chardev: fix segfault in finalize

If finalize chardev-msmouse or chardev-wctable is called immediately after init it cases QEMU to crash with segfault. This happens because of QTAILQ_REMOVE in qemu_input_handler_unregister tries to dereference NULL pointer. For instance, this error can be reproduced via `qom-list-properties` command. Signed-off-by: Maksim Davydov <davydov-max@yandex-team.ru> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Message-Id: <20220825165247.33704-1-davydov-max@yandex-team.ru>

chardev: fix segfault in finalize
If finalize chardev-msmouse or chardev-wctable is called immediately after init it cases QEMU to crash with segfault. This happens because of QTAILQ_REMOVE in qemu_input_handler_unregister tries to dereference NULL pointer. For instance, this error can be reproduced via `qom-list-properties` command. Signed-off-by: Maksim Davydov <davydov-max@yandex-team.ru> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Message-Id: <20220825165247.33704-1-davydov-max@yandex-team.ru>
fc0c1285 · Maksim Davydov · Marc-André Lureau · 769a726c · fc0c1285 · fc0c1285
Commit fc0c1285 authored 2 years ago by Maksim Davydov Committed by Marc-André Lureau 2 years ago
--- a/chardev/msmouse.c
+++ b/chardev/msmouse.c
@@ -247,7 +247,9 @@ static void char_msmouse_finalize(Object *obj)
 {
    MouseChardev *mouse = MOUSE_CHARDEV(obj);

-    qemu_input_handler_unregister(mouse->hs);
+    if (mouse->hs) {
+        qemu_input_handler_unregister(mouse->hs);
+    }
    fifo8_destroy(&mouse->outbuf);
 }


--- a/chardev/wctablet.c
+++ b/chardev/wctablet.c
@@ -319,7 +319,9 @@ static void wctablet_chr_finalize(Object *obj)
 {
    TabletChardev *tablet = WCTABLET_CHARDEV(obj);

-    qemu_input_handler_unregister(tablet->hs);
+    if (tablet->hs) {
+        qemu_input_handler_unregister(tablet->hs);
+    }
 }

 static void wctablet_chr_open(Chardev *chr,