Avoid a crash if the guest combines FW_CFG_WRITE_CHANNEL with
a wrong value.
Signed-off-by: Blue Swirl <blauwir...@gmail.com>
---
hw/fw_cfg.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/hw/fw_cfg.c b/hw/fw_cfg.c
index 663ad80..8df265c 100644
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -214,7 +214,8 @@ static void fw_cfg_write(FWCfgState *s, uint8_t value)
FW_CFG_DPRINTF("write %d\n", value);
- if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {
+ if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
+ s->cur_offset < e->len) {
e->data[s->cur_offset++] = value;
if (s->cur_offset == e->len) {
e->callback(e->callback_opaque, e->data);
--
1.6.2.4
