR_FREE(snaps);
if (tree) {
for (i = 0; i < count; i++) {
if (vshGetSnapshotParent(ctl, snaplist->snaps[i].snap,
The fix isn't 100% correct. Here vshGetSnapshotParent expects the
snaplist to be populated.
A few lines behind this context,
if (from) {
snaps[snaplist->nsnaps++] = from;
This line needs to be changed to access snaplist instead of snaps.
virDomainSnapshotRef(from);
}
Peter