Ticket #9895: report-mq2NP5.html

File report-mq2NP5.html, 38.3 KB (added by mt, 11 years ago)

Report by Clang Static Analyzer

Line 
1<!doctype html>
2<html>
3<head>
4<title>/boot/home/haiku/haiku/src/system/boot/platform/bios_ia32/acpi.cpp</title>
5<style type="text/css">
6 body { color:#000000; background-color:#ffffff }
7 body { font-family:Helvetica, sans-serif; font-size:10pt }
8 h1 { font-size:14pt }
9 .code { border-collapse:collapse; width:100%; }
10 .code { font-family: "Monospace", monospace; font-size:10pt }
11 .code { line-height: 1.2em }
12 .comment { color: green; font-style: oblique }
13 .keyword { color: blue }
14 .string_literal { color: red }
15 .directive { color: darkmagenta }
16 .expansion { display: none; }
17 .macro:hover .expansion { display: block; border: 2px solid #FF0000; padding: 2px; background-color:#FFF0F0; font-weight: normal; -webkit-border-radius:5px; -webkit-box-shadow:1px 1px 7px #000; position: absolute; top: -1em; left:10em; z-index: 1 }
18 .macro { color: darkmagenta; background-color:LemonChiffon; position: relative }
19 .num { width:2.5em; padding-right:2ex; background-color:#eeeeee }
20 .num { text-align:right; font-size:8pt }
21 .num { color:#444444 }
22 .line { padding-left: 1ex; border-left: 3px solid #ccc }
23 .line { white-space: pre }
24 .msg { -webkit-box-shadow:1px 1px 7px #000 }
25 .msg { -webkit-border-radius:5px }
26 .msg { font-family:Helvetica, sans-serif; font-size:8pt }
27 .msg { float:left }
28 .msg { padding:0.25em 1ex 0.25em 1ex }
29 .msg { margin-top:10px; margin-bottom:10px }
30 .msg { font-weight:bold }
31 .msg { max-width:60em; word-wrap: break-word; white-space: pre-wrap }
32 .msgT { padding:0x; spacing:0x }
33 .msgEvent { background-color:#fff8b4; color:#000000 }
34 .msgControl { background-color:#bbbbbb; color:#000000 }
35 .mrange { background-color:#dfddf3 }
36 .mrange { border-bottom:1px solid #6F9DBE }
37 .PathIndex { font-weight: bold; padding:0px 5px; margin-right:5px; }
38 .PathIndex { -webkit-border-radius:8px }
39 .PathIndexEvent { background-color:#bfba87 }
40 .PathIndexControl { background-color:#8c8c8c }
41 .PathNav a { text-decoration:none; font-size: larger }
42 .CodeInsertionHint { font-weight: bold; background-color: #10dd10 }
43 .CodeRemovalHint { background-color:#de1010 }
44 .CodeRemovalHint { border-bottom:1px solid #6F9DBE }
45 table.simpletable {
46 padding: 5px;
47 font-size:12pt;
48 margin:20px;
49 border-collapse: collapse; border-spacing: 0px;
50 }
51 td.rowname {
52 text-align:right; font-weight:bold; color:#444444;
53 padding-right:2ex; }
54</style>
55</head>
56<body>
57<!-- BUGDESC Access to field 'length' results in a dereference of a null pointer (loaded from variable 'rsdt') -->
58
59<!-- BUGTYPE Dereference of null pointer -->
60
61<!-- BUGCATEGORY Logic error -->
62
63<!-- BUGFILE /boot/home/haiku/haiku/src/system/boot/platform/bios_ia32/acpi.cpp -->
64
65<!-- BUGLINE 125 -->
66
67<!-- BUGPATHLENGTH 11 -->
68
69<!-- BUGMETAEND -->
70<!-- REPORTHEADER -->
71<h3>Bug Summary</h3>
72<table class="simpletable">
73<tr><td class="rowname">File:</td><td>/boot/home/haiku/haiku/src/system/boot/platform/bios_ia32/acpi.cpp</td></tr>
74<tr><td class="rowname">Location:</td><td><a href="#EndPath">line 125, column 12</a></td></tr>
75<tr><td class="rowname">Description:</td><td>Access to field 'length' results in a dereference of a null pointer (loaded from variable 'rsdt')</td></tr>
76</table>
77<!-- REPORTSUMMARYEXTRA -->
78<h3>Annotated Source Code</h3>
79<table class="code">
80<tr><td class="num" id="LN1">1</td><td class="line"><span class='comment'>/*</span></td></tr>
81<tr><td class="num" id="LN2">2</td><td class="line"> <span class='comment'>* Copyright 2011, Rene Gollent, rene@gollent.com.</span></td></tr>
82<tr><td class="num" id="LN3">3</td><td class="line"> <span class='comment'>* Copyright 2008, Dustin Howett, dustin.howett@gmail.com. All rights reserved.</span></td></tr>
83<tr><td class="num" id="LN4">4</td><td class="line"> <span class='comment'>* Copyright 2007, Michael Lotz, mmlr@mlotz.ch</span></td></tr>
84<tr><td class="num" id="LN5">5</td><td class="line"> <span class='comment'>* Copyright 2004-2005, Axel Dörfler, axeld@pinc-software.de.</span></td></tr>
85<tr><td class="num" id="LN6">6</td><td class="line"> <span class='comment'>* Distributed under the terms of the MIT License.</span></td></tr>
86<tr><td class="num" id="LN7">7</td><td class="line"> <span class='comment'>*</span></td></tr>
87<tr><td class="num" id="LN8">8</td><td class="line"> <span class='comment'>* Copyright 2001, Travis Geiselbrecht. All rights reserved.</span></td></tr>
88<tr><td class="num" id="LN9">9</td><td class="line"> <span class='comment'>* Distributed under the terms of the NewOS License.</span></td></tr>
