On 5/12/26 02:38, Peter Maydell wrote:
In gicv5_set_handling(), if the guest tried to set the handling mode on a nonexistent SPI then we print a GUEST_ERROR log message. However, we forgot to then return, so execution continues into a NULL pointer dereference.Add the missing "return", bringing the code structure in to line with the equivalent parts in other functions like gicv5_set_pending() and gicv5_set_target(). CID: 1659596 Fixes: 5beb48ab53d ("hw/intc/arm_gicv5: Make gicv5_set_* update SPI state") Signed-off-by: Peter Maydell <[email protected]> --- hw/intc/arm_gicv5.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/intc/arm_gicv5.c b/hw/intc/arm_gicv5.c index 7ad274e369..6b1dd04991 100644 --- a/hw/intc/arm_gicv5.c +++ b/hw/intc/arm_gicv5.c @@ -926,6 +926,7 @@ void gicv5_set_handling(GICv5Common *cs, uint32_t id, if (!spi) { qemu_log_mask(LOG_GUEST_ERROR, "gicv5_set_handling: tried to set " "priority of unreachable SPI %d\n", id); + return; }spi->hm = handling;
Reviewed-by: Richard Henderson <[email protected]> r~
