diff options
author | Hervé Poussineau <hpoussin@reactos.org> | 2011-07-09 16:44:41 +0200 |
---|---|---|
committer | Blue Swirl <blauwirbel@gmail.com> | 2011-07-12 21:29:39 +0000 |
commit | 429bef6912bd3d504593b9aefdbcb39e981d387e (patch) | |
tree | 9dc0f51af1225be4cacaf1560769d9f91cfca256 /hw | |
parent | f5fc40bb8133849618e0d05adc798c5f07f7b17f (diff) | |
download | qemu-429bef6912bd3d504593b9aefdbcb39e981d387e.zip qemu-429bef6912bd3d504593b9aefdbcb39e981d387e.tar.gz qemu-429bef6912bd3d504593b9aefdbcb39e981d387e.tar.bz2 |
esp: cancel current request only if some request is in flight
This bug was introduced in 94d3f98a3f3caddd7875f9a11776daeb84962a7b:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Diffstat (limited to 'hw')
-rw-r--r-- | hw/esp.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf) s->ti_rptr = 0; s->ti_wptr = 0; - if (s->current_dev) { + if (s->current_req) { /* Started a new command before the old one finished. Cancel it. */ scsi_req_cancel(s->current_req); s->async_len = 0; |