From patchwork Wed Nov  9 18:45:38 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Peter Maydell <peter.maydell@linaro.org>
X-Patchwork-Id: 4984
Return-Path: <patch+caf_=linaro-patchwork=canonical.com@linaro.org>
X-Original-To: patchwork@peony.canonical.com
Delivered-To: patchwork@peony.canonical.com
Received: from fiordland.canonical.com (fiordland.canonical.com
 [91.189.94.145])
 by peony.canonical.com (Postfix) with ESMTP id 3FDAB23E0E
 for <patchwork@peony.canonical.com>;
 Wed,  9 Nov 2011 18:45:44 +0000 (UTC)
Received: from mail-bw0-f52.google.com (mail-bw0-f52.google.com
 [209.85.214.52])
 by fiordland.canonical.com (Postfix) with ESMTP id 28266A18141
 for <linaro-patchwork@canonical.com>;
 Wed,  9 Nov 2011 18:45:44 +0000 (UTC)
Received: by bkbc12 with SMTP id c12so2477528bkb.11
 for <linaro-patchwork@canonical.com>;
 Wed, 09 Nov 2011 10:45:44 -0800 (PST)
Received: by 10.152.109.199 with SMTP id hu7mr2413614lab.16.1320864343660;
 Wed, 09 Nov 2011 10:45:43 -0800 (PST)
X-Forwarded-To: linaro-patchwork@canonical.com
X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com
Delivered-To: patches@linaro.org
Received: by 10.152.10.72 with SMTP id g8cs182344lab;
 Wed, 9 Nov 2011 10:45:43 -0800 (PST)
Received: by 10.180.93.168 with SMTP id cv8mr4248145wib.36.1320864341420;
 Wed, 09 Nov 2011 10:45:41 -0800 (PST)
Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk.
 [81.2.115.146])
 by mx.google.com with ESMTPS id n8si3345500wic.50.2011.11.09.10.45.40
 (version=TLSv1/SSLv3 cipher=OTHER);
 Wed, 09 Nov 2011 10:45:41 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 pm215@archaic.org.uk designates 81.2.115.146 as permitted
 sender) client-ip=81.2.115.146; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain
 of pm215@archaic.org.uk designates 81.2.115.146 as permitted
 sender) smtp.mail=pm215@archaic.org.uk
Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72)
 (envelope-from <pm215@archaic.org.uk>)
 id 1ROD9W-0002Wv-K2; Wed, 09 Nov 2011 18:45:38 +0000
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
Cc: patches@linaro.org,
	Andrzej Zaborowski <balrogg@gmail.com>
Subject: [PATCH] hw/omap_intc.c: Avoid crash on access to nonexistent banked
 registers
Date: Wed,  9 Nov 2011 18:45:38 +0000
Message-Id: <1320864338-9702-1-git-send-email-peter.maydell@linaro.org>
X-Mailer: git-send-email 1.7.2.5

Avoid a crash due to null pointer dereference if a guest attempts
to access banked registers for a nonexistent bank. Spotted by
Coverity (see bug 887883).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/omap_intc.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/hw/omap_intc.c b/hw/omap_intc.c
index 0f7fd9d..45efa25 100644
--- a/hw/omap_intc.c
+++ b/hw/omap_intc.c
@@ -398,6 +398,9 @@ static uint64_t omap2_inth_read(void *opaque, target_phys_addr_t addr,
         if (bank_no < s->nbanks) {
             offset &= ~0x60;
             bank = &s->bank[bank_no];
+        } else {
+            OMAP_BAD_REG(addr);
+            return 0;
         }
     }
 
@@ -476,6 +479,9 @@ static void omap2_inth_write(void *opaque, target_phys_addr_t addr,
         if (bank_no < s->nbanks) {
             offset &= ~0x60;
             bank = &s->bank[bank_no];
+        } else {
+            OMAP_BAD_REG(addr);
+            return;
         }
     }