sysbus_mmio_map_name() passes MemoryRegion.name directly to
strcmp() without checking whether the name is NULL.

Commit e27194e087 ("virtio-gpu-virgl: correct parent for blob
memory region") intentionally introduced a MemoryRegion with a
NULL name, so sysbus_mmio_map_name() should not assume names are
always present.

Add a simple NULL check before calling strcmp().

Signed-off-by: Vineet Agarwal <agarwal.vineet2006@gmail.com>
---
 hw/core/sysbus.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/hw/core/sysbus.c b/hw/core/sysbus.c
index 3e1160ee92..80cfed442e 100644
--- a/hw/core/sysbus.c
+++ b/hw/core/sysbus.c
@@ -148,7 +148,9 @@ void sysbus_mmio_map(SysBusDevice *dev, int n, hwaddr addr)
 int sysbus_mmio_map_name(SysBusDevice *dev, const char *name, hwaddr addr)
 {
     for (int i = 0; i < dev->num_mmio; i++) {
-        if (!strcmp(dev->mmio[i].memory->name, name)) {
+        const char *mr_name = dev->mmio[i].memory->name;
+
+        if (mr_name && !strcmp(mr_name, name)) {
             sysbus_mmio_map(dev, i, addr);
             return i;
         }
-- 
2.54.0

On Mon, 11 May 2026 at 14:28, Vineet Agarwal
<agarwal.vineet2006@gmail.com> wrote:
>
> sysbus_mmio_map_name() passes MemoryRegion.name directly to
> strcmp() without checking whether the name is NULL.
>
> Commit e27194e087 ("virtio-gpu-virgl: correct parent for blob
> memory region") intentionally introduced a MemoryRegion with a
> NULL name, so sysbus_mmio_map_name() should not assume names are
> always present.
>
> Add a simple NULL check before calling strcmp().
>
> Signed-off-by: Vineet Agarwal <agarwal.vineet2006@gmail.com>

I guess so, but MemoryRegions with a NULL name seem
like a bad idea.

e27194e087 looks like it is trying to work around some
other issue. I think we should revert that and fix the
actual problem, not do an extremely non-obvious thing with
NULL name pointers that happens to avoid a refcount problem.

thanks
-- PMM