diff mbox

hw/ide: fix a writing to null pointer exception

Message ID BLU436-SMTP18383289290DAB1921B097CDB050@phx.gbl
State New
Headers show

Commit Message

chaojianhu Aug. 2, 2016, 12:15 p.m. UTC 
From: chaojianhu <chaojianhu@hotmail.com>
Date: Tue, 2 Aug 2016 17:39:16 +0800
Subject: [PATCH] hw/ide: fix a writing to null pointer exception

In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
and ide_flush_cb calls bdrv_acct_done without checking s->bs neither. Finally, 
bdrv_acct_done writes s->bs directly!

Reported-by: chaojianhu <chaojianhu@hotmail.com>
Signed-off-by: chaojianhu <chaojianhu@hotmail.com>

---
 hw/ide/core.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
diff mbox

Patch

diff --git a/hw/ide/core.c b/hw/ide/core.c
index fa4cafa..c39eedc 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -839,7 +839,9 @@  static void ide_flush_cb(void *opaque, int ret)
         }
     }
 
-    bdrv_acct_done(s->bs, &s->acct);
+    if (s->bs){
+        bdrv_acct_done(s->bs, &s->acct);
+    }
     s->status = READY_STAT | SEEK_STAT;
     ide_async_cmd_done(s);
     ide_set_irq(s->bus);