From 29c8e36e6ef2344e27392eb732168be58fca3682 Mon Sep 17 00:00:00 2001
From: OBattler <oubattler@gmail.com>
Date: Sun, 4 Jul 2021 20:50:03 +0200
Subject: [PATCH] Fixed miscellaneous bugs reported by Coverity.

---
 src/chipset/ali1489.c           | 16 ++++++++--------
 src/chipset/intel_4x0.c         |  6 +++---
 src/chipset/opti895.c           |  4 ++--
 src/chipset/via_apollo.c        | 13 ++++++-------
 src/chipset/via_vt82c49x.c      |  4 ++--
 src/device/hwm_lm75.c           |  5 +++--
 src/device/pci_bridge.c         |  6 ++++--
 src/include/86box/hwm.h         |  1 +
 src/mem/sst_flash.c             |  6 ++++--
 src/sio/sio_fdc37c93x.c         |  2 +-
 src/video/vid_et4000.c          |  9 ++++++---
 src/win/win_joystick_rawinput.c |  2 +-
 src/win/win_settings.c          |  2 ++
 13 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/src/chipset/ali1489.c b/src/chipset/ali1489.c
index 47e7cbd9b..03c1f4519 100644
--- a/src/chipset/ali1489.c
+++ b/src/chipset/ali1489.c
@@ -199,10 +199,10 @@ ali1489_defaults(ali1489_t *dev)
     smi_line = 0;
     in_smm = 0;
 
-    pci_set_irq(PCI_INTA, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTB, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTC, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTD, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTA, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTB, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTC, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTD, PCI_IRQ_DISABLED);
 }
 
 
@@ -570,10 +570,10 @@ ali1489_reset(void *priv)
 {
     ali1489_t *dev = (ali1489_t *)priv;
 
-    pci_set_irq(PCI_INTA, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTB, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTC, PCI_IRQ_DISABLED);
-    pci_set_irq(PCI_INTD, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTA, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTB, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTC, PCI_IRQ_DISABLED);
+    pci_set_irq_routing(PCI_INTD, PCI_IRQ_DISABLED);
 
     ali1489_defaults(dev);
 }
diff --git a/src/chipset/intel_4x0.c b/src/chipset/intel_4x0.c
index 0b157f4dd..6da41c24f 100644
--- a/src/chipset/intel_4x0.c
+++ b/src/chipset/intel_4x0.c
@@ -1303,11 +1303,11 @@ static void
 		regs[0x0d] = 0x20;
 		/* According to information from FreeBSD 3.x source code:
 			0x00 = 486DX, 0x20 = 486SX, 0x40 = 486DX2 or 486DX4, 0x80 = Pentium OverDrive. */
-		if (!(hasfpu) && (cpu_multi = 1))
+		if (!(hasfpu) && (cpu_multi == 1))
 			regs[0x50] = 0x20;
-		else if (!(hasfpu) && (cpu_multi = 2))
+		else if (!(hasfpu) && (cpu_multi == 2))
 			regs[0x50] = 0x60;	/* Guess based on the SX, DX, and DX2 values. */
-		else if (hasfpu && (cpu_multi = 1))
+		else if (hasfpu && (cpu_multi == 1))
 			regs[0x50] = 0x00;
 		else if (hasfpu && (cpu_multi >= 2) && !(cpu_s->cpu_type == CPU_P24T))
 			regs[0x50] = 0x40;
diff --git a/src/chipset/opti895.c b/src/chipset/opti895.c
index 447d64fa3..289388391 100644
--- a/src/chipset/opti895.c
+++ b/src/chipset/opti895.c
@@ -187,7 +187,7 @@ opti895_write(uint16_t addr, uint8_t val, void *priv)
 
 	case 0xe1:
 	case 0xe2:
-		dev->scratch[addr] = val;
+		dev->scratch[addr - 0xe1] = val;
 		break;
     }
 }
@@ -214,7 +214,7 @@ opti895_read(uint16_t addr, void *priv)
 		break;
 	case 0xe1:
 	case 0xe2:
-		ret = dev->scratch[addr];
+		ret = dev->scratch[addr - 0xe1];
 		break;
     }
 
diff --git a/src/chipset/via_apollo.c b/src/chipset/via_apollo.c
index 22de563c8..bf593c487 100644
--- a/src/chipset/via_apollo.c
+++ b/src/chipset/via_apollo.c
@@ -213,13 +213,12 @@ via_apollo_host_bridge_write(int func, int addr, uint8_t val, void *priv)
 	return;
 	
