All memory DRC objects are created during machine init. It is thus safe to assume spapr_drc_by_id() cannot return NULL when hot-plug/unplugging memory.
Make this clear with an assertion, like the code already does a few lines above when looping over memory DRCs. This fixes Coverity reports 1437757 and 1437758. Signed-off-by: Greg Kurz <gr...@kaod.org> --- hw/ppc/spapr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index dee48a0043bb..c283ff639040 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -3424,6 +3424,7 @@ static void spapr_add_lmbs(DeviceState *dev, uint64_t addr_start, uint64_t size, if (dedicated_hp_event_source) { drc = spapr_drc_by_id(TYPE_SPAPR_DRC_LMB, addr_start / SPAPR_MEMORY_BLOCK_SIZE); + g_assert(drc); spapr_hotplug_req_add_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB, nr_lmbs, spapr_drc_index(drc)); @@ -3664,6 +3665,7 @@ static void spapr_memory_unplug_request(HotplugHandler *hotplug_dev, drc = spapr_drc_by_id(TYPE_SPAPR_DRC_LMB, addr_start / SPAPR_MEMORY_BLOCK_SIZE); + g_assert(drc); spapr_hotplug_req_remove_by_count_indexed(SPAPR_DR_CONNECTOR_TYPE_LMB, nr_lmbs, spapr_drc_index(drc)); }