HP-PARISC: LASI's NCR710 SCSI Controller

[PATCH v4 1/2] hw/scsi/ncr53c710.c: Fixing null pointer dereference issue.

Posted by Soumyajyotii Ssarkar 1 week, 5 days ago

The code dereferences s->current before checking if it is NULL. Moved the
null check before the dereference to prevent potential crashes.

This issue could occur if s->current is NULL when the function reaches
the "Host adapter (re)connected" path, though this should not normally
happen during correct operation.
As suggested by: GuoHan Zhao <zhaoguohan@kylinos.cn>
Improved upon by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>

Reported-by: Stefan Hajnoczi <stefanha@gmail.com>
and GuoHan Zhao <zhaoguohan@kylinos.cn>

Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
---
 hw/scsi/ncr53c710.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index b3d4593b72..871f76c2a2 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -835,12 +835,11 @@ void ncr710_transfer_data(SCSIRequest *req, uint32_t len)
     }
 
     /* Host adapter (re)connected */
-    s->current->dma_len = len;
     s->command_complete = NCR710_CMD_DATA_READY;
-
     if (!s->current) {
         return;
     }
+    s->current->dma_len = len;
 
     if (s->waiting) {
         s->scntl1 |= NCR710_SCNTL1_CON;
-- 
2.49.0

[PATCH v4 1/2] hw/scsi/ncr53c710.c: Fixing null pointer dereference issue.
[PATCH v4 2/2] hw/scsi/ncr53c710.c: Fixing Incorrect expression (IDENTICAL_BRANCHES)