From patchwork Thu Jan 10 13:33:23 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Markus Armbruster <armbru@redhat.com>
X-Patchwork-Id: 211006
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by ozlabs.org (Postfix) with ESMTPS id A97EE2C033D
	for <incoming@patchwork.ozlabs.org>;
	Fri, 11 Jan 2013 00:34:29 +1100 (EST)
Received: from localhost ([::1]:56426 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1TtIH5-0003Dw-I0
	for incoming@patchwork.ozlabs.org; Thu, 10 Jan 2013 08:34:27 -0500
Received: from eggs.gnu.org ([208.118.235.92]:34175)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1TtIGH-0001H6-2o
	for qemu-devel@nongnu.org; Thu, 10 Jan 2013 08:33:38 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1TtIGA-0002CZ-FQ
	for qemu-devel@nongnu.org; Thu, 10 Jan 2013 08:33:36 -0500
Received: from oxygen.pond.sub.org ([2a01:4f8:121:10e4::3]:47363)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@pond.sub.org>) id 1TtIGA-0002Bw-4j
	for qemu-devel@nongnu.org; Thu, 10 Jan 2013 08:33:30 -0500
Received: from blackfin.pond.sub.org (p5B32A660.dip.t-dialin.net
	[91.50.166.96])
	by oxygen.pond.sub.org (Postfix) with ESMTPA id 246EE9FE67
	for <qemu-devel@nongnu.org>; Thu, 10 Jan 2013 14:33:26 +0100 (CET)
Received: by blackfin.pond.sub.org (Postfix, from userid 1000)
	id 73C21200A8; Thu, 10 Jan 2013 14:33:25 +0100 (CET)
From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Date: Thu, 10 Jan 2013 14:33:23 +0100
Message-Id: <1357824805-31574-2-git-send-email-armbru@redhat.com>
X-Mailer: git-send-email 1.7.11.7
In-Reply-To: <1357824805-31574-1-git-send-email-armbru@redhat.com>
References: <1357824805-31574-1-git-send-email-armbru@redhat.com>
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a01:4f8:121:10e4::3
Cc: kraxel@redhat.com
Subject: [Qemu-devel] [PATCH 1/3] ehci: Assert state machine is sane w.r.t.
	EHCIQueue
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Coverity worries the EHCIQueue pointer could be null when we pass it
to functions that reference it.  The state machine ensures it can't be
null then.  Assert that, to hush the checker.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
 hw/usb/hcd-ehci.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c
index 320b7e7..7040659 100644
--- a/hw/usb/hcd-ehci.c
+++ b/hw/usb/hcd-ehci.c
@@ -2092,18 +2092,22 @@ static void ehci_advance_state(EHCIState *ehci, int async)
             break;
 
         case EST_ADVANCEQUEUE:
+            assert(q != NULL);
             again = ehci_state_advqueue(q);
             break;
 
         case EST_FETCHQTD:
+            assert(q != NULL);
             again = ehci_state_fetchqtd(q);
             break;
 
         case EST_HORIZONTALQH:
+            assert(q != NULL);
             again = ehci_state_horizqh(q);
             break;
 
         case EST_EXECUTE:
+            assert(q != NULL);
             again = ehci_state_execute(q);
             if (async) {
                 ehci->async_stepdown = 0;