QSIMPLEQ_FOREACH will use the states pointer after the loop has freed it. Signed-off-by: Paolo Bonzini <pbonz...@redhat.com> --- Found while (re)reviewing Jeff's patches.
blockdev.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/blockdev.c b/blockdev.c index 1fb2a17..9480dbb 100644 --- a/blockdev.c +++ b/blockdev.c @@ -775,7 +775,7 @@ void qmp_transaction(BlockdevActionList *dev_list, Error **errp) { int ret = 0; BlockdevActionList *dev_entry = dev_list; - BlkTransactionStates *states; + BlkTransactionStates *states, *next; char *new_source = NULL; QSIMPLEQ_HEAD(snap_bdrv_states, BlkTransactionStates) snap_bdrv_states; @@ -926,7 +926,7 @@ delete_and_fail: } } exit: - QSIMPLEQ_FOREACH(states, &snap_bdrv_states, entry) { + QSIMPLEQ_FOREACH_SAFE(states, &snap_bdrv_states, entry, next) { g_free(states); } g_free(new_source); -- 1.7.7.6