qcow2_get_specific_info() used to have a code path which would leave pointer to ImageInfoSpecificQCow2 uninitialized.
We guess that it caused sporadic crashes on freeing an invalid pointer in response to "query-block" QMP command in visit_type_ImageInfoSpecificQCow2 with QapiDeallocVisitor. Although we have neither a solid proof nor a reproduction scenario, making sure the field is initialized appears a reasonable thing to do. Signed-off-by: Roman Kagan <rka...@virtuozzo.com> --- block/qcow2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/qcow2.c b/block/qcow2.c index 88f56c8..67c9d3d 100644 --- a/block/qcow2.c +++ b/block/qcow2.c @@ -2739,7 +2739,7 @@ static ImageInfoSpecific *qcow2_get_specific_info(BlockDriverState *bs) *spec_info = (ImageInfoSpecific){ .type = IMAGE_INFO_SPECIFIC_KIND_QCOW2, - .u.qcow2 = g_new(ImageInfoSpecificQCow2, 1), + .u.qcow2 = g_new0(ImageInfoSpecificQCow2, 1), }; if (s->qcow_version == 2) { *spec_info->u.qcow2 = (ImageInfoSpecificQCow2){ -- 2.5.0