Attachment 665081 Details for Bug 887927 – Coverity scan results

Coverity scan results

qemu-1.2.0-25.fc19.html (text/html), 3.24 MB, created by Richard W.M. Jones on 2012-12-17 19:55:37 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Richard W.M. Jones

Created: 2012-12-17 19:55:37 UTC

Size: 3.24 MB

patch

obsolete

><?xml version='1.0' encoding='utf-8'?>
><!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN' 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>
><html xmlns='http://www.w3.org/1999/xhtml'>
><head><title>qemu-1.2.0-25.fc19</title></head>
><body>
><h1>qemu-1.2.0-25.fc19</h1>
><a href='qemu-1.2.0-25.fc19.err'>[Show plain-text results]</a>
><h2>List of Defects</h2>
><pre style='white-space: pre-wrap;'>
><a name='def1'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def1'>[#def1]</a>
>qemu-kvm-1.2.0/tcg/tcg.c:1858: cond_true: Condition &quot;nb_regs &gt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1865: cond_false: Condition &quot;call_stack_size &gt; 128&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1866: cond_false: Condition &quot;allocate_args&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1870: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_true: Condition &quot;i &lt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1878: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1880: cond_true: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1896: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_true: Condition &quot;i &lt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1878: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1880: cond_true: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1896: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_true: Condition &quot;i &lt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1878: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1880: cond_false: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: else_branch: Reached else branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: cond_true: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1888: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1896: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_true: Condition &quot;i &lt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1878: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1880: cond_false: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: else_branch: Reached else branch
>qemu-kvm-1.2.0/tcg/tcg.c:1882: cond_false: Condition &quot;ts-&gt;val_type == 2&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1888: else_branch: Reached else branch
>qemu-kvm-1.2.0/tcg/tcg.c:1888: cond_true: Condition &quot;ts-&gt;val_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1894: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1896: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_true: Condition &quot;i &lt; nb_params&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1878: cond_false: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1897: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1873: cond_false: Condition &quot;i &lt; nb_params&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1901: loop_end: Reached end of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: cond_true: Condition &quot;i &lt; nb_regs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1907: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1911: cond_true: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1912: cond_true: Condition &quot;ts-&gt;reg != reg&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1915: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1922: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1925: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: cond_true: Condition &quot;i &lt; nb_regs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1907: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1911: cond_true: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1912: cond_true: Condition &quot;ts-&gt;reg != reg&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1915: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1922: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1925: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: cond_true: Condition &quot;i &lt; nb_regs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1907: cond_true: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1911: cond_false: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1915: else_branch: Reached else branch
>qemu-kvm-1.2.0/tcg/tcg.c:1915: cond_true: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1917: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1922: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1925: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: cond_true: Condition &quot;i &lt; nb_regs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1907: cond_false: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1924: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1925: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1905: cond_false: Condition &quot;i &lt; nb_regs&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1925: loop_end: Reached end of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1933: