Commit cf7f42b2 authored May 14, 2020 by Prasad J Pandit Committed by zhanghailiang Jul 23, 2020

megasas: avoid NULL pointer dereference



While in megasas_handle_frame(), megasas_enqueue_frame() may
set a NULL frame into MegasasCmd object for a given 'frame_addr'
address. Add check to avoid a NULL pointer dereference issue.

Reported-by: Alexander Bulekov <alxndr@bu.edu>
Fixes: https://bugs.launchpad.net/qemu/+bug/1878259


Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20200513192540.1583887-3-ppandit@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

parent e081fb10

hw/scsi/megasas.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -503,7 +503,7 @@ static MegasasCmd megasas_enqueue_frame(MegasasState s,
		cmd->pa = frame;
		/* Map all possible frames */
		cmd->frame = pci_dma_map(pcid, frame, &frame_size_p, 0);
		if (frame_size_p != frame_size) {
		if (!cmd->frame \|\| frame_size_p != frame_size) {
		trace_megasas_qf_map_failed(cmd->index, (unsigned long)frame);
		if (cmd->frame) {
		megasas_unmap_frame(s, cmd);