xhci: fix segfault

Guest trying to reset a endpoint of a disconnected device resulted in xhci trying to dereference uport while being NULL, thereby crashing qemu. Fix that by adding a check. Drop unused dev variable while touching that code bit. Cc: qemu-stable@nongnu.org Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
author: Gerd Hoffmann <kraxel@redhat.com> 2013-07-31 10:54:11 +0200
committer: Gerd Hoffmann <kraxel@redhat.com> 2013-08-01 13:03:42 +0200
commit: 75cc1c1fcba1987bdf3979c4289ab756c2b15742 (patch)
tree: 1c893fb96c94fde4338a5296d806476a9d154b48 /hw/usb
parent: 75e2a4baf1536682d111d9bee0261806737a32dc (diff)
download: qemu-75cc1c1fcba1987bdf3979c4289ab756c2b15742.tar.gz
1 files changed, 2 insertions, 3 deletions
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 7cbf813696..ff5f68135c 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1429,7 +1429,6 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
 {
     XHCISlot *slot;
     XHCIEPContext *epctx;
-    USBDevice *dev;
 
     trace_usb_xhci_ep_reset(slotid, epid);
     assert(slotid >= 1 && slotid <= xhci->numslots);
@@ -1465,8 +1464,8 @@ static TRBCCode xhci_reset_ep(XHCIState *xhci, unsigned int slotid,
         ep |= 0x80;
     }
 
-    dev = xhci->slots[slotid-1].uport->dev;
-    if (!dev) {
+    if (!xhci->slots[slotid-1].uport ||
+        !xhci->slots[slotid-1].uport->dev) {
         return CC_USB_TRANSACTION_ERROR;
     }
author	Gerd Hoffmann <kraxel@redhat.com>	2013-07-31 10:54:11 +0200
committer	Gerd Hoffmann <kraxel@redhat.com>	2013-08-01 13:03:42 +0200
commit	75cc1c1fcba1987bdf3979c4289ab756c2b15742 (patch)
tree	1c893fb96c94fde4338a5296d806476a9d154b48 /hw/usb
parent	75e2a4baf1536682d111d9bee0261806737a32dc (diff)
download	qemu-75cc1c1fcba1987bdf3979c4289ab756c2b15742.tar.gz