89<tr><td class="num" id="LN10">10</td><td class="line"><span class='comment'>*/</span></td></tr>
90<tr><td class="num" id="LN11">11</td><td class="line"> </td></tr>
91<tr><td class="num" id="LN12">12</td><td class="line"> </td></tr>
92<tr><td class="num" id="LN13">13</td><td class="line"><span class='directive'>#include "acpi.h"</span></td></tr>
93<tr><td class="num" id="LN14">14</td><td class="line"><span class='directive'>#include "mmu.h"</span></td></tr>
94<tr><td class="num" id="LN15">15</td><td class="line"> </td></tr>
95<tr><td class="num" id="LN16">16</td><td class="line"><span class='directive'>#include &lt;string.h&gt;</span></td></tr>
96<tr><td class="num" id="LN17">17</td><td class="line"> </td></tr>
97<tr><td class="num" id="LN18">18</td><td class="line"><span class='directive'>#include &lt;KernelExport.h&gt;</span></td></tr>
98<tr><td class="num" id="LN19">19</td><td class="line"> </td></tr>
99<tr><td class="num" id="LN20">20</td><td class="line"><span class='directive'>#include &lt;arch/x86/arch_acpi.h&gt;</span></td></tr>
100<tr><td class="num" id="LN21">21</td><td class="line"> </td></tr>
101<tr><td class="num" id="LN22">22</td><td class="line"> </td></tr>
102<tr><td class="num" id="LN23">23</td><td class="line"><span class='comment'>//#define TRACE_ACPI</span></td></tr>
103<tr><td class="num" id="LN24">24</td><td class="line"><span class='directive'>#ifdef TRACE_ACPI</span></td></tr>
104<tr><td class="num" id="LN25">25</td><td class="line"><span class='directive'># define <span class='macro'>TRACE(x)<span class='expansion'>;</span></span> dprintf x</span></td></tr>
105<tr><td class="num" id="LN26">26</td><td class="line"><span class='directive'>#else</span></td></tr>
106<tr><td class="num" id="LN27">27</td><td class="line"><span class='directive'># define <span class='macro'>TRACE(x)<span class='expansion'>;</span></span> ;</span></td></tr>
107<tr><td class="num" id="LN28">28</td><td class="line"><span class='directive'>#endif</span></td></tr>
108<tr><td class="num" id="LN29">29</td><td class="line"> </td></tr>
109<tr><td class="num" id="LN30">30</td><td class="line"><span class='keyword'>static</span> <span class='keyword'>struct</span> scan_spots_struct acpi_scan_spots[] = {</td></tr>
110<tr><td class="num" id="LN31">31</td><td class="line"> { 0x0, 0x400, 0x400 - 0x0 },</td></tr>
111<tr><td class="num" id="LN32">32</td><td class="line"> { 0xe0000, 0x100000, 0x100000 - 0xe0000 },</td></tr>
112<tr><td class="num" id="LN33">33</td><td class="line"> { 0, 0, 0 }</td></tr>
113<tr><td class="num" id="LN34">34</td><td class="line">};</td></tr>
114<tr><td class="num" id="LN35">35</td><td class="line"> </td></tr>
115<tr><td class="num" id="LN36">36</td><td class="line"><span class='keyword'>static</span> acpi_descriptor_header* sAcpiRsdt; <span class='comment'>// System Description Table</span></td></tr>
116<tr><td class="num" id="LN37">37</td><td class="line"><span class='keyword'>static</span> acpi_descriptor_header* sAcpiXsdt; <span class='comment'>// Extended System Description Table</span></td></tr>
117<tr><td class="num" id="LN38">38</td><td class="line"><span class='keyword'>static</span> int32 sNumEntries = -1;</td></tr>
118<tr><td class="num" id="LN39">39</td><td class="line"> </td></tr>
119<tr><td class="num" id="LN40">40</td><td class="line"> </td></tr>
120<tr><td class="num" id="LN41">41</td><td class="line"><span class='keyword'>static</span> status_t</td></tr>
121<tr><td class="num" id="LN42">42</td><td class="line">acpi_validate_rsdp(acpi_rsdp* rsdp)</td></tr>
122<tr><td class="num" id="LN43">43</td><td class="line">{</td></tr>
123<tr><td class="num" id="LN44">44</td><td class="line"> <span class='keyword'>const</span> <span class='keyword'>char</span>* data = (<span class='keyword'>const</span> <span class='keyword'>char</span>*)rsdp;</td></tr>
124<tr><td class="num" id="LN45">45</td><td class="line"> <span class='keyword'>unsigned</span> <span class='keyword'>char</span> checksum = 0;</td></tr>
125<tr><td class="num" id="LN46">46</td><td class="line"> <span class='keyword'>for</span> (uint32 i = 0; i &lt; <span class='keyword'>sizeof</span>(acpi_rsdp_legacy); i++)</td></tr>
126<tr><td class="num" id="LN47">47</td><td class="line"> checksum += data[i];</td></tr>
127<tr><td class="num" id="LN48">48</td><td class="line"> </td></tr>
128<tr><td class="num" id="LN49">49</td><td class="line"> <span class='keyword'>if</span> ((checksum &amp; 0xff) != 0) {</td></tr>
129<tr><td class="num" id="LN50">50</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: rsdp failed basic checksum\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
130<tr><td class="num" id="LN51">51</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_BAD_DATA<span class='expansion'>((-2147483647 - 1) + 16)</span></span>;</td></tr>
