Message ID | 1345211444-5002-1-git-send-email-sw@weilnetz.de |
---|---|
State | Accepted |
Headers | show |
On 2012-08-17 15:50, Stefan Weil wrote: > ccc-analyzer reports this warning: > > console.c:1090:29: warning: Dereference of null pointer > if (active_console->cursor_timer) { > ^ > > Function console_select allows active_console to be NULL, > but would crash when accessing cursor_timer. Fix this. > > Signed-off-by: Stefan Weil <sw@weilnetz.de> > --- > > Please note that I don't have a test case which triggers the crash. > > Regards, > Stefan Weil > > console.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/console.c b/console.c > index 4525cc7..f5e8814 100644 > --- a/console.c > +++ b/console.c > @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) > if (s) { > DisplayState *ds = s->ds; > > - if (active_console->cursor_timer) { > + if (active_console && active_console->cursor_timer) { > qemu_del_timer(active_console->cursor_timer); > } > active_console = s; > The only path that could trigger this is console_select() in the absence of any console. Not sure if that is possible, but the above is surely consistent with existing code. Reviewed-by: Jan Kiszka <jan.kiszka@siemens.com> Jan
Am 17.08.2012 16:10, schrieb Jan Kiszka: > On 2012-08-17 15:50, Stefan Weil wrote: > >> ccc-analyzer reports this warning: >> >> console.c:1090:29: warning: Dereference of null pointer >> if (active_console->cursor_timer) { >> ^ >> >> Function console_select allows active_console to be NULL, >> but would crash when accessing cursor_timer. Fix this. >> >> Signed-off-by: Stefan Weil<sw@weilnetz.de> >> --- >> >> Please note that I don't have a test case which triggers the crash. >> >> Regards, >> Stefan Weil >> >> console.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/console.c b/console.c >> index 4525cc7..f5e8814 100644 >> --- a/console.c >> +++ b/console.c >> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) >> if (s) { >> DisplayState *ds = s->ds; >> >> - if (active_console->cursor_timer) { >> + if (active_console&& active_console->cursor_timer) { >> qemu_del_timer(active_console->cursor_timer); >> } >> active_console = s; >> >> > The only path that could trigger this is console_select() in the absence > of any console. Not sure if that is possible, but the above is surely > consistent with existing code. > > Reviewed-by: Jan Kiszka<jan.kiszka@siemens.com> > > Jan > > Ping? It's still missing in QEMU 1.2.
Stefan Weil <sw@weilnetz.de> writes: > Am 17.08.2012 16:10, schrieb Jan Kiszka: >> On 2012-08-17 15:50, Stefan Weil wrote: >> >>> ccc-analyzer reports this warning: >>> >>> console.c:1090:29: warning: Dereference of null pointer >>> if (active_console->cursor_timer) { >>> ^ >>> >>> Function console_select allows active_console to be NULL, >>> but would crash when accessing cursor_timer. Fix this. >>> >>> Signed-off-by: Stefan Weil<sw@weilnetz.de> >>> --- >>> >>> Please note that I don't have a test case which triggers the crash. >>> >>> Regards, >>> Stefan Weil >>> >>> console.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/console.c b/console.c >>> index 4525cc7..f5e8814 100644 >>> --- a/console.c >>> +++ b/console.c >>> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) >>> if (s) { >>> DisplayState *ds = s->ds; >>> >>> - if (active_console->cursor_timer) { >>> + if (active_console&& active_console->cursor_timer) { >>> qemu_del_timer(active_console->cursor_timer); >>> } >>> active_console = s; >>> >>> >> The only path that could trigger this is console_select() in the absence >> of any console. Not sure if that is possible, but the above is surely >> consistent with existing code. >> >> Reviewed-by: Jan Kiszka<jan.kiszka@siemens.com> >> >> Jan >> >> > > > Ping? It's still missing in QEMU 1.2. It'll need to wait for 1.3 to open up. I missed it for 1.2-rc2 and at this point, I don't want to commit anything other than actual bug fixes. Regards, Anthony Liguori
diff --git a/console.c b/console.c index 4525cc7..f5e8814 100644 --- a/console.c +++ b/console.c @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) if (s) { DisplayState *ds = s->ds; - if (active_console->cursor_timer) { + if (active_console && active_console->cursor_timer) { qemu_del_timer(active_console->cursor_timer); } active_console = s;
ccc-analyzer reports this warning: console.c:1090:29: warning: Dereference of null pointer if (active_console->cursor_timer) { ^ Function console_select allows active_console to be NULL, but would crash when accessing cursor_timer. Fix this. Signed-off-by: Stefan Weil <sw@weilnetz.de> --- Please note that I don't have a test case which triggers the crash. Regards, Stefan Weil console.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)