From ea10cd76f859d5a5d4518c3d6816859cabe6e0b6 Mon Sep 17 00:00:00 2001
From: John Ferlan <jferlan@redhat.com>
Date: Tue, 11 Mar 2014 15:26:14 -0400
Subject: [PATCH] storage: Fix bugs in VIR_APPEND_ELEMENT series

From commit id 'd53bbfd1'

Found one core and one possible memory leak. Core seen during local
virt-test/tp_libvirt run for the vol_create_from test. The memory leak
was seen by inspection during a review of all VIR_APPEND_ELEMENT changes

In storage_backend_disk/virStorageBackendDiskMakeDataVol(), the 'vol'
needs to be kept around since it's used later, so use the _COPY macro.
This caused a segv in libvirtd:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe87c3700 (LWP 6919)]
virStorageBackendDiskMakeDataVol (vol=0x0, groups=0x7fffc8000d70, pool=0x7fffc8002460) at storage/storage_backend_disk.c:66
66          if (vol->target.path == NULL) {

In storage_backend_rbd/virStorageBackendRBDRefreshPool() there's a failure
path where the 'vol' needs to go through virStorageVolDefFree() since it
wouldn't be appended.
---
 src/storage/storage_backend_disk.c | 3 ++-
 src/storage/storage_backend_rbd.c  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c
index b261773450..2b6011ba3c 100644
--- a/src/storage/storage_backend_disk.c
+++ b/src/storage/storage_backend_disk.c
@@ -57,7 +57,8 @@ virStorageBackendDiskMakeDataVol(virStoragePoolObjPtr pool,
          */
         tmp = strrchr(groups[0], '/');
         if (VIR_STRDUP(vol->name, tmp ? tmp + 1 : groups[0]) < 0 ||
-            VIR_APPEND_ELEMENT(pool->volumes.objs, pool->volumes.count, vol) < 0) {
+            VIR_APPEND_ELEMENT_COPY(pool->volumes.objs,
+                                    pool->volumes.count, vol) < 0) {
             virStorageVolDefFree(vol);
             return -1;
         }
diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
index bc52474b26..d78dbe4d30 100644
--- a/src/storage/storage_backend_rbd.c
+++ b/src/storage/storage_backend_rbd.c
@@ -401,6 +401,7 @@ static int virStorageBackendRBDRefreshPool(virConnectPtr conn,
         }
 
         if (VIR_APPEND_ELEMENT(pool->volumes.objs, pool->volumes.count, vol) < 0) {
+            virStorageVolDefFree(vol);
             virStoragePoolObjClearVols(pool);
             goto cleanup;
         }