131<tr><td class="num" id="LN52">52</td><td class="line"> }</td></tr>
132<tr><td class="num" id="LN53">53</td><td class="line"> </td></tr>
133<tr><td class="num" id="LN54">54</td><td class="line"> <span class='comment'>// for ACPI 2.0+ we need to also validate the extended checksum</span></td></tr>
134<tr><td class="num" id="LN55">55</td><td class="line"> <span class='keyword'>if</span> (rsdp-&gt;revision &gt; 0) {</td></tr>
135<tr><td class="num" id="LN56">56</td><td class="line"> <span class='keyword'>for</span> (uint32 i = <span class='keyword'>sizeof</span>(acpi_rsdp_legacy);</td></tr>
136<tr><td class="num" id="LN57">57</td><td class="line"> i &lt; <span class='keyword'>sizeof</span>(acpi_rsdp_extended); i++) {</td></tr>
137<tr><td class="num" id="LN58">58</td><td class="line"> checksum += data[i];</td></tr>
138<tr><td class="num" id="LN59">59</td><td class="line"> }</td></tr>
139<tr><td class="num" id="LN60">60</td><td class="line"> </td></tr>
140<tr><td class="num" id="LN61">61</td><td class="line"> <span class='keyword'>if</span> ((checksum &amp; 0xff) != 0) {</td></tr>
141<tr><td class="num" id="LN62">62</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: rsdp failed extended checksum\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
142<tr><td class="num" id="LN63">63</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_BAD_DATA<span class='expansion'>((-2147483647 - 1) + 16)</span></span>;</td></tr>
143<tr><td class="num" id="LN64">64</td><td class="line"> }</td></tr>
144<tr><td class="num" id="LN65">65</td><td class="line"> }</td></tr>
145<tr><td class="num" id="LN66">66</td><td class="line"> </td></tr>
146<tr><td class="num" id="LN67">67</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>;</td></tr>
147<tr><td class="num" id="LN68">68</td><td class="line">}</td></tr>
148<tr><td class="num" id="LN69">69</td><td class="line"> </td></tr>
149<tr><td class="num" id="LN70">70</td><td class="line"> </td></tr>
150<tr><td class="num" id="LN71">71</td><td class="line"><span class='keyword'>static</span> status_t</td></tr>
151<tr><td class="num" id="LN72">72</td><td class="line">acpi_validate_rsdt(acpi_descriptor_header* rsdt)</td></tr>
152<tr><td class="num" id="LN73">73</td><td class="line">{</td></tr>
153<tr><td class="num" id="LN74">74</td><td class="line"> <span class='keyword'>const</span> <span class='keyword'>char</span>* data = (<span class='keyword'>const</span> <span class='keyword'>char</span>*)rsdt;</td></tr>
154<tr><td class="num" id="LN75">75</td><td class="line"> <span class='keyword'>unsigned</span> <span class='keyword'>char</span> checksum = 0;</td></tr>
155<tr><td class="num" id="LN76">76</td><td class="line"> <span class='keyword'>for</span> (uint32 i = 0; i &lt; rsdt-&gt;length; i++)</td></tr>
156<tr><td class="num" id="LN77">77</td><td class="line"> checksum += data[i];</td></tr>
157<tr><td class="num" id="LN78">78</td><td class="line"> </td></tr>
158<tr><td class="num" id="LN79">79</td><td class="line"> <span class='keyword'>return</span> checksum == 0 ? <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span> : <span class='macro'>B_BAD_DATA<span class='expansion'>((-2147483647 - 1) + 16)</span></span>;</td></tr>
159<tr><td class="num" id="LN80">80</td><td class="line">}</td></tr>
160<tr><td class="num" id="LN81">81</td><td class="line"> </td></tr>
161<tr><td class="num" id="LN82">82</td><td class="line"> </td></tr>
162<tr><td class="num" id="LN83">83</td><td class="line"><span class='keyword'>static</span> status_t</td></tr>
163<tr><td class="num" id="LN84">84</td><td class="line">acpi_check_rsdt(acpi_rsdp* rsdp)</td></tr>
164<tr><td class="num" id="LN85">85</td><td class="line">{</td></tr>
165<tr><td class="num" id="LN86">86</td><td class="line"> <span class='keyword'>if</span> (acpi_validate_rsdp(rsdp) != <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>)</td></tr>
166<tr><td class="num"></td><td class="line"><div id="Path6" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">6</div></td><td><div class="PathNav"><a href="#Path5" title="Previous event (5)">&#x2190;</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path7" title="Next event (7)">&#x2192;</a></div></td></tr></table></div></td></tr>
167<tr><td class="num" id="LN87">87</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_BAD_DATA<span class='expansion'>((-2147483647 - 1) + 16)</span></span>;</td></tr>
168<tr><td class="num" id="LN88">88</td><td class="line"> </td></tr>
169<tr><td class="num" id="LN89">89</td><td class="line"> <span class='keyword'>bool</span> usingXsdt = <span class='keyword'>false</span>;</td></tr>
170<tr><td class="num" id="LN90">90</td><td class="line"> </td></tr>
171<tr><td class="num" id="LN91">91</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: found rsdp at %p oem id: %.6s, rev %d\n"</span>,<span class='expansion'>;</span></span></td></tr>
