On 29/5/24 13:07, Oleg Sviridov wrote:
Pointer, returned from function 'spapr_vio_find_by_reg', may be NULL and is
dereferenced immediately after.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Oleg Sviridov <oleg.sviri...@red-soft.ru>
---
hw/net/spapr_llan.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index ecb30b7c76..f40b733229 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -770,6 +770,10 @@ static target_ulong h_change_logical_lan_mac(PowerPCCPU
*cpu,
SpaprVioVlan *dev = VIO_SPAPR_VLAN_DEVICE(sdev);
int i;
Trying to change a MAC when no NIC is present is dubious, we could
at least report this using qemu_log_mask(LOG_GUEST_ERROR).
+ if (!dev) {
+ return H_PARAMETER;
+ }
+
for (i = 0; i < ETH_ALEN; i++) {
dev->nicconf.macaddr.a[ETH_ALEN - i - 1] = macaddr & 0xff;
macaddr >>= 8;