From 4ce2f97c000629531553328e1871b56312a210cf Mon Sep 17 00:00:00 2001 From: Laszlo Ersek Date: Wed, 13 Sep 2023 16:49:57 +0200 Subject: [PATCH] ui/console: only walk QemuGraphicConsoles in qemu_console_is_multihead() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit qemu_console_is_multihead() declares the console "c" a "multihead" console if there are two different consoles in the system that (a) both reference "c->device", and (b) have different "c->head" numbers. In effect, if at least two consoles exist that are different heads of the same device that underlies "c". Commit 58d5870845c6 ("ui/console: move graphic fields to QemuGraphicConsole", 2023-09-04) pushed the "device" and "head" members from the QemuConsole base class down to the QemuGraphicConsole subclass, adjusting the referring QOM properties accordingly as well. As a result, the "device" property lookup in qemu_console_is_multihead() now crashes, in case the candidate console being investigated for criterion (a) is not a QemuGraphicConsole instance: > Unexpected error in object_property_find_err() at qom/object.c:1314: > qemu: Property 'qemu-fixed-text-console.device' not found > Aborted (core dumped) This is effectively an unchecked downcast. Make it checked: only consider such console candidates that are themselves QemuGraphicConsole instances. Cc: "Marc-André Lureau" (odd fixer:Graphics) Cc: Gerd Hoffmann (odd fixer:Graphics) Fixes: 58d5870845c6 Signed-off-by: Laszlo Ersek Reviewed-by: Marc-André Lureau Message-ID: <20230913144959.41891-3-lersek@redhat.com> --- ui/console.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ui/console.c b/ui/console.c index d17b4ee397..4fe26c08fb 100644 --- a/ui/console.c +++ b/ui/console.c @@ -1442,6 +1442,9 @@ static bool qemu_console_is_multihead(DeviceState *dev) uint32_t h; QTAILQ_FOREACH(con, &consoles, next) { + if (!QEMU_IS_GRAPHIC_CONSOLE(con)) { + continue; + } obj = object_property_get_link(OBJECT(con), "device", &error_abort); if (DEVICE(obj) != dev) {