172<tr><td class="num" id="LN92">92</td><td class="line"> <span class='macro'>rsdp, rsdp-&gt;oem_id, rsdp-&gt;revision))<span class='expansion'>;</span></span>;</td></tr>
173<tr><td class="num" id="LN93">93</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: rsdp points to rsdt at 0x%lx\n"</span>, rsdp-&gt;rsdt_address))<span class='expansion'>;</span></span>;</td></tr>
174<tr><td class="num" id="LN94">94</td><td class="line"> </td></tr>
175<tr><td class="num" id="LN95">95</td><td class="line"> uint32 length = 0;</td></tr>
176<tr><td class="num" id="LN96">96</td><td class="line"> acpi_descriptor_header* rsdt = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
177<tr><td class="num" id="LN97">97</td><td class="line"> <span class='keyword'>if</span> (rsdp-&gt;revision &gt; 0) {</td></tr>
178<tr><td class="num"></td><td class="line"><div id="Path7" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">7</div></td><td><div class="PathNav"><a href="#Path6" title="Previous event (6)">&#x2190;</a></div></td></td><td>Taking false branch</td><td><div class="PathNav"><a href="#Path8" title="Next event (8)">&#x2192;</a></div></td></tr></table></div></td></tr>
179<tr><td class="num" id="LN98">98</td><td class="line"> length = rsdp-&gt;xsdt_length;</td></tr>
180<tr><td class="num" id="LN99">99</td><td class="line"> rsdt = (acpi_descriptor_header*)mmu_map_physical_memory(</td></tr>
181<tr><td class="num" id="LN100">100</td><td class="line"> (uint32)rsdp-&gt;xsdt_address, rsdp-&gt;xsdt_length, kDefaultPageFlags);</td></tr>
182<tr><td class="num" id="LN101">101</td><td class="line"> <span class='keyword'>if</span> (rsdt != <span class='macro'>NULL<span class='expansion'>__null</span></span></td></tr>
183<tr><td class="num" id="LN102">102</td><td class="line"> &amp;&amp; strncmp(rsdt-&gt;signature, <span class='macro'>ACPI_XSDT_SIGNATURE<span class='expansion'>"XSDT"</span></span>, 4) != 0) {</td></tr>
184<tr><td class="num" id="LN103">103</td><td class="line"> mmu_free(rsdt, rsdp-&gt;xsdt_length);</td></tr>
185<tr><td class="num" id="LN104">104</td><td class="line"> rsdt = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
186<tr><td class="num" id="LN105">105</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: invalid extended system description table\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
187<tr><td class="num" id="LN106">106</td><td class="line"> } <span class='keyword'>else</span></td></tr>
188<tr><td class="num" id="LN107">107</td><td class="line"> usingXsdt = <span class='keyword'>true</span>;</td></tr>
189<tr><td class="num" id="LN108">108</td><td class="line"> }</td></tr>
190<tr><td class="num" id="LN109">109</td><td class="line"> </td></tr>
191<tr><td class="num" id="LN110">110</td><td class="line"> <span class='comment'>// if we're ACPI v1 or we fail to map the XSDT for some reason,</span></td></tr>
192<tr><td class="num" id="LN111">111</td><td class="line"> <span class='comment'>// attempt to use the RSDT instead.</span></td></tr>
193<tr><td class="num" id="LN112">112</td><td class="line"> <span class='keyword'>if</span> (rsdt == <span class='macro'>NULL<span class='expansion'>__null</span></span>) {</td></tr>
194<tr><td class="num"></td><td class="line"><div id="Path8" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">8</div></td><td><div class="PathNav"><a href="#Path7" title="Previous event (7)">&#x2190;</a></div></td></td><td>Taking true branch</td><td><div class="PathNav"><a href="#Path9" title="Next event (9)">&#x2192;</a></div></td></tr></table></div></td></tr>
195<tr><td class="num" id="LN113">113</td><td class="line"> <span class='comment'>// map and validate the root system description table</span></td></tr>
196<tr><td class="num" id="LN114">114</td><td class="line"> <span class="mrange">rsdt = (acpi_descriptor_header*)mmu_map_physical_memory(</td></tr></span>
197<tr><td class="num"></td><td class="line"><div id="Path9" class="msg msgEvent" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">9</div></td><td><div class="PathNav"><a href="#Path8" title="Previous event (8)">&#x2190;</a></div></td></td><td>Value assigned to 'rsdt'</td><td><div class="PathNav"><a href="#Path10" title="Next event (10)">&#x2192;</a></div></td></tr></table></div></td></tr>
198<tr><td class="num" id="LN115">115</td><td class="line"> <span class="mrange">rsdp-&gt;rsdt_address, <span class='keyword'>sizeof</span>(acpi_descriptor_header),</td></tr></span>
199<tr><td class="num" id="LN116">116</td><td class="line"> <span class="mrange">kDefaultPageFlags)</span>;</td></tr>
200<tr><td class="num" id="LN117">117</td><td class="line"> <span class='keyword'>if</span> (<span class="mrange">rsdt != <span class='macro'>NULL<span class='expansion'>__null</span></span></td></tr></span>
