From 011eeb41307c10c7a2430df2aa751b58ad2da9ae Mon Sep 17 00:00:00 2001
From: Guannan Ren <gren@redhat.com>
Date: Sun, 11 Sep 2011 13:43:35 +0800
Subject: [PATCH] snapshot: fix double free of qemuImgBinary

Regression introduced in commit 3881a470, due to an improper rebase
of a cleanup written beforehand but only applied after a rebased of
a refactoring that created a new function in commit 25fb3ef.

Also avoids passing NULL to printf %s.

* src/qemu/qemu_driver.c: In qemuDomainSnapshotForEachQcow2()
it free up the memory of qemu_driver->qemuImgBinary in the
cleanup tag which leads to the garbage value of qemuImgBinary
in qemu_driver struct and libvirtd crash when running
"virsh snapshot-create" command a second time.

Signed-off-by: Eric Blake <eblake@redhat.com>
---
 src/qemu/qemu_driver.c | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index b94d1c4838..321b07b152 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -1681,14 +1681,13 @@ qemuDomainSnapshotForEachQcow2(struct qemud_driver *driver,
                                bool try_all)
 {
     const char *qemuimgarg[] = { NULL, "snapshot", NULL, NULL, NULL, NULL };
-    int ret = -1;
     int i;
     bool skipped = false;
 
     qemuimgarg[0] = qemuFindQemuImgBinary(driver);
     if (qemuimgarg[0] == NULL) {
         /* qemuFindQemuImgBinary set the error */
-        goto cleanup;
+        return -1;
     }
 
     qemuimgarg[2] = op;
@@ -1707,15 +1706,15 @@ qemuDomainSnapshotForEachQcow2(struct qemud_driver *driver,
                      * disks in this VM may have the same snapshot name.
                      */
                     VIR_WARN("skipping snapshot action on %s",
-                             vm->def->disks[i]->info.alias);
+                             vm->def->disks[i]->dst);
                     skipped = true;
                     continue;
                 }
                 qemuReportError(VIR_ERR_OPERATION_INVALID,
                                 _("Disk device '%s' does not support"
                                   " snapshotting"),
-                                vm->def->disks[i]->info.alias);
-                goto cleanup;
+                                vm->def->disks[i]->dst);
+                return -1;
             }
 
             qemuimgarg[4] = vm->def->disks[i]->src;
@@ -1727,16 +1726,12 @@ qemuDomainSnapshotForEachQcow2(struct qemud_driver *driver,
                     skipped = true;
                     continue;
                 }
-                goto cleanup;
+                return -1;
             }
         }
     }
 
-    ret = skipped ? 1 : 0;
-
-cleanup:
-    VIR_FREE(qemuimgarg[0]);
-    return ret;
+    return skipped ? 1 : 0;
 }
 
 /* Discard one snapshot (or its metadata), without reparenting any children.  */