From ee29f6e92d987bd7f37e3a0002dd839f8431adb1 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Wed, 22 Apr 2020 15:07:12 +0200 Subject: [PATCH] bochs-display: Fix vgamem=SIZE error handling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit bochs_display_realize() rejects out-of-range vgamem. The error handling is broken: $ qemu-system-x86_64 -S -display none -monitor stdio QEMU 4.2.93 monitor - type 'help' for more information (qemu) device_add bochs-display,vgamem=1 Error: bochs-display: video memory too small (qemu) device_add bochs-display,vgamem=1 RAMBlock "0000:00:04.0/bochs-display-vram" already registered, abort! Aborted (core dumped) Cause: bochs_display_realize() neglects to bail out after setting the error. Fix that. Fixes: 765c94290863eef1fc4a67819d452cc13b7854a1 Cc: Gerd Hoffmann Signed-off-by: Markus Armbruster Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20200422130719.28225-8-armbru@redhat.com> Reviewed-by: Gerd Hoffmann --- hw/display/bochs-display.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/display/bochs-display.c b/hw/display/bochs-display.c index 70eb619ef4..e763a0a72d 100644 --- a/hw/display/bochs-display.c +++ b/hw/display/bochs-display.c @@ -267,16 +267,18 @@ static void bochs_display_realize(PCIDevice *dev, Error **errp) Object *obj = OBJECT(dev); int ret; - s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); - if (s->vgamem < 4 * MiB) { error_setg(errp, "bochs-display: video memory too small"); + return; } if (s->vgamem > 256 * MiB) { error_setg(errp, "bochs-display: video memory too big"); + return; } s->vgamem = pow2ceil(s->vgamem); + s->con = graphic_console_init(DEVICE(dev), 0, &bochs_display_gfx_ops, s); + memory_region_init_ram(&s->vram, obj, "bochs-display-vram", s->vgamem, &error_fatal); memory_region_init_io(&s->vbe, obj, &bochs_display_vbe_ops, s,