From: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Date: Mon, 3 Nov 2025 18:40:30 +0000 (+0530)
Subject: ncr710: Fix potential null pointer dereference
X-Git-Tag: v10.2.0-rc1~14^2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9d1bccac8f1090a51468fddccfeb6e0c92bcb9ca;p=thirdparty%2Fqemu.git

ncr710: Fix potential null pointer dereference

The code dereferences s->current before checking if it is NULL. Move the
null check before the dereference to prevent potential crashes.

This issue could occur if s->current is NULL when the function reaches
the "Host adapter (re)connected" path, though this should not normally
happen during correct operation.

Reported-by: Stefan Hajnoczi <stefanha@gmail.com>
Reported-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
Suggested-by: GuoHan Zhao <zhaoguohan@kylinos.cn>
Signed-off-by: Soumyajyotii Ssarkar <soumyajyotisarkar23@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---

diff --git a/hw/scsi/ncr53c710.c b/hw/scsi/ncr53c710.c
index ade951b1d1..a35c41b67f 100644
--- a/hw/scsi/ncr53c710.c
+++ b/hw/scsi/ncr53c710.c
@@ -832,12 +832,11 @@ void ncr710_transfer_data(SCSIRequest *req, uint32_t len)
     }
 
     /* Host adapter (re)connected */
-    s->current->dma_len = len;
     s->command_complete = NCR710_CMD_DATA_READY;
-
     if (!s->current) {
         return;
     }
+    s->current->dma_len = len;
 
     if (s->waiting) {
         s->scntl1 |= NCR710_SCNTL1_CON;