From 77ed971b9d96a288e497509054e1e59493ffd1fc Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 22 Apr 2020 15:07:07 +0200 Subject: block/file-posix: Fix check_cache_dropped() error handling The Error ** argument must be NULL, &error_abort, &error_fatal, or a pointer to a variable containing NULL. Passing an argument of the latter kind twice without clearing it in between is wrong: if the first call sets an error, it no longer points to NULL for the second call. check_cache_dropped() calls error_setg() in a loop. It fails to break the loop in one instance. If a subsequent iteration error_setg()s again, it trips error_setv()'s assertion. Fix it to break the loop. Fixes: 31be8a2a97ecba7d31a82932286489cac318e9e9 Cc: Stefan Hajnoczi Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <20200422130719.28225-3-armbru@redhat.com> --- block/file-posix.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/block/file-posix.c b/block/file-posix.c index 7e19bbff5f..094e3b0212 100644 --- a/block/file-posix.c +++ b/block/file-posix.c @@ -2691,10 +2691,13 @@ static void check_cache_dropped(BlockDriverState *bs, Error **errp) vec_end = DIV_ROUND_UP(length, page_size); for (i = 0; i < vec_end; i++) { if (vec[i] & 0x1) { - error_setg(errp, "page cache still in use!"); break; } } + if (i < vec_end) { + error_setg(errp, "page cache still in use!"); + break; + } } if (window) { -- cgit v1.2.3-55-g7522