Re: [Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight
Thanks, applied.
2011/7/9 Hervé Poussineau hpous...@reactos.org:
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau hpous...@reactos.org
---
Changes since v1:
- better commit message
hw/esp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/esp.c b/hw/esp.c
index 8e95672..aa50800 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
s-ti_rptr = 0;
s-ti_wptr = 0;
- if (s-current_dev) {
+ if (s-current_req) {
/* Started a new command before the old one finished. Cancel it. */
scsi_req_cancel(s-current_req);
s-async_len = 0;
--
1.7.5.4
[Qemu-devel] [PATCH v2] esp: cancel current request only if some request is in flight
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau hpous...@reactos.org
---
Changes since v1:
- better commit message
hw/esp.c |2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/hw/esp.c b/hw/esp.c
index 8e95672..aa50800 100644
--- a/hw/esp.c
+++ b/hw/esp.c
@@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
s-ti_rptr = 0;
s-ti_wptr = 0;
-if (s-current_dev) {
+if (s-current_req) {
/* Started a new command before the old one finished. Cancel it. */
scsi_req_cancel(s-current_req);
s-async_len = 0;
--
1.7.5.4
