From bab9820231fcc398904d5292c924183f778fe70b Mon Sep 17 00:00:00 2001
From: Andrew Tonner <rakslice@gmail.com>
Date: Fri, 20 Jan 2017 13:27:00 -0800
Subject: [PATCH] slirp: more changes to prevent a crash in the soread without
 so_tcpcb case

---
 BasiliskII/src/slirp/slirp.c  | 2 +-
 BasiliskII/src/slirp/socket.c | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/BasiliskII/src/slirp/slirp.c b/BasiliskII/src/slirp/slirp.c
index dc2fdc65..5f7617ba 100644
--- a/BasiliskII/src/slirp/slirp.c
+++ b/BasiliskII/src/slirp/slirp.c
@@ -219,7 +219,7 @@ int slirp_select_fill(int *pnfds,
 			/*
 			 * See if we need a tcp_fasttimo
 			 */
-			if (time_fasttimo == 0 && so->so_tcpcb->t_flags & TF_DELACK)
+			if (time_fasttimo == 0 && so->so_tcpcb && so->so_tcpcb->t_flags & TF_DELACK)
 				time_fasttimo = curtime; /* Flag when we want a fasttimo */
 			
 			/*
diff --git a/BasiliskII/src/slirp/socket.c b/BasiliskII/src/slirp/socket.c
index 5572a196..bc14852a 100644
--- a/BasiliskII/src/slirp/socket.c
+++ b/BasiliskII/src/slirp/socket.c
@@ -110,7 +110,10 @@ soread(so)
 	struct iovec iov[2];
 
 	if (!so->so_tcpcb) {
-		so->so_tcpcb = tcp_newtcpcb(so); // but how did we get in this state? should we just default mss for it?
+		// how did we get in this state?
+		tcp_newtcpcb(so);
+		// from what I've seen while debugging, the socket struct is about to get freed, so consider it closed.
+		return -1;
 	}
 	u_int mss = so->so_tcpcb->t_maxseg;