On 2012-08-17 15:50, Stefan Weil wrote: > ccc-analyzer reports this warning: > > console.c:1090:29: warning: Dereference of null pointer > if (active_console->cursor_timer) { > ^ > > Function console_select allows active_console to be NULL, > but would crash when accessing cursor_timer. Fix this. > > Signed-off-by: Stefan Weil <s...@weilnetz.de> > --- > > Please note that I don't have a test case which triggers the crash. > > Regards, > Stefan Weil > > console.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/console.c b/console.c > index 4525cc7..f5e8814 100644 > --- a/console.c > +++ b/console.c > @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) > if (s) { > DisplayState *ds = s->ds; > > - if (active_console->cursor_timer) { > + if (active_console && active_console->cursor_timer) { > qemu_del_timer(active_console->cursor_timer); > } > active_console = s; >
The only path that could trigger this is console_select() in the absence of any console. Not sure if that is possible, but the above is surely consistent with existing code. Reviewed-by: Jan Kiszka <jan.kis...@siemens.com> Jan -- Siemens AG, Corporate Technology, CT RTC ITP SDP-DE Corporate Competence Center Embedded Linux