diff options
authorPaolo Bonzini <>2012-11-23 16:56:18 +0100
committerDoug Goldstein <>2012-12-13 15:31:59 -0600
commita85acf50f2a5a325fcb3bd54f86cfdb16504153b (patch)
parentqom: dynamic_cast of NULL is always NULL (diff)
hmp: do not crash on invalid SCSI hotplug
Commit 0d93692 (qdev: Convert busses to QEMU Object Model, 2012-05-02) removed a check on the type of the bus where a SCSI disk is hotplugged. However, hot-plugging to the wrong kind of device now causes a crash due to either a NULL pointer dereference (avoided by the previous patch) or a failed QOM cast. Instead, in this case we need to use object_dynamic_cast and check for the result, similar to what was done before that commit. Reported-by: Markus Armbruster <> Signed-off-by: Paolo Bonzini <> Signed-off-by: Anthony Liguori <> (cherry picked from commit b5007bcc9729acd995518c52eb1038c4d8416b5d) Signed-off-by: Michael Roth <> (cherry picked from commit a99cb0d20a4868a31f294f5d1fd4fa3225ea70ab)
1 files changed, 7 insertions, 1 deletions
diff --git a/hw/pci-hotplug.c b/hw/pci-hotplug.c
index e7fb780a0..0ca5546fc 100644
--- a/hw/pci-hotplug.c
+++ b/hw/pci-hotplug.c
@@ -80,7 +80,13 @@ static int scsi_hot_add(Monitor *mon, DeviceState *adapter,
SCSIBus *scsibus;
SCSIDevice *scsidev;
- scsibus = SCSI_BUS(QLIST_FIRST(&adapter->child_bus));
+ scsibus = (SCSIBus *)
+ object_dynamic_cast(OBJECT(QLIST_FIRST(&adapter->child_bus)),
+ if (!scsibus) {
+ error_report("Device is not a SCSI adapter");
+ return -1;
+ }
* drive_init() tries to find a default for dinfo->unit. Doesn't