     /*Read-only addresses*/
-    if ((addr < 4) || ((addr >= 5) && (addr < 7)) || ((addr >= 8) && (addr < 0xd)) ||
-	((addr >= 0xe) && (addr < 0x12)) || ((addr >= 0x14) && (addr < 0x50)) ||
-	(addr == 0x69) || ((addr >= 0x79) && (addr < 0x7e)) ||
-	((addr >= 0x81) && (addr < 0x84)) || ((addr >= 0x85) && (addr < 0x88)) ||
-	((addr >= 0x8c) && (addr < 0xa8)) || ((addr >= 0xaa) && (addr < 0xac)) ||
-	((addr >= 0xad) && (addr < 0xf0)) || ((addr >= 0xf8) && (addr < 0xfc)) ||
-	(addr == 0xfd))
+    if ((addr < 4) || ((addr > 5) && (addr < 7)) || ((addr >= 8) && (addr < 0xd)) ||
+	((addr >= 0xe) && (addr != 0x0f) && (addr < 0x12)) || ((addr >= 0x14) && (addr < 0x50)) ||
+	((addr > 0x7a) && (addr < 0x7e)) || ((addr >= 0x81) && (addr < 0x84)) ||
+	((addr >= 0x85) && (addr < 0x88)) || ((addr >= 0x8c) && (addr < 0xa8)) ||
+	((addr >= 0xaa) && (addr < 0xac)) || ((addr > 0xad) && (addr < 0xf0)) ||
+	((addr >= 0xf8) && (addr < 0xfc)))
 	return;
     if (((addr == 0x78) || (addr >= 0xad)) && (dev->id == VIA_597))
 	return;
diff --git a/src/chipset/via_vt82c49x.c b/src/chipset/via_vt82c49x.c
index 712ad8f5a..20824b006 100644
--- a/src/chipset/via_vt82c49x.c
+++ b/src/chipset/via_vt82c49x.c
@@ -133,9 +133,9 @@ vt82c49x_recalc(vt82c49x_t *dev)
 			state = (dev->regs[0x33] & 0x10) ? MEM_WRITE_ROMCS : MEM_WRITE_EXTERNAL;
 
 		if ((dev->regs[0x32]) & (1 << (bit + 1)))
-			state = MEM_READ_INTERNAL;
+			state |= MEM_READ_INTERNAL;
 		else
-			state = (dev->regs[0x33] & 0x10) ? MEM_READ_ROMCS : MEM_READ_EXTERNAL;
+			state |= (dev->regs[0x33] & 0x10) ? MEM_READ_ROMCS : MEM_READ_EXTERNAL;
 	} else if ((base >= 0xe8000) && (base <= 0xeffff)) {
 		if (dev->regs[0x40] & 0x20)
 			state = MEM_WRITE_DISABLED;
diff --git a/src/device/hwm_lm75.c b/src/device/hwm_lm75.c
index 9faf73326..30615d912 100644
--- a/src/device/hwm_lm75.c
+++ b/src/device/hwm_lm75.c
@@ -187,13 +187,14 @@ lm75_remap(lm75_t *dev, uint8_t addr)
 {
     lm75_log("LM75: remapping to SMBus %02Xh\n", addr);
 
-    if (dev->i2c_addr < 0x80)
+    if (dev->i2c_enabled)
 	i2c_removehandler(i2c_smbus, dev->i2c_addr, 1, lm75_i2c_start, lm75_i2c_read, lm75_i2c_write, NULL, dev);
 
     if (addr < 0x80)
 	i2c_sethandler(i2c_smbus, addr, 1, lm75_i2c_start, lm75_i2c_read, lm75_i2c_write, NULL, dev);
 
-    dev->i2c_addr = addr;
+    dev->i2c_addr = addr & 0x7f;
+    dev->i2c_enabled = !!(addr & 0x80);
 }
 
 
diff --git a/src/device/pci_bridge.c b/src/device/pci_bridge.c
index 6a175d302..8e1353cc1 100644
--- a/src/device/pci_bridge.c
+++ b/src/device/pci_bridge.c
@@ -452,8 +452,10 @@ pci_bridge_init(const device_t *info)
     dev->slot = pci_add_card(AGP_BRIDGE(dev->local) ? PCI_ADD_AGPBRIDGE : PCI_ADD_BRIDGE, pci_bridge_read, pci_bridge_write, dev);
     interrupt_count = sizeof(interrupts);
     interrupt_mask = interrupt_count - 1;
-    for (i = 0; i < interrupt_count; i++)
-	interrupts[i] = pci_get_int(dev->slot, PCI_INTA + i);
+    if (dev->slot < 32) {
+	for (i = 0; i < interrupt_count; i++)
+		interrupts[i] = pci_get_int(dev->slot, PCI_INTA + i);
+    }
     pci_bridge_log("PCI Bridge %d: upstream bus %02X slot %02X interrupts %02X %02X %02X %02X\n", dev->bus_index, (dev->slot >> 5) & 0xff, dev->slot & 31, interrupts[0], interrupts[1], interrupts[2], interrupts[3]);
 
     if (info->local == PCI_BRIDGE_DEC_21150)
diff --git a/src/include/86box/hwm.h b/src/include/86box/hwm.h
index 6172ec693..28e6c031c 100644
--- a/src/include/86box/hwm.h
+++ b/src/include/86box/hwm.h
@@ -36,6 +36,7 @@ typedef struct {
     uint8_t	regs[8];
     uint8_t	addr_register;
     uint8_t	i2c_addr: 7, i2c_state: 2;
+    uint8_t	i2c_enabled;
 } lm75_t;
 
