
Watch this: (qemu) drive_add 0 if=none (qemu) info block none0: type=hd removable=0 [not inserted] (qemu) drive_del none0 Segmentation fault (core dumped) add_init_drive() is confused about drive_init()'s failure modes, and cleans up when it shouldn't. This leaves the DriveInfo with member opts dangling. drive_del attempts to free it, and dies. drive_init() behaves as follows: * If it created a drive with media, it returns its DriveInfo. * If it created a drive without media, it clears *fatal_error and returns NULL. * If it couldn't create a drive, it sets *fatal_error and returns NULL. Of its three callers: * drive_init_func() is correct. * usb_msd_init() assumes drive_init() failed when it returns NULL. This is correct only because it always passes option "file", and "drive without media" can't happen then. * add_init_drive() assumes drive_init() failed when it returns NULL. This is incorrect. Clean up drive_init() to return NULL on failure and only on failure. Drop its parameter fatal_error. Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Read the documentation in qemu-doc.html. Fabrice Bellard.
Description
Languages
C
83%
C++
7.7%
Python
3%
Dylan
2.2%
Shell
1.8%
Other
2.1%