201<tr><td class="num"></td><td class="line"><div id="Path10" class="msg msgEvent" style="margin-left:21ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">10</div></td><td><div class="PathNav"><a href="#Path9" title="Previous event (9)">&#x2190;</a></div></td></td><td>Assuming pointer value is null</td><td><div class="PathNav"><a href="#EndPath" title="Next event (11)">&#x2192;</a></div></td></tr></table></div></td></tr>
202<tr><td class="num" id="LN118">118</td><td class="line"> &amp;&amp; strncmp(rsdt-&gt;signature, <span class='macro'>ACPI_RSDT_SIGNATURE<span class='expansion'>"RSDT"</span></span>, 4) != 0) {</td></tr>
203<tr><td class="num" id="LN119">119</td><td class="line"> mmu_free(rsdt, <span class='keyword'>sizeof</span>(acpi_descriptor_header));</td></tr>
204<tr><td class="num" id="LN120">120</td><td class="line"> rsdt = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
205<tr><td class="num" id="LN121">121</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: invalid root system description table\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
206<tr><td class="num" id="LN122">122</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_ERROR<span class='expansion'>(-1)</span></span>;</td></tr>
207<tr><td class="num" id="LN123">123</td><td class="line"> }</td></tr>
208<tr><td class="num" id="LN124">124</td><td class="line"> </td></tr>
209<tr><td class="num" id="LN125">125</td><td class="line"> length = <span class="mrange">rsdt</span>-&gt;length;</td></tr>
210<tr><td class="num"></td><td class="line"><div id="EndPath" class="msg msgEvent" style="margin-left:26ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">11</div></td><td><div class="PathNav"><a href="#Path10" title="Previous event (10)">&#x2190;</a></div></td></td><td>Access to field 'length' results in a dereference of a null pointer (loaded from variable 'rsdt')</td></tr></table></div></td></tr>
211<tr><td class="num" id="LN126">126</td><td class="line"> <span class='comment'>// Map the whole table, not just the header</span></td></tr>
212<tr><td class="num" id="LN127">127</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: rsdt length: %lu\n"</span>, length))<span class='expansion'>;</span></span>;</td></tr>
213<tr><td class="num" id="LN128">128</td><td class="line"> mmu_free(rsdt, <span class='keyword'>sizeof</span>(acpi_descriptor_header));</td></tr>
214<tr><td class="num" id="LN129">129</td><td class="line"> rsdt = (acpi_descriptor_header*)mmu_map_physical_memory(</td></tr>
215<tr><td class="num" id="LN130">130</td><td class="line"> rsdp-&gt;rsdt_address, length, kDefaultPageFlags);</td></tr>
216<tr><td class="num" id="LN131">131</td><td class="line"> }</td></tr>
217<tr><td class="num" id="LN132">132</td><td class="line"> </td></tr>
218<tr><td class="num" id="LN133">133</td><td class="line"> <span class='keyword'>if</span> (rsdt != <span class='macro'>NULL<span class='expansion'>__null</span></span>) {</td></tr>
219<tr><td class="num" id="LN134">134</td><td class="line"> <span class='keyword'>if</span> (acpi_validate_rsdt(rsdt) != <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>) {</td></tr>
220<tr><td class="num" id="LN135">135</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: rsdt failed checksum validation\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
221<tr><td class="num" id="LN136">136</td><td class="line"> mmu_free(rsdt, length);</td></tr>
222<tr><td class="num" id="LN137">137</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_ERROR<span class='expansion'>(-1)</span></span>;</td></tr>
223<tr><td class="num" id="LN138">138</td><td class="line"> } <span class='keyword'>else</span> {</td></tr>
224<tr><td class="num" id="LN139">139</td><td class="line"> <span class='keyword'>if</span> (usingXsdt)</td></tr>
225<tr><td class="num" id="LN140">140</td><td class="line"> sAcpiXsdt = rsdt;</td></tr>
226<tr><td class="num" id="LN141">141</td><td class="line"> <span class='keyword'>else</span></td></tr>
227<tr><td class="num" id="LN142">142</td><td class="line"> sAcpiRsdt = rsdt;</td></tr>
228<tr><td class="num" id="LN143">143</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: found valid %s at %p\n"</span>,<span class='expansion'>;</span></span></td></tr>
229<tr><td class="num" id="LN144">144</td><td class="line"> <span class='macro'>usingXsdt ? ACPI_XSDT_SIGNATURE : ACPI_RSDT_SIGNATURE,<span class='expansion'>;</span></span></td></tr>
230<tr><td class="num" id="LN145">145</td><td class="line"> <span class='macro'>rsdt))<span class='expansion'>;</span></span>;</td></tr>
231<tr><td class="num" id="LN146">146</td><td class="line"> }</td></tr>
232<tr><td class="num" id="LN147">147</td><td class="line"> } <span class='keyword'>else</span></td></tr>
