/home/stefan/src/qemu/qemu.org/qemu/hw/openrisc/openrisc

Bug Summary

File:	hw/openrisc/openrisc_sim.c
Location:	line 89, column 21
Description:	Dereference of null pointer

Annotated Source Code

* OpenRISC simulator for use as an IIS.

* Feng Gao <gf91597@gmail.com>

* This library is free software; you can redistribute it and/or

* modify it under the terms of the GNU Lesser General Public

* License as published by the Free Software Foundation; either

* version 2 of the License, or (at your option) any later version.

* This library is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* Lesser General Public License for more details.

* You should have received a copy of the GNU Lesser General Public

* License along with this library; if not, see <http://www.gnu.org/licenses/>.

#include "hw/hw.h"

#include "hw/boards.h"

#include "elf.h"

#include "hw/char/serial.h"

#include "net/net.h"

#include "hw/loader.h"

#include "exec/address-spaces.h"

#include "sysemu/sysemu.h"

#include "hw/sysbus.h"

#include "sysemu/qtest.h"

#define KERNEL_LOAD_ADDR0x100 0x100

static void main_cpu_reset(void *opaque)

{

OpenRISCCPU *cpu = opaque;

cpu_reset(CPU(cpu)((CPUState *)object_dynamic_cast_assert(((Object *)((cpu))), (
"cpu"), "/home/stefan/src/qemu/qemu.org/qemu/hw/openrisc/openrisc_sim.c"
, 38, __func__)));

}

static void openrisc_sim_net_init(MemoryRegion *address_space,

hwaddr base,

hwaddr descriptors,

qemu_irq irq, NICInfo *nd)

{

DeviceState *dev;

SysBusDevice *s;

dev = qdev_create(NULL((void*)0), "open_eth");

qdev_set_nic_properties(dev, nd);

qdev_init_nofail(dev);

s = SYS_BUS_DEVICE(dev)((SysBusDevice *)object_dynamic_cast_assert(((Object *)((dev)
)), ("sys-bus-device"), "/home/stefan/src/qemu/qemu.org/qemu/hw/openrisc/openrisc_sim.c"
, 53, __func__));

sysbus_connect_irq(s, 0, irq);

memory_region_add_subregion(address_space, base,

sysbus_mmio_get_region(s, 0));

memory_region_add_subregion(address_space, descriptors,

sysbus_mmio_get_region(s, 1));

}

static void cpu_openrisc_load_kernel(ram_addr_t ram_size,

const char *kernel_filename,

OpenRISCCPU *cpu)

{

long kernel_size;

uint64_t elf_entry;

hwaddr entry;

if (kernel_filename && !qtest_enabled()) {

←

Taking true branch

→

kernel_size = load_elf(kernel_filename, NULL((void*)0), NULL((void*)0),

&elf_entry, NULL((void*)0), NULL((void*)0), 1, ELF_MACHINE92, 1);

entry = elf_entry;

if (kernel_size < 0) {

←

Assuming 'kernel_size' is >= 0

→

←

Taking false branch

→

kernel_size = load_uimage(kernel_filename,

&entry, NULL((void*)0), NULL((void*)0));

}

if (kernel_size < 0) {

←

Taking false branch

→

kernel_size = load_image_targphys(kernel_filename,

KERNEL_LOAD_ADDR0x100,

ram_size - KERNEL_LOAD_ADDR0x100);

entry = KERNEL_LOAD_ADDR0x100;

}

if (kernel_size < 0) {

←

Taking false branch

→

fprintf(stderrstderr, "QEMU: couldn't load the kernel '%s'\n",

kernel_filename);

exit(1);

}

cpu->env.pc = entry;

←

Dereference of null pointer

}

static void openrisc_sim_init(QEMUMachineInitArgs *args)

{

ram_addr_t ram_size = args->ram_size;

const char *cpu_model = args->cpu_model;

const char *kernel_filename = args->kernel_filename;

OpenRISCCPU *cpu = NULL((void*)0);

'cpu' initialized to a null pointer value

→

MemoryRegion *ram;

100

int n;

101

102

if (!cpu_model) {

←

Assuming 'cpu_model' is non-null

→

←

Taking false branch

→

103

cpu_model = "or1200";

104

}

105

106

for (n = 0; n < smp_cpus; n++) {

←

Assuming 'n' is >= 'smp_cpus'

→

←

Loop condition is false. Execution continues on line 116

→

107

cpu = cpu_openrisc_init(cpu_model);

108

if (cpu == NULL((void*)0)) {

109

fprintf(stderrstderr, "Unable to find CPU definition!\n");

110

exit(1);

111

}

112

qemu_register_reset(main_cpu_reset, cpu);

113

main_cpu_reset(cpu);

114

}

115

116

ram = g_malloc(sizeof(*ram));

117

memory_region_init_ram(ram, NULL((void*)0), "openrisc.ram", ram_size);

118

vmstate_register_ram_global(ram);

119

memory_region_add_subregion(get_system_memory(), 0, ram);

120

121

cpu_openrisc_pic_init(cpu);

122

cpu_openrisc_clock_init(cpu);

123

124

serial_mm_init(get_system_memory(), 0x90000000, 0, cpu->env.irq[2],

125

115200, serial_hds[0], DEVICE_NATIVE_ENDIAN);

126

127

if (nd_table[0].used) {

←

Taking false branch

→

128

openrisc_sim_net_init(get_system_memory(), 0x92000000,

129

0x92000400, cpu->env.irq[4], nd_table);

130

}

131

132

cpu_openrisc_load_kernel(ram_size, kernel_filename, cpu);

←

Passing null pointer value via 3rd parameter 'cpu'

→

←

Calling 'cpu_openrisc_load_kernel'

→

133

}

134

135

static QEMUMachine openrisc_sim_machine = {

136

.name = "or32-sim",

137

.desc = "or32 simulation",

138

.init = openrisc_sim_init,

139

.max_cpus = 1,

140

.is_default = 1,

141

};

142

143

static void openrisc_sim_machine_init(void)

144

{

145

qemu_register_machine(&openrisc_sim_machine);

146

}

147

148

machine_init(openrisc_sim_machine_init)static void __attribute__((constructor)) do_qemu_init_openrisc_sim_machine_init
(void) { register_module_init(openrisc_sim_machine_init, MODULE_INIT_MACHINE
); };