cond_true: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1938: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1958: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1962: cond_true: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1964: cond_true: Condition &quot;(dead_args &gt;&gt; i) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1966: cond_true: Condition &quot;!ts-&gt;fixed_reg&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1967: cond_true: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1972: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1962: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1962: cond_true: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1964: cond_true: Condition &quot;(dead_args &gt;&gt; i) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1966: cond_false: Condition &quot;!ts-&gt;fixed_reg&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1970: if_end: End of if statement
>qemu-kvm-1.2.0/tcg/tcg.c:1972: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1962: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1962: cond_false: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1972: loop_end: Reached end of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1975: cond_true: Condition &quot;reg &lt; 16&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1976: cond_true: Condition &quot;(tcg_target_call_clobber_regs &gt;&gt; reg) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1979: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1975: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1975: cond_true: Condition &quot;reg &lt; 16&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1976: cond_true: Condition &quot;(tcg_target_call_clobber_regs &gt;&gt; reg) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1979: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/tcg/tcg.c:1975: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1975: cond_false: Condition &quot;reg &lt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/tcg/tcg.c:1979: loop_end: Reached end of loop
>qemu-kvm-1.2.0/tcg/tcg.c:1983: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/tcg/tcg.c:1987: address_of: Taking address with &quot;&amp;func_arg&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/tcg/tcg.c:1987: callee_ptr_arith: Passing &quot;&amp;func_arg&quot; to function &quot;tcg_out_op(TCGContext *, TCGOpcode, TCGArg const *, int const *)&quot; which uses it as an array. This might corrupt or misinterpret adjacent memory locations.
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1504:5: switch: Switch case value &quot;INDEX_op_movi_i32&quot;
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1541:10: switch_case: Reached case &quot;INDEX_op_movi_i32&quot;
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1542:9: ptr_arith: Performing pointer arithmetic on &quot;args&quot; in expression &quot;args + 1&quot;.
>
><a name='def2'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def2'>[#def2]</a>
>qemu-kvm-1.2.0/hw/qxl.c:657: address_of: Taking address with &quot;&amp;d-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/hw/qxl.c:657: assign: Assigning: &quot;ring&quot; = &quot;&amp;d-&gt;ram-&gt;release_ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:663: cond_false: Condition &quot;ring-&gt;prod - ring-&gt;cons + 1 == ring-&gt;num_items&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:666: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:667: cond_true: Condition &quot;!flush&quot;, taking true branch
>qemu-kvm-1.2.0/hw/qxl.c:667: cond_false: Condition &quot;d-&gt;oom_running&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:670: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:671: cond_true: Condition &quot;!flush&quot;, taking true branch
>qemu-kvm-1.2.0/hw/qxl.c:671: cond_false: Condition &quot;d-&gt;num_free_res &lt; 32&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:674: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:676: cond_true: Condition &quot;ring-&gt;prod == ring-&gt;notify_on_prod&quot;, taking true branch
>qemu-kvm-1.2.0/hw/qxl.c:677: cond_true: Condition &quot;notify&quot;, taking true branch
>qemu-kvm-1.2.0/hw/qxl.c:682: cond_true: Condition &quot;notify&quot;, taking true branch
>qemu-kvm-1.2.0/hw/qxl.c:685: assign: Assigning: &quot;start&quot; = &quot;ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:685: ptr_arith: Using &quot;ring&quot; as an array. This might corrupt or misinterpret adjacent memory locations.
>
><a name='def3'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def3'>[#def3]</a>
>qemu-kvm-1.2.0/hw/qxl.c:588: switch: Switch case value &quot;QXL_MODE_COMPAT&quot;
>qemu-kvm-1.2.0/hw/qxl.c:604: switch_case: Reached case &quot;QXL_MODE_COMPAT&quot;
>qemu-kvm-1.2.0/hw/qxl.c:607: address_of: Taking address with &quot;&amp;qxl-&gt;ram-&gt;cmd_ring&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/hw/qxl.c:607: assign: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;cmd_ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:608: cond_false: Condition &quot;qxl-&gt;guest_bug&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:608: cond_false: Condition &quot;ring-&gt;cons == ring-&gt;prod&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:610: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:611: assign: Assigning: &quot;start&quot; = &quot;ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:611: ptr_arith: Using &quot;ring&quot; as an array. This might corrupt or misinterpret adjacent memory locations.
