bochs_display_realize() rejects out-of-range vgamem. The error
handling is broken:
$ qemu-system-x86_64 -S -display none -monitor stdio
QEMU 4.2.93 monitor - type 'help' for more information
(qemu) device_add bochs-display,vgamem=1
Error: bochs-display: video memory too small
(qemu) device_add bochs-display,vgamem=1
RAMBlock "0000:00:04.0/bochs-display-vram" already registered, abort!
Aborted (core dumped)
Cause: bochs_display_realize() neglects to bail out after setting the
error. Fix that.
Fixes: 765c94290863eef1fc4a67819d452cc13b7854a1
Cc: Gerd Hoffmann <address@hidden>
Signed-off-by: Markus Armbruster <address@hidden>
---
hw/display/bochs-display.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c
index 70eb619ef4..e763a0a72d 100644
--- a/hw/display/bochs-display.c
+++ b/hw/display/bochs-display.c
@@ -267,16 +267,18 @@ static void bochs_display_realize(PCIDevice *dev, Error
**errp)
Object *obj = OBJECT(dev);
int ret;
- s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s);
-
if (s->vgamem < 4 * MiB) {
error_setg(errp, "bochs-display: video memory too small");
+ return;
}
if (s->vgamem > 256 * MiB) {
error_setg(errp, "bochs-display: video memory too big");
+ return;
}
s->vgamem = pow2ceil(s->vgamem);
+ s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s);
+
memory_region_init_ram(&s->vram, obj, "bochs-display-vram", s->vgamem,
&error_fatal);
memory_region_init_io(&s->vbe, obj, &bochs_display_vbe_ops, s,