Stefan Weil <s...@weilnetz.de> writes:
> Am 17.08.2012 16:10, schrieb Jan Kiszka:
>> On 2012-08-17 15:50, Stefan Weil wrote:
>>
>>> ccc-analyzer reports this warning:
>>>
>>> console.c:1090:29: warning: Dereference of null pointer
>>> if (active_console->cursor_timer) {
>>> ^
>>>
>>> Function console_select allows active_console to be NULL,
>>> but would crash when accessing cursor_timer. Fix this.
>>>
>>> Signed-off-by: Stefan Weil<s...@weilnetz.de>
>>> ---
>>>
>>> Please note that I don't have a test case which triggers the crash.
>>>
>>> Regards,
>>> Stefan Weil
>>>
>>> console.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/console.c b/console.c
>>> index 4525cc7..f5e8814 100644
>>> --- a/console.c
>>> +++ b/console.c
>>> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index)
>>> if (s) {
>>> DisplayState *ds = s->ds;
>>>
>>> - if (active_console->cursor_timer) {
>>> + if (active_console&& active_console->cursor_timer) {
>>> qemu_del_timer(active_console->cursor_timer);
>>> }
>>> active_console = s;
>>>
>>>
>> The only path that could trigger this is console_select() in the absence
>> of any console. Not sure if that is possible, but the above is surely
>> consistent with existing code.
>>
>> Reviewed-by: Jan Kiszka<jan.kis...@siemens.com>
>>
>> Jan
>>
>>
>
>
> Ping? It's still missing in QEMU 1.2.
It'll need to wait for 1.3 to open up. I missed it for 1.2-rc2 and at
this point, I don't want to commit anything other than actual bug fixes.
Regards,
Anthony Liguori
