drive-backup argument @format defaults to the format of the source unless @mode is "existing".
drive_backup_prepare() implements this by copying the source's @format_name to DriveBackup member @format. It leaves @has_format false, violating the "has_format == !!format" invariant. Unclean. Falls apart when we elide @has_format (commit after next): then QAPI passes @format, which is a string constant, to g_free(). iotest 056 duly explodes. Clean it up. Since the value stored in member @format is not actually used outside this function, use a local variable instead of modifying the QAPI object. Signed-off-by: Markus Armbruster <arm...@redhat.com> Cc: Kevin Wolf <kw...@redhat.com> Cc: Hanna Reitz <hre...@redhat.com> Cc: qemu-bl...@nongnu.org Message-Id: <20221104160712.3005652-9-arm...@redhat.com> Reviewed-by: Eric Blake <ebl...@redhat.com> --- blockdev.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/blockdev.c b/blockdev.c index 3f1dec6242..d6550e0dc8 100644 --- a/blockdev.c +++ b/blockdev.c @@ -1686,6 +1686,7 @@ static void drive_backup_prepare(BlkActionState *common, Error **errp) BlockDriverState *source = NULL; AioContext *aio_context; AioContext *old_context; + const char *format; QDict *options; Error *local_err = NULL; int flags; @@ -1717,9 +1718,9 @@ static void drive_backup_prepare(BlkActionState *common, Error **errp) /* Paired with .clean() */ bdrv_drained_begin(bs); - if (!backup->has_format) { - backup->format = backup->mode == NEW_IMAGE_MODE_EXISTING ? - NULL : (char *) bs->drv->format_name; + format = backup->format; + if (!format && backup->mode != NEW_IMAGE_MODE_EXISTING) { + format = bs->drv->format_name; } /* Early check to avoid creating target */ @@ -1758,19 +1759,19 @@ static void drive_backup_prepare(BlkActionState *common, Error **errp) } if (backup->mode != NEW_IMAGE_MODE_EXISTING) { - assert(backup->format); + assert(format); if (source) { /* Implicit filters should not appear in the filename */ BlockDriverState *explicit_backing = bdrv_skip_implicit_filters(source); bdrv_refresh_filename(explicit_backing); - bdrv_img_create(backup->target, backup->format, + bdrv_img_create(backup->target, format, explicit_backing->filename, explicit_backing->drv->format_name, NULL, size, flags, false, &local_err); } else { - bdrv_img_create(backup->target, backup->format, NULL, NULL, NULL, + bdrv_img_create(backup->target, format, NULL, NULL, NULL, size, flags, false, &local_err); } } @@ -1783,8 +1784,8 @@ static void drive_backup_prepare(BlkActionState *common, Error **errp) options = qdict_new(); qdict_put_str(options, "discard", "unmap"); qdict_put_str(options, "detect-zeroes", "unmap"); - if (backup->format) { - qdict_put_str(options, "driver", backup->format); + if (format) { + qdict_put_str(options, "driver", format); } target_bs = bdrv_open(backup->target, NULL, options, flags, errp); -- 2.37.3