 
diff --git a/src/mem/sst_flash.c b/src/mem/sst_flash.c
index 2b8c4a54d..9358d554c 100644
--- a/src/mem/sst_flash.c
+++ b/src/mem/sst_flash.c
@@ -402,8 +402,10 @@ sst_close(void *p)
 
     if (dev->dirty) {
 	f = nvr_fopen(flash_path, "wb");
-	fwrite(&(dev->array[0x00000]), dev->size, 1, f);
-	fclose(f);
+	if (f != NULL) {
+		fwrite(&(dev->array[0x00000]), dev->size, 1, f);
+		fclose(f);
+	}
     }
 
     free(dev->array);
diff --git a/src/sio/sio_fdc37c93x.c b/src/sio/sio_fdc37c93x.c
index 35cfe862b..a20349aff 100644
--- a/src/sio/sio_fdc37c93x.c
+++ b/src/sio/sio_fdc37c93x.c
@@ -206,7 +206,7 @@ fdc37c93x_nvr_sec_handler(fdc37c93x_t *dev)
 	dev->nvr_sec_base = ld_port = make_port_sec(dev, 6) & 0xFFFE;
 	/* Datasheet erratum: First it says minimum address is 0x0100, but later implies that it's 0x0000
 			      and that default is 0x0070, same as (unrelocatable) primary NVR. */
-	if ((ld_port >= 0x0000) && (ld_port <= 0x0FFE))
+	if (ld_port <= 0x0FFE)
 		nvr_at_sec_handler(1, dev->nvr_sec_base, dev->nvr);
     }
 }
diff --git a/src/video/vid_et4000.c b/src/video/vid_et4000.c
index 3bce65159..f1dedf4a2 100644
--- a/src/video/vid_et4000.c
+++ b/src/video/vid_et4000.c
@@ -464,7 +464,8 @@ et4000_kasan_out(uint16_t addr, uint8_t val, void *priv)
 					break;
 				case 1:
 				case 2:
-					et4000->kasan_cfg_regs[et4000->kasan_cfg_index - 0xF0] = val;
+					if ((et4000->kasan_cfg_index - 0xF0) <= 16)
+						et4000->kasan_cfg_regs[et4000->kasan_cfg_index - 0xF0] = val;
 					io_removehandler(et4000->kasan_access_addr, 0x0008, et4000_kasan_in, NULL, NULL, et4000_kasan_out, NULL, NULL, et4000);
 					et4000->kasan_access_addr = (et4000->kasan_cfg_regs[2] << 8) | et4000->kasan_cfg_regs[1];
 					io_sethandler(et4000->kasan_access_addr, 0x0008, et4000_kasan_in, NULL, NULL, et4000_kasan_out, NULL, NULL, et4000);
@@ -507,8 +508,10 @@ et4000_kasan_out(uint16_t addr, uint8_t val, void *priv)
 			case 3:
 			case 4:
 			case 5:
-				if (et4000->kasan_cfg_regs[0] & 1)
-					et4000->kasan_font_data[addr - (((et4000->kasan_cfg_regs[2] << 8) | (et4000->kasan_cfg_regs[1])) + 3)] = val;
+				if (et4000->kasan_cfg_regs[0] & 1) {
+					if ((addr - (((et4000->kasan_cfg_regs[2] << 8) | (et4000->kasan_cfg_regs[1])) + 3)) <= 4)
+						et4000->kasan_font_data[addr - (((et4000->kasan_cfg_regs[2] << 8) | (et4000->kasan_cfg_regs[1])) + 3)] = val;
+				}
 				break;
 			case 6:
 				if ((et4000->kasan_cfg_regs[0] & 1) && (et4000->kasan_font_data[3] & !(val & 0x80)) && (et4000->get_korean_font_base & 0x7F) >= 0x20 && (et4000->get_korean_font_base & 0x7F) < 0x7F) {
diff --git a/src/win/win_joystick_rawinput.c b/src/win/win_joystick_rawinput.c
index c4f947bac..be808fc47 100644
--- a/src/win/win_joystick_rawinput.c
+++ b/src/win/win_joystick_rawinput.c
@@ -56,7 +56,7 @@ typedef struct {
 	HANDLE hdevice;
 	PHIDP_PREPARSED_DATA data;
 	
-	USAGE usage_button[128];
+	USAGE usage_button[256];
 
 	struct raw_axis_t {
 		USAGE  usage;
diff --git a/src/win/win_settings.c b/src/win/win_settings.c
index 067f7c9f9..a5f426ded 100644
--- a/src/win/win_settings.c
+++ b/src/win/win_settings.c
@@ -949,6 +949,8 @@ win_settings_machine_proc(HWND hdlg, UINT message, WPARAM wParam, LPARAM lParam)
 
 						win_settings_machine_recalc_machine(hdlg);
 					}
+
+					free(lptsTemp);
 				}
 				break;
 			case IDC_COMBO_MACHINE: