From: chaojianhu <chaojia...@hotmail.com>
Date: Tue, 2 Aug 2016 17:39:16 +0800
Subject: [PATCH] hw/ide: fix a writing to null pointer exception
In qemu less than v2.1.3, ide_flush_cache calls ide_flush_cb with s->bs == NULL,
and ide_flush_cb calls bdrv_acct_done without checking s->bs neither. Finally,
bdrv_acct_done writes s->bs directly!
Reported-by: chaojianhu <chaojia...@hotmail.com>
Signed-off-by: chaojianhu <chaojia...@hotmail.com>
---
hw/ide/core.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/ide/core.c b/hw/ide/core.c
index fa4cafa..c39eedc 100644
--- a/hw/ide/core.c
+++ b/hw/ide/core.c
@@ -839,7 +839,9 @@ static void ide_flush_cb(void *opaque, int ret)
}
}
- bdrv_acct_done(s->bs, &s->acct);
+ if (s->bs){
+ bdrv_acct_done(s->bs, &s->acct);
+ }
s->status = READY_STAT | SEEK_STAT;
ide_async_cmd_done(s);
ide_set_irq(s->bus);
--
1.9.1
