On 07/31/13 11:10, Gerd Hoffmann wrote:
> Guest trying to reset a endpoint of a disconnected device resulted in
> xhci trying to dereference uport while being NULL, thereby crashing
> qemu. Fix that by adding a check. Drop unused dev variable while
> touching that code bit.
>
> Cc: qemu-sta...@nongnu.org
> Signed-off-by: Gerd Hoffmann <kra...@redhat.com>
> ---
> hw/usb/hcd-xhci.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
> index a4cb13a..a922cb4 100644
> --- a/hw/usb/hcd-xhci.c
> +++ b/hw/usb/hcd-xhci.c
> @@ -1443,7 +1443,6 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned
> int slotid,
> {
> XHCISlot *slot;
> XHCIEPContext *epctx;
> - USBDevice *dev;
>
> trace_usb_xhci_ep_reset(slotid, epid);
> assert(slotid >= 1 && slotid <= xhci->numslots);
> @@ -1479,8 +1478,8 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned
> int slotid,
> ep |= 0x80;
> }
>
> - dev = xhci->slots[slotid-1].uport->dev;
> - if (!dev) {
> + if (!xhci->slots[slotid-1].uport ||
> + !xhci->slots[slotid-1].uport->dev) {
> return CC_USB_TRANSACTION_ERROR;
> }
>
>
Reviewed-by: Laszlo Ersek <ler...@redhat.com>
