diff options
| author | Max Reitz <mreitz@redhat.com> | 2021-02-19 16:33:48 +0100 |
|---|---|---|
| committer | Kevin Wolf <kwolf@redhat.com> | 2021-03-08 14:55:18 +0100 |
| commit | e41799409281eab19c17692d1c52cb4cef7f5494 (patch) | |
| tree | ffcc2354ed468310011a3087c55b4f7dd2b38d52 /scripts/check_sparse.py | |
| parent | 705dde27c6c53b73d2aa139b5b2a0ea490153e5b (diff) | |
| download | qemu-e41799409281eab19c17692d1c52cb4cef7f5494.zip qemu-e41799409281eab19c17692d1c52cb4cef7f5494.tar.gz qemu-e41799409281eab19c17692d1c52cb4cef7f5494.tar.bz2 | |
iotests/283: Check that finalize drops backup-top
Without any of HEAD^ or HEAD^^ applied, qemu will most likely crash on
the qemu-io invocation, for a variety of immediate reasons. The
underlying problem is generally a use-after-free access into
backup-top's BlockCopyState.
With only HEAD^ applied, qemu-io will run into an EIO (which is not
capture by the output, but you can see that the qemu-io invocation will
be accepted (i.e., qemu-io will run) in contrast to the reference
output, where the node name cannot be found), and qemu will then crash
in query-named-block-nodes: bdrv_get_allocated_file_size() detects
backup-top to be a filter and passes the request through to its child.
However, after bdrv_backup_top_drop(), that child is NULL, so the
recursive call crashes.
With HEAD^^ applied, this test should pass.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210219153348.41861-4-mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'scripts/check_sparse.py')
0 files changed, 0 insertions, 0 deletions