[REPOST] Don't call fw_cfg e->callback if e->callback is NULL.

Submitted by Richard W.M. Jones on Aug. 3, 2010, 12:59 p.m.

Details

Message ID 20100803125950.GB22211@amd.home.annexia.org
State New
Headers show

Commit Message

Richard W.M. Jones Aug. 3, 2010, 12:59 p.m.
This is just a plain and obvious bug in fw_cfg.  It's not currently
hit because there are no writable entries in fw_cfg at the moment, but
as soon as you add one, you hit this segfault.

Rich.

Patch hide | download patch | download mbox

diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index 72866ae..37e6f1f 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -65,7 +65,8 @@  static void fw_cfg_write(FWCfgState *s, uint8_t value)
     if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {
         e->data[s->cur_offset++] = value;
         if (s->cur_offset == e->len) {
-            e->callback(e->callback_opaque, e->data);
+            if (e->callback)
+                e->callback(e->callback_opaque, e->data);
             s->cur_offset = 0;
         }
     }