From 9eca925bdec8ad6c2b8d3449669bb98e91872116 Mon Sep 17 00:00:00 2001
From: Juan Quintela <quintela@redhat.com>
Date: Thu, 4 Mar 2010 23:11:51 -0300
Subject: [PATCH 29/42] vmdk: fix double free

RH-Author: Juan Quintela <quintela@redhat.com>
Message-id: <83a53b71ad38e92714277171939a09d1a67754ce.1267743950.git.quintela@redhat.com>
Patchwork-id: 7558
O-Subject: [PATCH 29/32] vmdk: fix double free
Bugzilla: 567099
RH-Acked-by: Kevin Wolf <kwolf@redhat.com>
RH-Acked-by: Amit Shah <amit.shah@redhat.com>
RH-Acked-by: Marcelo Tosatti <mtosatti@redhat.com>

fail_gd error case would also free rgd_buf that was already freed

Signed-off-by: Juan Quintela <quintela@redhat.com>
---
 block/vmdk.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
---
 block/vmdk.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/block/vmdk.c b/block/vmdk.c
index 37427a6..fb4a4c6 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -315,7 +315,6 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file)
         ret = -errno;
         goto fail_rgd;
     }
-    qemu_free(rgd_buf);
 
     /* write GD */
     gd_buf = qemu_malloc(gd_size);
@@ -336,6 +335,7 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file)
         goto fail_gd;
     }
     qemu_free(gd_buf);
+    qemu_free(rgd_buf);
 
     close(p_fd);
     close(snp_fd);
-- 
1.6.3.rc4.29.g8146