From d53cdb307a6f6d7a5136898902659f2ded8f6582 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Wed, 15 Feb 2012 11:46:11 +0100 Subject: ide: fail I/O to empty disk Requesting a read or a write operation on an empty disk can lead to QEMU dumping core. Also fix a few braces here and there. Signed-off-by: Paolo Bonzini Reviewed-by: Stefan Hajnoczi Signed-off-by: Kevin Wolf --- hw/ide/core.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'hw/ide') diff --git a/hw/ide/core.c b/hw/ide/core.c index ce570a7..4d568ac 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -1068,6 +1068,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) ide_set_signature(s); /* odd, but ATA4 8.27.5.2 requires it */ goto abort_cmd; } + if (!s->bs) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->req_nb_sectors = 1; ide_sector_read(s); @@ -1078,6 +1081,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) case WIN_WRITE_ONCE: case CFA_WRITE_SECT_WO_ERASE: case WIN_WRITE_VERIFY: + if (!s->bs) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->error = 0; s->status = SEEK_STAT | READY_STAT; @@ -1088,8 +1094,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) case WIN_MULTREAD_EXT: lba48 = 1; case WIN_MULTREAD: - if (!s->mult_sectors) + if (!s->bs) { goto abort_cmd; + } + if (!s->mult_sectors) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->req_nb_sectors = s->mult_sectors; ide_sector_read(s); @@ -1098,8 +1108,12 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_MULTWRITE: case CFA_WRITE_MULTI_WO_ERASE: - if (!s->mult_sectors) + if (!s->bs) { goto abort_cmd; + } + if (!s->mult_sectors) { + goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); s->error = 0; s->status = SEEK_STAT | READY_STAT; @@ -1114,8 +1128,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_READDMA: case WIN_READDMA_ONCE: - if (!s->bs) + if (!s->bs) { goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); ide_sector_start_dma(s, IDE_DMA_READ); break; @@ -1123,8 +1138,9 @@ void ide_exec_cmd(IDEBus *bus, uint32_t val) lba48 = 1; case WIN_WRITEDMA: case WIN_WRITEDMA_ONCE: - if (!s->bs) + if (!s->bs) { goto abort_cmd; + } ide_cmd_lba48_transform(s, lba48); ide_sector_start_dma(s, IDE_DMA_WRITE); s->media_changed = 1; -- cgit v1.1