1  /* Reduced from qemu-7.2.0's hw/intc/omap_intc.c as per
       2     null-deref-pr108806.c, but with the:
       3       struct omap_intr_handler_bank_s* bank = NULL;
       4     converted to:
       5       struct omap_intr_handler_bank_s* bank;
       6   */
       7  
       8  typedef unsigned char __uint8_t;
       9  typedef unsigned int __uint32_t;
      10  typedef unsigned long int __uint64_t;
      11  typedef __uint8_t uint8_t;
      12  typedef __uint32_t uint32_t;
      13  typedef __uint64_t uint64_t;
      14  typedef uint64_t hwaddr;
      15  typedef struct omap_intr_handler_s omap_intr_handler;
      16  
      17  struct omap_intr_handler_bank_s
      18  {
      19    uint32_t irqs;
      20    uint32_t inputs;
      21    uint32_t mask;
      22    uint32_t fiq;
      23    uint32_t sens_edge;
      24    uint32_t swi;
      25    unsigned char priority[32];
      26  };
      27  
      28  struct omap_intr_handler_s
      29  {
      30    /* [...snip...] */
      31    unsigned char nbanks;
      32    /* [...snip...] */
      33    int sir_intr[2];
      34    int autoidle;
      35    uint32_t mask;
      36    struct omap_intr_handler_bank_s bank[3];
      37  };
      38  
      39  uint64_t
      40  omap2_inth_read(struct omap_intr_handler_s* s, int offset)
      41  {
      42    int bank_no, line_no;
      43    struct omap_intr_handler_bank_s* bank;
      44  
      45    if ((offset & 0xf80) == 0x80) {
      46      bank_no = (offset & 0x60) >> 5;
      47      if (bank_no < s->nbanks) {
      48        offset &= ~0x60;
      49        bank = &s->bank[bank_no];
      50      } else {
      51        return 0;
      52      }
      53    }
      54  
      55    switch (offset) {
      56      case 0x10:
      57        return (s->autoidle >> 2) & 1;
      58  
      59      case 0x14:
      60        return 1;
      61  
      62      case 0x40:
      63        return s->sir_intr[0];
      64  
      65      case 0x44:
      66        return s->sir_intr[1];
      67  
      68      case 0x48:
      69        return (!s->mask) << 2;
      70  
      71      case 0x4c:
      72        return 0;
      73  
      74      case 0x50:
      75        return s->autoidle & 3;
      76  
      77      case 0x80:
      78        return bank->inputs; /* { dg-bogus "use of uninitialized value 'bank'" "PR analyzer/108806" } */
      79  
      80      case 0x84:
      81        return bank->mask; /* { dg-bogus "use of uninitialized value 'bank'" "PR analyzer/108806" } */
      82  
      83      case 0x88:
      84      case 0x8c:
      85        return 0;
      86  
      87      case 0x90:
      88        return bank->swi; /* { dg-bogus "use of uninitialized value 'bank'" "PR analyzer/108806" } */
      89  
      90      case 0x94:
      91        return 0;
      92  
      93      case 0x98:
      94        return bank->irqs & ~bank->mask & ~bank->fiq; /* { dg-bogus "use of uninitialized value 'bank'" "PR analyzer/108806" } */
      95  
      96      case 0x9c:
      97        return bank->irqs & ~bank->mask & bank->fiq; /* { dg-bogus "use of uninitialized value 'bank'" "PR analyzer/108806" } */
      98  
      99      case 0x100 ... 0x300:
     100        bank_no = (offset - 0x100) >> 7;
     101        if (bank_no > s->nbanks)
     102          break;
     103        bank = &s->bank[bank_no];
     104        line_no = (offset & 0x7f) >> 2;
     105        return (bank->priority[line_no] << 2) | ((bank->fiq >> line_no) & 1);
     106    }
     107    return 0;
     108  }