usb-storage: fix NULL pointer dereference.

When a usb packet is canceled we need to check whenever we actually have a scsi request in flight before we try to cancel it. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
author: Gerd Hoffmann <kraxel@redhat.com> 2011-09-02 13:05:13 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2011-10-13 12:58:51 +0200
commit: d3ac1a87b228bcd231d19acf1ebe9844b7639237 (patch)
tree: 3cd7bb2ccfcb393e604f29ce3f0b393bb6b8b3fc
parent: ebffe2afceb1a17b5d134b5debf553955fe5ea1a (diff)
download: focaccia-qemu-d3ac1a87b228bcd231d19acf1ebe9844b7639237.tar.gz
focaccia-qemu-d3ac1a87b228bcd231d19acf1ebe9844b7639237.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/hw/usb-msd.c b/hw/usb-msd.c
index e92434cc94..08d2d2ac77 100644
--- a/hw/usb-msd.c
+++ b/hw/usb-msd.c
@@ -325,7 +325,10 @@ static int usb_msd_handle_control(USBDevice *dev, USBPacket *p,
 static void usb_msd_cancel_io(USBDevice *dev, USBPacket *p)
 {
     MSDState *s = DO_UPCAST(MSDState, dev, dev);
-    scsi_req_cancel(s->req);
+
+    if (s->req) {
+        scsi_req_cancel(s->req);
+    }
 }
 
 static int usb_msd_handle_data(USBDevice *dev, USBPacket *p)
author	Gerd Hoffmann <kraxel@redhat.com>	2011-09-02 13:05:13 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2011-10-13 12:58:51 +0200
commit	d3ac1a87b228bcd231d19acf1ebe9844b7639237 (patch)
tree	3cd7bb2ccfcb393e604f29ce3f0b393bb6b8b3fc
parent	ebffe2afceb1a17b5d134b5debf553955fe5ea1a (diff)
download	focaccia-qemu-d3ac1a87b228bcd231d19acf1ebe9844b7639237.tar.gz focaccia-qemu-d3ac1a87b228bcd231d19acf1ebe9844b7639237.zip