ehci: fix queue->dev null ptr dereference

In case we don't have a device for an active queue, just skip processing the queue (same we do for inactive queues) and log a guest bug. Reported-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Message-id: 20190821085319.13711-1-kraxel@redhat.com
author: Gerd Hoffmann <kraxel@redhat.com> 2019-08-21 10:53:19 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2019-08-22 06:55:29 +0200
commit: 1be344b7ad25d572dadeee46d80f0103354352b2 (patch)
tree: 0094951efb68341bb919995ce5cad907669a5c9a /hw/usb/hcd-ehci.c
parent: 73f46fef7400dc1dc6cb5e8914d3d1b3b673459f (diff)
download: qemu-1be344b7ad25d572dadeee46d80f0103354352b2.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 9ca7b87a80..56ab2f457f 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1838,6 +1838,9 @@ static int ehci_state_fetchqtd(EHCIQueue *q)
             ehci_set_state(q->ehci, q->async, EST_EXECUTING);
             break;
         }
+    } else if (q->dev == NULL) {
+        ehci_trace_guest_bug(q->ehci, "no device attached to queue");
+        ehci_set_state(q->ehci, q->async, EST_HORIZONTALQH);
     } else {
         p = ehci_alloc_packet(q);
         p->qtdaddr = q->qtdaddr;
author	Gerd Hoffmann <kraxel@redhat.com>	2019-08-21 10:53:19 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2019-08-22 06:55:29 +0200
commit	1be344b7ad25d572dadeee46d80f0103354352b2 (patch)
tree	0094951efb68341bb919995ce5cad907669a5c9a /hw/usb/hcd-ehci.c
parent	73f46fef7400dc1dc6cb5e8914d3d1b3b673459f (diff)
download	qemu-1be344b7ad25d572dadeee46d80f0103354352b2.zip