memory_device_get_free_addr() dereferences @errp when
memory_device_check_addable() fails. That's wrong; see the big
comment in error.h. Introduced in commit 1b6d6af21b "pc-dimm: factor
out capacity and slot checks into MemoryDevice".
No caller actually passes null.
Fix anyway: splice in a local Error *err, and error_propagate().
Cc: David Hildenbrand <da...@redhat.com>
Signed-off-by: Markus Armbruster <arm...@redhat.com>
Reviewed-by: David Hildenbrand <da...@redhat.com>
Message-Id: <20191204093625.14836-11-arm...@redhat.com>
---
hw/mem/memory-device.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/hw/mem/memory-device.c b/hw/mem/memory-device.c
index aef148c1d7..4bc9cf0917 100644
--- a/hw/mem/memory-device.c
+++ b/hw/mem/memory-device.c
@@ -99,6 +99,7 @@ static uint64_t memory_device_get_free_addr(MachineState *ms,
uint64_t align, uint64_t size,
Error **errp)
{
+ Error *err = NULL;
GSList *list = NULL, *item;
Range as, new = range_empty;
@@ -123,8 +124,9 @@ static uint64_t memory_device_get_free_addr(MachineState
*ms,
return 0;
}
- memory_device_check_addable(ms, size, errp);
- if (*errp) {
+ memory_device_check_addable(ms, size, &err);
+ if (err) {
+ error_propagate(errp, err);
return 0;
}
--
2.21.0
