From patchwork Tue Aug  3 12:59:50 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [REPOST] Don't call fw_cfg e->callback if e->callback is NULL.
Date: Tue, 03 Aug 2010 02:59:50 -0000
From: "Richard W.M. Jones" <rjones@redhat.com>
X-Patchwork-Id: 60734
Message-Id: <20100803125950.GB22211@amd.home.annexia.org>
To: qemu-devel@nongnu.org

This is just a plain and obvious bug in fw_cfg.  It's not currently
hit because there are no writable entries in fw_cfg at the moment, but
as soon as you add one, you hit this segfault.

Rich.


diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index 72866ae..37e6f1f 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -65,7 +65,8 @@ static void fw_cfg_write(FWCfgState *s, uint8_t value)
     if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {
         e->data[s->cur_offset++] = value;
         if (s->cur_offset == e->len) {
-            e->callback(e->callback_opaque, e->data);
+            if (e->callback)
+                e->callback(e->callback_opaque, e->data);
             s->cur_offset = 0;
         }
     }