[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 24/46] esp: check for NULL result from scsi_device_find()
From: |
Paolo Bonzini |
Subject: |
[PULL 24/46] esp: check for NULL result from scsi_device_find() |
Date: |
Sun, 31 Dec 2023 09:44:40 +0100 |
From: Alexandra Diupina <adiupina@astralinux.ru>
Add a 'current_lun' check for a null value
to avoid null pointer dereferencing and
recover host if NULL return
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 4eb8606560 (esp: store lun coming from the MESSAGE OUT phase)
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Message-ID: <20231229152647.19699-1-adiupina@astralinux.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
hw/scsi/esp.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 9b11d8c5738..d2cae79194c 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -292,6 +292,15 @@ static void do_command_phase(ESPState *s)
esp_fifo_pop_buf(&s->cmdfifo, buf, cmdlen);
current_lun = scsi_device_find(&s->bus, 0, s->current_dev->id, s->lun);
+ if (!current_lun) {
+ /* No such drive */
+ s->rregs[ESP_RSTAT] = 0;
+ s->rregs[ESP_RINTR] = INTR_DC;
+ s->rregs[ESP_RSEQ] = SEQ_0;
+ esp_raise_irq(s);
+ return;
+ }
+
s->current_req = scsi_req_new(current_lun, 0, s->lun, buf, cmdlen, s);
datalen = scsi_req_enqueue(s->current_req);
s->ti_size = datalen;
--
2.43.0
- [PULL 20/46] target/i386: adjust decoding of J operand, (continued)
- [PULL 20/46] target/i386: adjust decoding of J operand, Paolo Bonzini, 2023/12/31
- [PULL 34/46] meson: move accelerator dependency checks together, Paolo Bonzini, 2023/12/31
- [PULL 29/46] configure: remove unnecessary subshell, Paolo Bonzini, 2023/12/31
- [PULL 28/46] Makefile: clean qemu-iotests output, Paolo Bonzini, 2023/12/31
- [PULL 38/46] meson: move subdirs to "Collect sources" section, Paolo Bonzini, 2023/12/31
- [PULL 22/46] target/i386: implement CMPccXADD, Paolo Bonzini, 2023/12/31
- [PULL 25/46] meson: fix type of "relocatable" option, Paolo Bonzini, 2023/12/31
- [PULL 31/46] meson: add more sections to main meson.build, Paolo Bonzini, 2023/12/31
- [PULL 32/46] meson: move program checks together, Paolo Bonzini, 2023/12/31
- [PULL 23/46] target/i386: the sgx_epc_get_section stub is reachable, Paolo Bonzini, 2023/12/31
- [PULL 24/46] esp: check for NULL result from scsi_device_find(),
Paolo Bonzini <=
- [PULL 39/46] meson: always probe u2f and canokey if the option is enabled, Paolo Bonzini, 2023/12/31
- [PULL 33/46] meson: move option validation together, Paolo Bonzini, 2023/12/31
- [PULL 27/46] meson: use version_compare() to compare version, Paolo Bonzini, 2023/12/31
- [PULL 30/46] configure: unify again the case arms in probe_target_compiler, Paolo Bonzini, 2023/12/31
- [PULL 44/46] meson: rename config_all, Paolo Bonzini, 2023/12/31
- [PULL 43/46] meson: remove CONFIG_ALL, Paolo Bonzini, 2023/12/31
- [PULL 45/46] configure, meson: rename targetos to host_os, Paolo Bonzini, 2023/12/31
- [PULL 26/46] meson: remove unused variable, Paolo Bonzini, 2023/12/31
- [PULL 37/46] meson: move config-host.h definitions together, Paolo Bonzini, 2023/12/31
- [PULL 40/46] meson: remove OS definitions from config_targetos, Paolo Bonzini, 2023/12/31