Avoid calling qemu_mallocz with zero size

Currently qemu_mallocz calls malloc and handling of zero by malloc is implementation defined behaviour: http://www.opengroup.org/onlinepubs/7990989775/xsh/malloc.html malloc(0) on AIX returns NULL[1] and qcow2 images without snapshots are thus unusable [1] Unless special Linux compatibility define is used when compiling git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6359 c046a42c-6fe2-441c-8c8c-71466251a162

Avoid calling qemu_mallocz with zero size
Currently qemu_mallocz calls malloc and handling of zero by malloc is implementation defined behaviour: http://www.opengroup.org/onlinepubs/7990989775/xsh/malloc.html malloc(0) on AIX returns NULL[1] and qcow2 images without snapshots are thus unusable [1] Unless special Linux compatibility define is used when compiling git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@6359 c046a42c-6fe2-441c-8c8c-71466251a162
malc
1 parent 4c621805
Showing 1 changed file with 10 additions and 2 deletions
block-qcow2.c
@@ -1809,6 +1809,12 @@ static int qcow_read_snapshots(BlockDriverState *bs)
     int64_t offset;
     uint32_t extra_data_size;
+    if (!s->nb_snapshots) {
+        s->snapshots = NULL;
+        s->snapshots_size = 0;
+        return 0;
+    }
+
     offset = s->snapshots_offset;
     s->snapshots = qemu_mallocz(s->nb_snapshots * sizeof(QCowSnapshot));
     if (!s->snapshots)
@@ -2023,8 +2029,10 @@ static int qcow_snapshot_create(BlockDriverState *bs,
     snapshots1 = qemu_malloc((s->nb_snapshots + 1) * sizeof(QCowSnapshot));
     if (!snapshots1)
         goto fail;
-    memcpy(snapshots1, s->snapshots, s->nb_snapshots * sizeof(QCowSnapshot));
-    qemu_free(s->snapshots);
+    if (s->snapshots) {
+        memcpy(snapshots1, s->snapshots, s->nb_snapshots * sizeof(QCowSnapshot));
+        qemu_free(s->snapshots);
+    }
     s->snapshots = snapshots1;
     s->snapshots[s->nb_snapshots++] = *sn;