david.venhoff/QEMU-Nyx-fork
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

esp: cancel current request only if some request is in flight

Browse Source 
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.

This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.

Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This commit is contained in:
Hervé Poussineau 2011-07-09 16:44:41 +02:00 committed by Blue Swirl
parent f5fc40bb81
commit 429bef6912
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hw/esp.c
View File

@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
s->ti_rptr = 0; s->ti_rptr = 0;
s->ti_wptr = 0; s->ti_wptr = 0;
if (s->current_dev) { if (s->current_req) {
/* Started a new command before the old one finished. Cancel it. */ /* Started a new command before the old one finished. Cancel it. */
scsi_req_cancel(s->current_req); scsi_req_cancel(s->current_req);
s->async_len = 0; s->async_len = 0;