From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:45787) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T7CSd-0004JN-HY for qemu-devel@nongnu.org; Thu, 30 Aug 2012 17:39:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1T7CSb-0001yr-Ul for qemu-devel@nongnu.org; Thu, 30 Aug 2012 17:39:35 -0400 Received: from e7.ny.us.ibm.com ([32.97.182.137]:34808) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1T7CSb-0001yc-QN for qemu-devel@nongnu.org; Thu, 30 Aug 2012 17:39:33 -0400 Received: from /spool/local by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 30 Aug 2012 17:39:33 -0400 Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236]) by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 55617C90041 for ; Thu, 30 Aug 2012 17:39:12 -0400 (EDT) Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q7ULdC2A192938 for ; Thu, 30 Aug 2012 17:39:12 -0400 Received: from d01av03.pok.ibm.com (loopback [127.0.0.1]) by d01av03.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q7ULdCdB021506 for ; Thu, 30 Aug 2012 18:39:12 -0300 From: Anthony Liguori In-Reply-To: <503FD179.5030701@weilnetz.de> References: <1345211444-5002-1-git-send-email-sw@weilnetz.de> <502E50EF.7060707@siemens.com> <503FD179.5030701@weilnetz.de> Date: Thu, 30 Aug 2012 16:38:54 -0500 Message-ID: <877gsg6owh.fsf@codemonkey.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [Qemu-devel] [PATCH for 1.2] console: Fix warning from clang (and potential crash) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Stefan Weil Cc: "qemu-devel@nongnu.org" Stefan Weil writes: > Am 17.08.2012 16:10, schrieb Jan Kiszka: >> On 2012-08-17 15:50, Stefan Weil wrote: >> >>> ccc-analyzer reports this warning: >>> >>> console.c:1090:29: warning: Dereference of null pointer >>> if (active_console->cursor_timer) { >>> ^ >>> >>> Function console_select allows active_console to be NULL, >>> but would crash when accessing cursor_timer. Fix this. >>> >>> Signed-off-by: Stefan Weil >>> --- >>> >>> Please note that I don't have a test case which triggers the crash. >>> >>> Regards, >>> Stefan Weil >>> >>> console.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/console.c b/console.c >>> index 4525cc7..f5e8814 100644 >>> --- a/console.c >>> +++ b/console.c >>> @@ -1087,7 +1087,7 @@ void console_select(unsigned int index) >>> if (s) { >>> DisplayState *ds = s->ds; >>> >>> - if (active_console->cursor_timer) { >>> + if (active_console&& active_console->cursor_timer) { >>> qemu_del_timer(active_console->cursor_timer); >>> } >>> active_console = s; >>> >>> >> The only path that could trigger this is console_select() in the absence >> of any console. Not sure if that is possible, but the above is surely >> consistent with existing code. >> >> Reviewed-by: Jan Kiszka >> >> Jan >> >> > > > Ping? It's still missing in QEMU 1.2. It'll need to wait for 1.3 to open up. I missed it for 1.2-rc2 and at this point, I don't want to commit anything other than actual bug fixes. Regards, Anthony Liguori