From 71200fb9664c2967a1cdd22b68b0da3a8b2b3eb7 Mon Sep 17 00:00:00 2001
From: Lin Ma <lma@suse.com>
Date: Wed, 14 Sep 2016 14:22:50 +0800
Subject: [PATCH] qemu-char: avoid segfault if user lacks of permisson of a
 given logfile

Function qemu_chr_alloc returns NULL if it failed to open logfile by any reason,
says no write permission. For backends tty, stdio and msmouse, They need to
check this return value to avoid segfault in this case.

Signed-off-by: Lin Ma <lma@suse.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Message-Id: <20160914062250.22226-1-lma@suse.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 backends/msmouse.c | 3 +++
 qemu-char.c        | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/backends/msmouse.c b/backends/msmouse.c
index aeb905562d2..aceb6dc4757 100644
--- a/backends/msmouse.c
+++ b/backends/msmouse.c
@@ -159,6 +159,9 @@ static CharDriverState *qemu_chr_open_msmouse(const char *id,
     CharDriverState *chr;
 
     chr = qemu_chr_alloc(common, errp);
+    if (!chr) {
+        return NULL;
+    }
     chr->chr_write = msmouse_chr_write;
     chr->chr_close = msmouse_chr_close;
     chr->chr_accept_input = msmouse_chr_accept_input;
diff --git a/qemu-char.c b/qemu-char.c
index 7fa87a8b6ee..8826419d7d5 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -1230,6 +1230,9 @@ static CharDriverState *qemu_chr_open_stdio(const char *id,
     sigaction(SIGCONT, &act, NULL);
 
     chr = qemu_chr_open_fd(0, 1, common, errp);
+    if (!chr) {
+        return NULL;
+    }
     chr->chr_close = qemu_chr_close_stdio;
     chr->chr_set_echo = qemu_chr_set_echo_stdio;
     if (opts->has_signal) {
@@ -1686,6 +1689,9 @@ static CharDriverState *qemu_chr_open_tty_fd(int fd,
 
     tty_serial_init(fd, 115200, 'N', 8, 1);
     chr = qemu_chr_open_fd(fd, fd, backend, errp);
+    if (!chr) {
+        return NULL;
+    }
     chr->chr_ioctl = tty_serial_ioctl;
     chr->chr_close = qemu_chr_close_tty;
     return chr;
-- 
2.39.5