fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is used incorrectly

Avoid a crash if the guest combines FW_CFG_WRITE_CHANNEL with a wrong value. Signed-off-by: N Blue Swirl <blauwirbel@gmail.com>

fw_cfg: fix crash if FW_CFG_WRITE_CHANNEL is used incorrectly
Avoid a crash if the guest combines FW_CFG_WRITE_CHANNEL with a wrong value. Signed-off-by: N Blue Swirl <blauwirbel@gmail.com>
962d4b28 · Blue Swirl · 9f8d2a09 · 962d4b28
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

hw/fw_cfg.c hw/fw_cfg.c +2 -1

未找到文件。
--- a/hw/fw_cfg.c
+++ b/hw/fw_cfg.c
@@ -214,7 +214,8 @@ static void fw_cfg_write(FWCfgState *s, uint8_t value)

    FW_CFG_DPRINTF("write %d\n", value);

-    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && s->cur_offset < e->len) {
+    if (s->cur_entry & FW_CFG_WRITE_CHANNEL && e->callback &&
+        s->cur_offset < e->len) {
        e->data[s->cur_offset++] = value;
        if (s->cur_offset == e->len) {
            e->callback(e->callback_opaque, e->data);