On (Mon) 17 Dec 2012 [18:23:53], Markus Armbruster wrote:
> >> However, it now worries find_port_by_id() in remove_port() could return
> >> a null pointer, which is then dereferenced. No idea why it didn't
> >> report that before. Obvious suppressor:
> >>
> >> diff --git a/hw/virtio-serial-bus.c b/hw/virtio-serial-bus.c
> >> index 47d0481..7ff7505 100644
> >> --- a/hw/virtio-serial-bus.c
> >> +++ b/hw/virtio-serial-bus.c
> >> @@ -826,6 +826,7 @@ static void remove_port(VirtIOSerial *vser,
> >> uint32_t port_id)
> >> vser->ports_map[i] &= ~(1U << (port_id % 32));
> >>
> >> port = find_port_by_id(vser, port_id);
> >> + assert(port);
> >> /* Flush out any unconsumed buffers first */
> >> discard_vq_data(port->ovq, &port->vser->vdev);
> >
> > remove_port() is called by the hot-unplug qdev callback, and if the
> > port's missing from our tailq, something's gone wrong anyway. So this
> > patch makes sense too.
>
> Will you take care of that, or do you want me to post the patch?
I was going to, but if you want to, go ahead -- you already have the
patch ready :)
Amit
