hw/ide/macio: Fix segfault caused by NULL DMAContext*

Pass qemu_sglist_init the global dma_context_memory rather than a NULL pointer; this fixes a segfault in dma_memory_map() when the guest starts using DMA. Reported-by: N Amadeusz Sławiński <amade@asmblr.net> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Alexander Graf <agraf@suse.de>

hw/ide/macio: Fix segfault caused by NULL DMAContext*
Pass qemu_sglist_init the global dma_context_memory rather than a NULL pointer; this fixes a segfault in dma_memory_map() when the guest starts using DMA. Reported-by: N Amadeusz Sławiński <amade@asmblr.net> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Alexander Graf <agraf@suse.de>
d688e523 · Peter Maydell · Alexander Graf · cab1e8f3 · d688e523
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

hw/ide/macio.c hw/ide/macio.c +4 -2

未找到文件。
--- a/hw/ide/macio.c
+++ b/hw/ide/macio.c
@@ -76,7 +76,8 @@ static void pmac_ide_atapi_transfer_cb(void *opaque, int ret)
    s->io_buffer_size = io->len;
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
    qemu_sglist_add(&s->sg, io->addr, io->len);
    io->addr += io->len;
    io->len = 0;
@@ -132,7 +133,8 @@ static void pmac_ide_transfer_cb(void *opaque, int ret)
    s->io_buffer_index = 0;
    s->io_buffer_size = io->len;
-    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1, NULL);
+    qemu_sglist_init(&s->sg, io->len / MACIO_PAGE_SIZE + 1,
+                     &dma_context_memory);
    qemu_sglist_add(&s->sg, io->addr, io->len);
    io->addr += io->len;
    io->len = 0;