diff options
| author | Alon Levy <alevy@redhat.com> | 2012-04-25 12:13:18 +0300 |
|---|---|---|
| committer | Gerd Hoffmann <kraxel@redhat.com> | 2012-05-03 10:45:04 +0200 |
| commit | fae2afb10e3fdceab612c62a2b1e8b944ff578d9 (patch) | |
| tree | 5bc1cd441b96389182b760df8d89fc9e03297325 /hw/qxl.c | |
| parent | 4b635c59b04cae594f49d9aa45d31b3f318def8f (diff) | |
| download | focaccia-qemu-fae2afb10e3fdceab612c62a2b1e8b944ff578d9.tar.gz focaccia-qemu-fae2afb10e3fdceab612c62a2b1e8b944ff578d9.zip | |
qxl: check for NULL return from qxl_phys2virt
Signed-off-by: Alon Levy <alevy@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/qxl.c')
| -rw-r--r-- | hw/qxl.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/hw/qxl.c b/hw/qxl.c index 9e8cdf3221..b6a738eb17 100644 --- a/hw/qxl.c +++ b/hw/qxl.c @@ -383,12 +383,16 @@ static void qxl_ring_set_dirty(PCIQXLDevice *qxl) * keep track of some command state, for savevm/loadvm. * called from spice server thread context only */ -static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) +static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) { switch (le32_to_cpu(ext->cmd.type)) { case QXL_CMD_SURFACE: { QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + + if (!cmd) { + return 1; + } uint32_t id = le32_to_cpu(cmd->surface_id); PANIC_ON(id >= NUM_SURFACES); qemu_mutex_lock(&qxl->track_lock); @@ -408,6 +412,10 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) case QXL_CMD_CURSOR: { QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id); + + if (!cmd) { + return 1; + } if (cmd->type == QXL_CURSOR_SET) { qemu_mutex_lock(&qxl->track_lock); qxl->guest_cursor = ext->cmd.data; @@ -416,6 +424,7 @@ static void qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext) break; } } + return 0; } /* spice display interface callbacks */ @@ -1568,10 +1577,12 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl) cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i], MEMSLOT_GROUP_GUEST); + assert(cmd); assert(cmd->type == QXL_SURFACE_CMD_CREATE); surface_offset = (intptr_t)qxl_phys2virt(qxl, cmd->u.surface_create.data, MEMSLOT_GROUP_GUEST); + assert(surface_offset); surface_offset -= vram_start; surface_size = cmd->u.surface_create.height * abs(cmd->u.surface_create.stride); |