qemu_console_is_multihead() declares the console "c" a "multihead" console if there are two different consoles in the system that (a) both reference "c->device", and (b) have different "c->head" numbers. In effect, if at least two consoles exist that are different heads of the same device that underlies "c".
Commit 58d5870845c6 ("ui/console: move graphic fields to QemuGraphicConsole", 2023-09-04) pushed the "device" and "head" members from the QemuConsole base class down to the QemuGraphicConsole subclass, adjusting the referring QOM properties accordingly as well. As a result, the "device" property lookup in qemu_console_is_multihead() now crashes, in case the candidate console being investigated for criterion (a) is not a QemuGraphicConsole instance: > Unexpected error in object_property_find_err() at qom/object.c:1314: > qemu: Property 'qemu-fixed-text-console.device' not found > Aborted (core dumped) This is effectively an unchecked downcast. Make it checked: only consider such console candidates that are themselves QemuGraphicConsole instances. Cc: "Marc-André Lureau" <marcandre.lur...@redhat.com> (odd fixer:Graphics) Cc: Gerd Hoffmann <kra...@redhat.com> (odd fixer:Graphics) Fixes: 58d5870845c6 Signed-off-by: Laszlo Ersek <ler...@redhat.com> --- ui/console.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ui/console.c b/ui/console.c index adacc3473140..2ee65207b430 100644 --- a/ui/console.c +++ b/ui/console.c @@ -2373,6 +2373,9 @@ static bool qemu_console_is_multihead(DeviceState *dev) uint32_t h; QTAILQ_FOREACH(con, &consoles, next) { + if (!QEMU_IS_GRAPHIC_CONSOLE(con)) { + continue; + } obj = object_property_get_link(OBJECT(con), "device", &error_abort); if (DEVICE(obj) != dev) {