From c5baaa489f5557fa01431ba0c5de28b43fc9631e Mon Sep 17 00:00:00 2001
From: Kevin Wolf <kwolf@redhat.com>
Date: Thu, 15 Oct 2009 17:31:01 +0200
Subject: [PATCH] qcow2: Fix grow_refcount_table error handling

In case of failure, we haven't increased the refcount for the newly allocated
cluster yet. Therefore we must not free the cluster or its refcount will become
negative (and endless recursion is possible).

Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
---
 block/qcow2-refcount.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/block/qcow2-refcount.c b/block/qcow2-refcount.c
index 609eee1891..30266786df 100644
--- a/block/qcow2-refcount.c
+++ b/block/qcow2-refcount.c
@@ -182,7 +182,6 @@ static int grow_refcount_table(BlockDriverState *bs, int min_size)
     qcow2_free_clusters(bs, old_table_offset, old_table_size * sizeof(uint64_t));
     return 0;
  fail:
-    qcow2_free_clusters(bs, table_offset, new_table_size2);
     qemu_free(new_table);
     return -EIO;
 }