diff options
| author | Markus Armbruster <armbru@redhat.com> | 2011-01-28 11:21:46 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2011-01-31 11:59:24 +0100 |
| commit | 319ae529b8d55ea60b1036809aaab2130048d0e1 (patch) | |
| tree | 3740e9a82f9de67de48abb76a8c35bd855f818b5 /hw/usb-msd.c | |
| parent | 5645b0f4f2185437d8df03810ce9c102cc4c90db (diff) | |
blockdev: Fix drive_add for drives without media
Watch this:
(qemu) drive_add 0 if=none
(qemu) info block
none0: type=hd removable=0 [not inserted]
(qemu) drive_del none0
Segmentation fault (core dumped)
add_init_drive() is confused about drive_init()'s failure modes, and
cleans up when it shouldn't. This leaves the DriveInfo with member
opts dangling. drive_del attempts to free it, and dies.
drive_init() behaves as follows:
* If it created a drive with media, it returns its DriveInfo.
* If it created a drive without media, it clears *fatal_error and
returns NULL.
* If it couldn't create a drive, it sets *fatal_error and returns
NULL.
Of its three callers:
* drive_init_func() is correct.
* usb_msd_init() assumes drive_init() failed when it returns NULL.
This is correct only because it always passes option "file", and
"drive without media" can't happen then.
* add_init_drive() assumes drive_init() failed when it returns NULL.
This is incorrect.
Clean up drive_init() to return NULL on failure and only on failure.
Drop its parameter fatal_error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'hw/usb-msd.c')
| -rw-r--r-- | hw/usb-msd.c | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/hw/usb-msd.c b/hw/usb-msd.c index 11722c7486..97d1e4af13 100644 --- a/hw/usb-msd.c +++ b/hw/usb-msd.c @@ -542,7 +542,6 @@ static USBDevice *usb_msd_init(const char *filename) QemuOpts *opts; DriveInfo *dinfo; USBDevice *dev; - int fatal_error; const char *p1; char fmt[32]; @@ -572,7 +571,7 @@ static USBDevice *usb_msd_init(const char *filename) qemu_opt_set(opts, "if", "none"); /* create host drive */ - dinfo = drive_init(opts, 0, &fatal_error); + dinfo = drive_init(opts, 0); if (!dinfo) { qemu_opts_del(opts); return NULL; |