From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:53979)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1T7Bep-0005H0-1c
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 16:48:08 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1T7Ben-0002wK-Uc
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 16:48:06 -0400
Received: from v220110690675601.yourvserver.net ([78.47.199.172]:45963)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <sw@weilnetz.de>) id 1T7Ben-0002wB-Oa
	for qemu-devel@nongnu.org; Thu, 30 Aug 2012 16:48:05 -0400
Message-ID: <503FD179.5030701@weilnetz.de>
Date: Thu, 30 Aug 2012 22:47:53 +0200
From: Stefan Weil <sw@weilnetz.de>
MIME-Version: 1.0
References: <1345211444-5002-1-git-send-email-sw@weilnetz.de>
	<502E50EF.7060707@siemens.com>
In-Reply-To: <502E50EF.7060707@siemens.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH for 1.2] console: Fix warning from clang
 (and potential crash)
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: "qemu-devel@nongnu.org" <qemu-devel@nongnu.org>

Am 17.08.2012 16:10, schrieb Jan Kiszka:
> On 2012-08-17 15:50, Stefan Weil wrote:
>    
>> ccc-analyzer reports this warning:
>>
>> console.c:1090:29: warning: Dereference of null pointer
>>          if (active_console->cursor_timer) {
>>                              ^
>>
>> Function console_select allows active_console to be NULL,
>> but would crash when accessing cursor_timer. Fix this.
>>
>> Signed-off-by: Stefan Weil<sw@weilnetz.de>
>> ---
>>
>> Please note that I don't have a test case which triggers the crash.
>>
>> Regards,
>> Stefan Weil
>>
>>   console.c |    2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/console.c b/console.c
>> index 4525cc7..f5e8814 100644
>> --- a/console.c
>> +++ b/console.c
>> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index)
>>       if (s) {
>>           DisplayState *ds = s->ds;
>>
>> -        if (active_console->cursor_timer) {
>> +        if (active_console&&  active_console->cursor_timer) {
>>               qemu_del_timer(active_console->cursor_timer);
>>           }
>>           active_console = s;
>>
>>      
> The only path that could trigger this is console_select() in the absence
> of any console. Not sure if that is possible, but the above is surely
> consistent with existing code.
>
> Reviewed-by: Jan Kiszka<jan.kiszka@siemens.com>
>
> Jan
>
>    


Ping? It's still missing in QEMU 1.2.