On 2012-08-17 15:50, Stefan Weil wrote:
> ccc-analyzer reports this warning:
>
> console.c:1090:29: warning: Dereference of null pointer
> if (active_console->cursor_timer) {
> ^
>
> Function console_select allows active_console to be NULL,
> but would crash when accessing cursor_timer. Fix this.
>
> Signed-off-by: Stefan Weil <s...@weilnetz.de>
> ---
>
> Please note that I don't have a test case which triggers the crash.
>
> Regards,
> Stefan Weil
>
> console.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/console.c b/console.c
> index 4525cc7..f5e8814 100644
> --- a/console.c
> +++ b/console.c
> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index)
> if (s) {
> DisplayState *ds = s->ds;
>
> - if (active_console->cursor_timer) {
> + if (active_console && active_console->cursor_timer) {
> qemu_del_timer(active_console->cursor_timer);
> }
> active_console = s;
>
The only path that could trigger this is console_select() in the absence
of any console. Not sure if that is possible, but the above is surely
consistent with existing code.
Reviewed-by: Jan Kiszka <jan.kis...@siemens.com>
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SDP-DE
Corporate Competence Center Embedded Linux
