summary refs log tree commit diff stats
path: root/hw/qxl-render.c
diff options
context:
space:
mode:
authorAlon Levy <alevy@redhat.com>2012-04-25 12:13:18 +0300
committerGerd Hoffmann <kraxel@redhat.com>2012-05-03 10:45:04 +0200
commitfae2afb10e3fdceab612c62a2b1e8b944ff578d9 (patch)
tree5bc1cd441b96389182b760df8d89fc9e03297325 /hw/qxl-render.c
parent4b635c59b04cae594f49d9aa45d31b3f318def8f (diff)
downloadfocaccia-qemu-fae2afb10e3fdceab612c62a2b1e8b944ff578d9.tar.gz
focaccia-qemu-fae2afb10e3fdceab612c62a2b1e8b944ff578d9.zip
qxl: check for NULL return from qxl_phys2virt
Signed-off-by: Alon Levy <alevy@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/qxl-render.c')
-rw-r--r--hw/qxl-render.c14
1 files changed, 11 insertions, 3 deletions
diff --git a/hw/qxl-render.c b/hw/qxl-render.c
index f7f1bfda04..e2e3fe2d37 100644
--- a/hw/qxl-render.c
+++ b/hw/qxl-render.c
@@ -228,14 +228,18 @@ fail:
 
 
 /* called from spice server thread context only */
-void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
+int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
 {
     QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
     QXLCursor *cursor;
     QEMUCursor *c;
 
+    if (!cmd) {
+        return 1;
+    }
+
     if (!qxl->ssd.ds->mouse_set || !qxl->ssd.ds->cursor_define) {
-        return;
+        return 0;
     }
 
     if (qxl->debug > 1 && cmd->type != QXL_CURSOR_MOVE) {
@@ -246,9 +250,12 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
     switch (cmd->type) {
     case QXL_CURSOR_SET:
         cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
+        if (!cursor) {
+            return 1;
+        }
         if (cursor->chunk.data_size != cursor->data_size) {
             fprintf(stderr, "%s: multiple chunks\n", __FUNCTION__);
-            return;
+            return 1;
         }
         c = qxl_cursor(qxl, cursor);
         if (c == NULL) {
@@ -270,4 +277,5 @@ void qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
         qemu_mutex_unlock(&qxl->ssd.lock);
         break;
     }
+    return 0;
 }