The code dereferences s->current before checking if it is NULL. Moved the null check before the dereference to prevent potential crashes.
This issue could occur if s->current is NULL when the function reaches the "Host adapter (re)connected" path, though this should not normally happen during correct operation. As suggested by: GuoHan Zhao <[email protected]> Improved upon by: Soumyajyotii Ssarkar <[email protected]> Reported-by: Stefan Hajnoczi <[email protected]> and GuoHan Zhao <[email protected]> Signed-off-by: Soumyajyotii Ssarkar <[email protected]> --- hw/scsi/ncr53c710.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c index b3d4593b72..871f76c2a2 100644 --- a/hw/scsi/ncr53c710.c +++ b/hw/scsi/ncr53c710.c @@ -835,12 +835,11 @@ void ncr710_transfer_data(SCSIRequest *req, uint32_t len) } /* Host adapter (re)connected */ - s->current->dma_len = len; s->command_complete = NCR710_CMD_DATA_READY; - if (!s->current) { return; } + s->current->dma_len = len; if (s->waiting) { s->scntl1 |= NCR710_SCNTL1_CON; -- 2.49.0
