ehci: check device is not NULL before calling usb_ep_get()

author Liam Merwick <liam.merwick@oracle.com>

Wed, 6 Feb 2019 13:36:51 +0000 (13:36 +0000)

committer Gerd Hoffmann <kraxel@redhat.com>

Wed, 20 Feb 2019 08:41:23 +0000 (09:41 +0100)
author Liam Merwick <liam.merwick@oracle.com>
Wed, 6 Feb 2019 13:36:51 +0000 (13:36 +0000)
committer Gerd Hoffmann <kraxel@redhat.com>
Wed, 20 Feb 2019 08:41:23 +0000 (09:41 +0100)
diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c

index 9b132cb0d392ce3bb8308d2a3931d278124dbce9..62dab0592fa26eccff765be68edc80d951076003 100644 (file)
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -1439,9 +1439,12 @@ static int ehci_process_itd(EHCIState *ehci,
                  qemu_sglist_add(&ehci->isgl, ptr1 + off, len);
              }
  
-            pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
-
              dev = ehci_find_device(ehci, devaddr);
+            if (dev == NULL) {
+                ehci_trace_guest_bug(ehci, "no device found");
+                return -1;
+            }
+            pid = dir ? USB_TOKEN_IN : USB_TOKEN_OUT;
              ep = usb_ep_get(dev, pid, endp);
              if (ep && ep->type == USB_ENDPOINT_XFER_ISOC) {
                  usb_packet_setup(&ehci->ipacket, pid, ep, 0, addr, false,
author	Liam Merwick <liam.merwick@oracle.com>
	Wed, 6 Feb 2019 13:36:51 +0000 (13:36 +0000)
committer	Gerd Hoffmann <kraxel@redhat.com>
	Wed, 20 Feb 2019 08:41:23 +0000 (09:41 +0100)