>
><a name='def4'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def4'>[#def4]</a>
>qemu-kvm-1.2.0/hw/qxl.c:748: switch: Switch case value &quot;QXL_MODE_COMPAT&quot;
>qemu-kvm-1.2.0/hw/qxl.c:749: switch_case: Reached case &quot;QXL_MODE_COMPAT&quot;
>qemu-kvm-1.2.0/hw/qxl.c:752: address_of: Taking address with &quot;&amp;qxl-&gt;ram-&gt;cursor_ring&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/hw/qxl.c:752: assign: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;cursor_ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:753: cond_false: Condition &quot;ring-&gt;cons == ring-&gt;prod&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:755: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:756: assign: Assigning: &quot;start&quot; = &quot;ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:756: ptr_arith: Using &quot;ring&quot; as an array. This might corrupt or misinterpret adjacent memory locations.
>
><a name='def5'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def5'>[#def5]</a>
>qemu-kvm-1.2.0/hw/qxl.c:703: cond_false: Condition &quot;ext.group_id == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:713: address_of: Taking address with &quot;&amp;qxl-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/hw/qxl.c:713: assign: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;release_ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:714: assign: Assigning: &quot;start&quot; = &quot;ring&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:714: ptr_arith: Using &quot;ring&quot; as an array. This might corrupt or misinterpret adjacent memory locations.
>
><a name='def6'/>Error: ARRAY_VS_SINGLETON (CWE-119): <a href ='#def6'>[#def6]</a>
>qemu-kvm-1.2.0/hw/qxl.c:392: address_of: Taking address with &quot;&amp;d-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.
>qemu-kvm-1.2.0/hw/qxl.c:392: ptr_arith: Using &quot;&amp;d-&gt;ram-&gt;release_ring&quot; as an array. This might corrupt or misinterpret adjacent memory locations.
>
><a name='def7'/>Error: ATOMICITY (CWE-662): <a href ='#def7'>[#def7]</a>
>qemu-kvm-1.2.0/audio/paaudio.c:296: cond_false: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:298: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:300: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:303: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:304: cond_false: Condition &quot;pa-&gt;done&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:306: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:308: cond_true: Condition &quot;pa-&gt;dead &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:309: break: Breaking from loop
>qemu-kvm-1.2.0/audio/paaudio.c:315: loop_end: Reached end of loop
>qemu-kvm-1.2.0/audio/paaudio.c:317: cond_true: Condition &quot;ta &gt; tb&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:296: lock: Locking &quot;pa-&gt;pt.mutex&quot;.
>qemu-kvm-1.2.0/audio/paaudio.c:318: def: Assigning data that might be protected by the lock to &quot;wpos&quot;.
>qemu-kvm-1.2.0/audio/paaudio.c:320: unlock: Unlocking &quot;pa-&gt;pt.mutex&quot;. &quot;wpos&quot; might now be unreliable because other threads can now change the data that it depends on.
>qemu-kvm-1.2.0/audio/paaudio.c:320: cond_false: Condition &quot;audio_pt_unlock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:322: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:324: cond_false: Condition &quot;to_grab&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:338: loop_end: Reached end of loop
>qemu-kvm-1.2.0/audio/paaudio.c:340: cond_false: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:342: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:340: lockagain: Locking &quot;pa-&gt;pt.mutex&quot; again.
>qemu-kvm-1.2.0/audio/paaudio.c:344: use: Using an unreliable value of &quot;wpos&quot; inside the second locked section. If the data that &quot;wpos&quot; depends on was changed by another thread, this use might be incorrect.
>
><a name='def8'/>Error: ATOMICITY (CWE-662): <a href ='#def8'>[#def8]</a>
>qemu-kvm-1.2.0/audio/paaudio.c:204: cond_false: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:206: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:208: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:211: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:212: cond_false: Condition &quot;pa-&gt;done&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:214: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:216: cond_true: Condition &quot;pa-&gt;live &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:217: break: Breaking from loop
>qemu-kvm-1.2.0/audio/paaudio.c:223: loop_end: Reached end of loop
>qemu-kvm-1.2.0/audio/paaudio.c:225: cond_true: Condition &quot;ta &gt; tb&quot;, taking true branch
>qemu-kvm-1.2.0/audio/paaudio.c:204: lock: Locking &quot;pa-&gt;pt.mutex&quot;.
>qemu-kvm-1.2.0/audio/paaudio.c:226: def: Assigning data that might be protected by the lock to &quot;rpos&quot;.
>qemu-kvm-1.2.0/audio/paaudio.c:228: unlock: Unlocking &quot;pa-&gt;pt.mutex&quot;. &quot;rpos&quot; might now be unreliable because other threads can now change the data that it depends on.
