chardev/char-fe: Allow NULL chardev in qemu_chr_fe_init()

All the functions in char-fe.c handle the CharBackend having a NULL Chardev pointer, which means that the backend exists but is not connected to anything. The exception is qemu_chr_fe_init(), which will crash if passed a NULL Chardev pointer argument. This can happen for various boards if they're started with 'nodefaults': arm-softmmu/qemu-system-arm -S -nodefaults -M cubieboard riscv32-softmmu/qemu-system-riscv32 -nodefaults -M sifive_e Make qemu_chr_fe_init() accept a NULL chardev. This allows UART models to handle NULL chardev properties without generally needing to special case them or to manually create a NullChardev. Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20180323152948.27048-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
8 years ago · 12051d82f0
1 changed files with 12 additions and 10 deletions
--- a/chardev/char-fe.c
+++ b/chardev/char-fe.c
@ -198,19 +198,21 @@ bool qemu_chr_fe_init(CharBackend *b, Chardev *s, Error **errp)
 {
    int tag = 0;

-    if (CHARDEV_IS_MUX(s)) {
-        MuxChardev *d = MUX_CHARDEV(s);
+    if (s) {
+        if (CHARDEV_IS_MUX(s)) {
+            MuxChardev *d = MUX_CHARDEV(s);
+
+            if (d->mux_cnt >= MAX_MUX) {
+                goto unavailable;
+            }

-        if (d->mux_cnt >= MAX_MUX) {
+            d->backends[d->mux_cnt] = b;
+            tag = d->mux_cnt++;
+        } else if (s->be) {
            goto unavailable;
+        } else {
+            s->be = b;
        }
-
-        d->backends[d->mux_cnt] = b;
-        tag = d->mux_cnt++;
-    } else if (s->be) {
-        goto unavailable;
-    } else {
-        s->be = b;
    }

    b->fe_open = false;