From: Prasad J Pandit <p...@fedoraproject.org>
When processing completed commands, if SCSIRequest object
'cmd->req' was null, it could lead to null pointer dereference
in megasas_complete_command. Add check to avoid it.
Reported-by: Zhangyanyu <zyy4...@stu.ouc.edu.cn>
Signed-off-by: Prasad J Pandit <p...@fedoraproject.org>
---
hw/scsi/megasas.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index 84b8caf..25e3541 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -580,9 +580,11 @@ static void megasas_complete_command(MegasasCmd *cmd)
cmd->iov_size = 0;
cmd->iov_offset = 0;
- cmd->req->hba_private = NULL;
- scsi_req_unref(cmd->req);
- cmd->req = NULL;
+ if (cmd->req) {
+ cmd->req->hba_private = NULL;
+ scsi_req_unref(cmd->req);
+ cmd->req = NULL;
+ }
megasas_unmap_frame(cmd->state, cmd);
megasas_complete_frame(cmd->state, cmd->context);
--
2.9.3
