mirror of
https://gitlab.com/qemu-project/qemu
synced 2024-10-15 23:43:55 +00:00
esp: cancel current request only if some request is in flight
This bug was introduced in 94d3f98a3f
:
scsi_cancel_io was checking if some request was pending before trying
to cancel it, while scsi_req_cancel always cancels the request.
This may lead to a crash of Qemu due to dereferencing a NULL pointer,
as exhibited by NetBSD 5.1 installer on MIPS Magnum emulation.
Signed-off-by: Hervé Poussineau <hpoussin@reactos.org>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
This commit is contained in:
parent
f5fc40bb81
commit
429bef6912
2
hw/esp.c
2
hw/esp.c
|
@ -219,7 +219,7 @@ static uint32_t get_cmd(ESPState *s, uint8_t *buf)
|
||||||
s->ti_rptr = 0;
|
s->ti_rptr = 0;
|
||||||
s->ti_wptr = 0;
|
s->ti_wptr = 0;
|
||||||
|
|
||||||
if (s->current_dev) {
|
if (s->current_req) {
|
||||||
/* Started a new command before the old one finished. Cancel it. */
|
/* Started a new command before the old one finished. Cancel it. */
|
||||||
scsi_req_cancel(s->current_req);
|
scsi_req_cancel(s->current_req);
|
||||||
s->async_len = 0;
|
s->async_len = 0;
|
||||||
|
|
Loading…
Reference in a new issue