233<tr><td class="num" id="LN148">148</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_ERROR<span class='expansion'>(-1)</span></span>;</td></tr>
234<tr><td class="num" id="LN149">149</td><td class="line"> </td></tr>
235<tr><td class="num" id="LN150">150</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>;</td></tr>
236<tr><td class="num" id="LN151">151</td><td class="line">}</td></tr>
237<tr><td class="num" id="LN152">152</td><td class="line"> </td></tr>
238<tr><td class="num" id="LN153">153</td><td class="line"> </td></tr>
239<tr><td class="num" id="LN154">154</td><td class="line"><span class='keyword'>template</span>&lt;<span class='keyword'>typename</span> PointerType&gt;</td></tr>
240<tr><td class="num" id="LN155">155</td><td class="line">acpi_descriptor_header*</td></tr>
241<tr><td class="num" id="LN156">156</td><td class="line">acpi_find_table_generic(<span class='keyword'>const</span> <span class='keyword'>char</span>* signature, acpi_descriptor_header* acpiSdt)</td></tr>
242<tr><td class="num" id="LN157">157</td><td class="line">{</td></tr>
243<tr><td class="num" id="LN158">158</td><td class="line"> <span class='keyword'>if</span> (acpiSdt == <span class='macro'>NULL<span class='expansion'>__null</span></span>)</td></tr>
244<tr><td class="num" id="LN159">159</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
245<tr><td class="num" id="LN160">160</td><td class="line"> </td></tr>
246<tr><td class="num" id="LN161">161</td><td class="line"> <span class='keyword'>if</span> (sNumEntries == -1) {</td></tr>
247<tr><td class="num" id="LN162">162</td><td class="line"> <span class='comment'>// if using the xsdt, our entries are 64 bits wide.</span></td></tr>
248<tr><td class="num" id="LN163">163</td><td class="line"> sNumEntries = (acpiSdt-&gt;length</td></tr>
249<tr><td class="num" id="LN164">164</td><td class="line"> - <span class='keyword'>sizeof</span>(acpi_descriptor_header))</td></tr>
250<tr><td class="num" id="LN165">165</td><td class="line"> / <span class='keyword'>sizeof</span>(PointerType);</td></tr>
251<tr><td class="num" id="LN166">166</td><td class="line"> }</td></tr>
252<tr><td class="num" id="LN167">167</td><td class="line"> </td></tr>
253<tr><td class="num" id="LN168">168</td><td class="line"> <span class='keyword'>if</span> (sNumEntries &lt;= 0) {</td></tr>
254<tr><td class="num" id="LN169">169</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: root system description table is empty\n"</span>))<span class='expansion'>;</span></span>;</td></tr>
255<tr><td class="num" id="LN170">170</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
256<tr><td class="num" id="LN171">171</td><td class="line"> }</td></tr>
257<tr><td class="num" id="LN172">172</td><td class="line"> </td></tr>
258<tr><td class="num" id="LN173">173</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: searching %ld entries for table '%.4s'\n"</span>, sNumEntries,<span class='expansion'>;</span></span></td></tr>
259<tr><td class="num" id="LN174">174</td><td class="line"> <span class='macro'>signature))<span class='expansion'>;</span></span>;</td></tr>
260<tr><td class="num" id="LN175">175</td><td class="line"> </td></tr>
261<tr><td class="num" id="LN176">176</td><td class="line"> PointerType* pointer = (PointerType*)((uint8*)acpiSdt</td></tr>
262<tr><td class="num" id="LN177">177</td><td class="line"> + <span class='keyword'>sizeof</span>(acpi_descriptor_header));</td></tr>
263<tr><td class="num" id="LN178">178</td><td class="line"> </td></tr>
264<tr><td class="num" id="LN179">179</td><td class="line"> acpi_descriptor_header* header = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
265<tr><td class="num" id="LN180">180</td><td class="line"> <span class='keyword'>for</span> (int32 j = 0; j &lt; sNumEntries; j++, pointer++) {</td></tr>
266<tr><td class="num" id="LN181">181</td><td class="line"> header = (acpi_descriptor_header*)</td></tr>
267<tr><td class="num" id="LN182">182</td><td class="line"> mmu_map_physical_memory((uint32)*pointer,</td></tr>
268<tr><td class="num" id="LN183">183</td><td class="line"> <span class='keyword'>sizeof</span>(acpi_descriptor_header), kDefaultPageFlags);</td></tr>
269<tr><td class="num" id="LN184">184</td><td class="line"> </td></tr>
270<tr><td class="num" id="LN185">185</td><td class="line"> <span class='keyword'>if</span> (header == <span class='macro'>NULL<span class='expansion'>__null</span></span></td></tr>
271<tr><td class="num" id="LN186">186</td><td class="line"> || strncmp(header-&gt;signature, signature, 4) != 0) {</td></tr>
272<tr><td class="num" id="LN187">187</td><td class="line"> <span class='comment'>// not interesting for us</span></td></tr>
273<tr><td class="num" id="LN188">188</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: Looking for '%.4s'. Skipping '%.4s'\n"</span>,<span class='expansion'>;</span></span></td></tr>
274<tr><td class="num" id="LN189">189</td><td class="line"> <span class='macro'>signature, header != NULL ? header-&gt;signature : <span class='string_literal'>"null"</span>))<span class='expansion'>;</span></span>;</td></tr>
275<tr><td class="num" id="LN190">190</td><td class="line"> </td></tr>
276<tr><td class="num" id="LN191">191</td><td class="line"> <span class='keyword'>if</span> (header != <span class='macro'>NULL<span class='expansion'>__null</span></span>) {</td></tr>
277<tr><td class="num" id="LN192">192</td><td class="line"> mmu_free(header, <span class='keyword'>sizeof</span>(acpi_descriptor_header));</td></tr>
278<tr><td class="num" id="LN193">193</td><td class="line"> header = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
279<tr><td class="num" id="LN194">194</td><td class="line"> }</td></tr>
280<tr><td class="num" id="LN195">195</td><td class="line"> </td></tr>
281<tr><td class="num" id="LN196">196</td><td class="line"> <span class='keyword'>continue</span>;</td></tr>
282<tr><td class="num" id="LN197">197</td><td class="line"> }</td></tr>
283<tr><td class="num" id="LN198">198</td><td class="line"> </td></tr>
284<tr><td class="num" id="LN199">199</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi: Found '%.4s' @ %p\n"</span>, signature, pointer))<span class='expansion'>;</span></span>;</td></tr>
285<tr><td class="num" id="LN200">200</td><td class="line"> <span class='keyword'>break</span>;</td></tr>
286<tr><td class="num" id="LN201">201</td><td class="line"> }</td></tr>
287<tr><td class="num" id="LN202">202</td><td class="line"> </td></tr>
288<tr><td class="num" id="LN203">203</td><td class="line"> </td></tr>
289<tr><td class="num" id="LN204">204</td><td class="line"> <span class='keyword'>if</span> (header == <span class='macro'>NULL<span class='expansion'>__null</span></span>)</td></tr>
290<tr><td class="num" id="LN205">205</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
291<tr><td class="num" id="LN206">206</td><td class="line"> </td></tr>
292<tr><td class="num" id="LN207">207</td><td class="line"> <span class='comment'>// Map the whole table, not just the header</span></td></tr>
293<tr><td class="num" id="LN208">208</td><td class="line"> uint32 length = header-&gt;length;</td></tr>
294<tr><td class="num" id="LN209">209</td><td class="line"> mmu_free(header, <span class='keyword'>sizeof</span>(acpi_descriptor_header));</td></tr>
295<tr><td class="num" id="LN210">210</td><td class="line"> </td></tr>
296<tr><td class="num" id="LN211">211</td><td class="line"> <span class='keyword'>return</span> (acpi_descriptor_header*)mmu_map_physical_memory(</td></tr>
297<tr><td class="num" id="LN212">212</td><td class="line"> (uint32)*pointer, length, kDefaultPageFlags);</td></tr>
298<tr><td class="num" id="LN213">213</td><td class="line">}</td></tr>
299<tr><td class="num" id="LN214">214</td><td class="line"> </td></tr>
300<tr><td class="num" id="LN215">215</td><td class="line"> </td></tr>
301<tr><td class="num" id="LN216">216</td><td class="line">acpi_descriptor_header*</td></tr>
302<tr><td class="num" id="LN217">217</td><td class="line">acpi_find_table(<span class='keyword'>const</span> <span class='keyword'>char</span>* signature)</td></tr>
303<tr><td class="num" id="LN218">218</td><td class="line">{</td></tr>
304<tr><td class="num" id="LN219">219</td><td class="line"> <span class='keyword'>if</span> (sAcpiRsdt != <span class='macro'>NULL<span class='expansion'>__null</span></span>)</td></tr>
305<tr><td class="num" id="LN220">220</td><td class="line"> <span class='keyword'>return</span> acpi_find_table_generic&lt;uint32&gt;(signature, sAcpiRsdt);</td></tr>
306<tr><td class="num" id="LN221">221</td><td class="line"> <span class='keyword'>else</span> <span class='keyword'>if</span> (sAcpiXsdt != <span class='macro'>NULL<span class='expansion'>__null</span></span>)</td></tr>
307<tr><td class="num" id="LN222">222</td><td class="line"> <span class='keyword'>return</span> acpi_find_table_generic&lt;uint64&gt;(signature, sAcpiXsdt);</td></tr>
308<tr><td class="num" id="LN223">223</td><td class="line"> </td></tr>
309<tr><td class="num" id="LN224">224</td><td class="line"> <span class='keyword'>return</span> <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
310<tr><td class="num" id="LN225">225</td><td class="line">}</td></tr>
311<tr><td class="num" id="LN226">226</td><td class="line"> </td></tr>
312<tr><td class="num" id="LN227">227</td><td class="line"> </td></tr>
313<tr><td class="num" id="LN228">228</td><td class="line"><span class='keyword'>void</span></td></tr>
314<tr><td class="num" id="LN229">229</td><td class="line">acpi_init()</td></tr>
315<tr><td class="num" id="LN230">230</td><td class="line">{</td></tr>
316<tr><td class="num" id="LN231">231</td><td class="line"> <span class='comment'>// Try to find the ACPI RSDP.</span></td></tr>
317<tr><td class="num" id="LN232">232</td><td class="line"> <span class='keyword'>for</span> (int32 i = 0; acpi_scan_spots[i].length &gt; 0; i++) {</td></tr>
318<tr><td class="num"></td><td class="line"><div id="Path1" class="msg msgControl" style="margin-left:9ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">1</div></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path2" title="Next event (2)">&#x2192;</a></div></td></tr></table></div></td></tr>
319<tr><td class="num" id="LN233">233</td><td class="line"> acpi_rsdp* rsdp = <span class='macro'>NULL<span class='expansion'>__null</span></span>;</td></tr>
320<tr><td class="num" id="LN234">234</td><td class="line"> </td></tr>
321<tr><td class="num" id="LN235">235</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi_init: entry base 0x%lx, limit 0x%lx\n"</span>,<span class='expansion'>;</span></span></td></tr>
322<tr><td class="num" id="LN236">236</td><td class="line"> <span class='macro'>acpi_scan_spots[i].start, acpi_scan_spots[i].stop))<span class='expansion'>;</span></span>;</td></tr>
323<tr><td class="num" id="LN237">237</td><td class="line"> </td></tr>
324<tr><td class="num" id="LN238">238</td><td class="line"> <span class='keyword'>for</span> (<span class='keyword'>char</span>* pointer = (<span class='keyword'>char</span>*)acpi_scan_spots[i].start;</td></tr>
325<tr><td class="num"></td><td class="line"><div id="Path2" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">2</div></td><td><div class="PathNav"><a href="#Path1" title="Previous event (1)">&#x2190;</a></div></td></td><td>Loop condition is true. Entering loop body</td><td><div class="PathNav"><a href="#Path3" title="Next event (3)">&#x2192;</a></div></td></tr></table></div></td></tr>
326<tr><td class="num"></td><td class="line"><div id="Path4" class="msg msgControl" style="margin-left:17ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">4</div></td><td><div class="PathNav"><a href="#Path3" title="Previous event (3)">&#x2190;</a></div></td></td><td>Loop condition is false. Execution continues on line 247</td><td><div class="PathNav"><a href="#Path5" title="Next event (5)">&#x2192;</a></div></td></tr></table></div></td></tr>
327<tr><td class="num" id="LN239">239</td><td class="line"> (uint32)pointer &lt; acpi_scan_spots[i].stop; pointer += 16) {</td></tr>
328<tr><td class="num" id="LN240">240</td><td class="line"> <span class='keyword'>if</span> (strncmp(pointer, <span class='macro'>ACPI_RSDP_SIGNATURE<span class='expansion'>"RSD PTR "</span></span>, 8) == 0) {</td></tr>
329<tr><td class="num"></td><td class="line"><div id="Path3" class="msg msgControl" style="margin-left:25ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexControl">3</div></td><td><div class="PathNav"><a href="#Path2" title="Previous event (2)">&#x2190;</a></div></td></td><td>Taking true branch</td><td><div class="PathNav"><a href="#Path4" title="Next event (4)">&#x2192;</a></div></td></tr></table></div></td></tr>
330<tr><td class="num" id="LN241">241</td><td class="line"> <span class='macro'>TRACE((<span class='string_literal'>"acpi_init: found ACPI RSDP signature at %p\n"</span>,<span class='expansion'>;</span></span></td></tr>
331<tr><td class="num" id="LN242">242</td><td class="line"> <span class='macro'>pointer))<span class='expansion'>;</span></span>;</td></tr>
332<tr><td class="num" id="LN243">243</td><td class="line"> rsdp = (acpi_rsdp*)pointer;</td></tr>
333<tr><td class="num" id="LN244">244</td><td class="line"> }</td></tr>
334<tr><td class="num" id="LN245">245</td><td class="line"> }</td></tr>
335<tr><td class="num" id="LN246">246</td><td class="line"> </td></tr>
336<tr><td class="num" id="LN247">247</td><td class="line"> <span class='keyword'>if</span> (rsdp != <span class='macro'>NULL<span class='expansion'>__null</span></span> &amp;&amp; <span class="mrange">acpi_check_rsdt(rsdp)</span> == <span class='macro'>B_OK<span class='expansion'>((int)0)</span></span>)</td></tr>
337<tr><td class="num"></td><td class="line"><div id="Path5" class="msg msgEvent" style="margin-left:37ex"><table class="msgT"><tr><td valign="top"><div class="PathIndex PathIndexEvent">5</div></td><td><div class="PathNav"><a href="#Path4" title="Previous event (4)">&#x2190;</a></div></td></td><td>Calling 'acpi_check_rsdt'</td><td><div class="PathNav"><a href="#Path6" title="Next event (6)">&#x2192;</a></div></td></tr></table></div></td></tr>
338<tr><td class="num" id="LN248">248</td><td class="line"> <span class='keyword'>break</span>;</td></tr>
339<tr><td class="num" id="LN249">249</td><td class="line"> }</td></tr>
340<tr><td class="num" id="LN250">250</td><td class="line">}</td></tr>
341</table></body></html>