qemu: fix snapshot crasher bug and improve virsh (blockdev-add saga)

[libvirt] [PATCH 1/2] qemu: driver: Fix off-by-one in qemuDomainSnapshotDiskDataCollect

Posted by Peter Krempa 5 years, 5 months ago

Commit f34397e51c17 introduced a crash-inducing problem when collecting
disk snapshot data, where the array would be filled starting from the
second element.

The code then dereferenced the first one.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/qemu/qemu_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 40a2aa440f..ec08dd939e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -15073,8 +15073,8 @@ qemuDomainSnapshotDiskDataCollect(virQEMUDriverPtr driver,
         if (snapdef->disks[i].snapshot == VIR_DOMAIN_SNAPSHOT_LOCATION_NONE)
             continue;

-        ndata++;
         dd = data + ndata;
+        ndata++;

         dd->disk = vm->def->disks[i];

-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 1/2] qemu: driver: Fix off-by-one in qemuDomainSnapshotDiskDataCollect

Posted by Ján Tomko 5 years, 5 months ago

On Thu, Jun 20, 2019 at 03:47:56PM +0200, Peter Krempa wrote:
>Commit f34397e51c17 introduced a crash-inducing problem when collecting
>disk snapshot data, where the array would be filled starting from the
>second element.
>
>The code then dereferenced the first one.
>

How did this get past review?

>Signed-off-by: Peter Krempa <pkrempa@redhat.com>
>---
> src/qemu/qemu_driver.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

Jano
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/2] qemu: driver: Fix off-by-one in qemuDomainSnapshotDiskDataCollect
[libvirt] [PATCH 2/2] virsh: snapshot: Don't block --no-metadata with --print-xml