From dc8416b55d69e70912acd2364494a490b02e3198 Mon Sep 17 00:00:00 2001
From: imxcc <xingchaochao@huawei.com>
Date: Mon, 21 Jun 2021 17:15:39 +0800
Subject: [PATCH] fix cve-2020-35504

esp: always check current_req is not NULL before use in DMA callbacks

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: imxcc <xingchaochao@huawei.com>
---
 hw/scsi/esp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hw/scsi/esp.c b/hw/scsi/esp.c
index 7508d035ca..d1f13b350e 100644
--- a/hw/scsi/esp.c
+++ b/hw/scsi/esp.c
@@ -253,6 +253,9 @@ static void esp_do_dma(ESPState *s)
         s->dma_memory_read(s->dma_opaque, &s->cmdbuf[s->cmdlen], len);
         return;
     }
+    if (!s->current_req) {
+        return;
+    }
     if (s->async_len == 0) {
         /* Defer until data is available.  */
         return;
-- 
2.27.0