>qemu-kvm-1.2.0/audio/paaudio.c:228: cond_false: Condition &quot;audio_pt_unlock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:230: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:232: cond_false: Condition &quot;to_mix&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:247: loop_end: Reached end of loop
>qemu-kvm-1.2.0/audio/paaudio.c:249: cond_false: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/paaudio.c:251: if_end: End of if statement
>qemu-kvm-1.2.0/audio/paaudio.c:249: lockagain: Locking &quot;pa-&gt;pt.mutex&quot; again.
>qemu-kvm-1.2.0/audio/paaudio.c:253: use: Using an unreliable value of &quot;rpos&quot; inside the second locked section. If the data that &quot;rpos&quot; depends on was changed by another thread, this use might be incorrect.
>
><a name='def9'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def9'>[#def9]</a>
>qemu-kvm-1.2.0/trace.h:1116: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def10'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def10'>[#def10]</a>
>qemu-kvm-1.2.0/trace.h:1116: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def11'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def11'>[#def11]</a>
>qemu-kvm-1.2.0/trace.h:1128: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def12'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def12'>[#def12]</a>
>qemu-kvm-1.2.0/trace.h:1128: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def13'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def13'>[#def13]</a>
>qemu-kvm-1.2.0/trace.h:1119: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def14'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def14'>[#def14]</a>
>qemu-kvm-1.2.0/trace.h:1119: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def15'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def15'>[#def15]</a>
>qemu-kvm-1.2.0/trace.h:21: bad_sizeof: Taking the size of pointer parameter &quot;newptr&quot; is suspicious.
>
><a name='def16'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def16'>[#def16]</a>
>qemu-kvm-1.2.0/trace.h:21: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def17'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def17'>[#def17]</a>
>qemu-kvm-1.2.0/trace.h:2169: bad_sizeof: Taking the size of pointer parameter &quot;display_state&quot; is suspicious.
>
><a name='def18'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def18'>[#def18]</a>
>qemu-kvm-1.2.0/trace.h:2169: bad_sizeof: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.
>
><a name='def19'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def19'>[#def19]</a>
>qemu-kvm-1.2.0/trace.h:903: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def20'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def20'>[#def20]</a>
>qemu-kvm-1.2.0/trace.h:915: bad_sizeof: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.
>
><a name='def21'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def21'>[#def21]</a>
>qemu-kvm-1.2.0/trace.h:78: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def22'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def22'>[#def22]</a>
>qemu-kvm-1.2.0/trace.h:78: bad_sizeof: Taking the size of pointer parameter &quot;filename&quot; is suspicious.
>
><a name='def23'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def23'>[#def23]</a>
>qemu-kvm-1.2.0/trace.h:78: bad_sizeof: Taking the size of pointer parameter &quot;format_name&quot; is suspicious.
>
><a name='def24'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def24'>[#def24]</a>
>qemu-kvm-1.2.0/trace.h:90: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def25'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def25'>[#def25]</a>
>qemu-kvm-1.2.0/trace.h:90: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def26'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def26'>[#def26]</a>
>qemu-kvm-1.2.0/trace.h:489: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def27'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def27'>[#def27]</a>
>qemu-kvm-1.2.0/trace.h:486: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def28'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def28'>[#def28]</a>
>qemu-kvm-1.2.0/trace.h:492: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def29'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def29'>[#def29]</a>
>qemu-kvm-1.2.0/trace.h:495: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def30'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def30'>[#def30]</a>
>qemu-kvm-1.2.0/trace.h:2172: bad_sizeof: Taking the size of pointer parameter &quot;display_state&quot; is suspicious.
>
><a name='def31'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def31'>[#def31]</a>
>qemu-kvm-1.2.0/trace.h:2172: bad_sizeof: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.
>
><a name='def32'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def32'>[#def32]</a>
>qemu-kvm-1.2.0/trace.h:144: bad_sizeof: Taking the size of pointer parameter &quot;req&quot; is suspicious.
>
><a name='def33'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def33'>[#def33]</a>
>qemu-kvm-1.2.0/trace.h:141: bad_sizeof: Taking the size of pointer parameter &quot;req&quot; is suspicious.
>
><a name='def34'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def34'>[#def34]</a>
>qemu-kvm-1.2.0/trace.h:135: bad_sizeof: Taking the size of pointer parameter &quot;req&quot; is suspicious.
>
><a name='def35'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def35'>[#def35]</a>
>qemu-kvm-1.2.0/trace.h:138: bad_sizeof: Taking the size of pointer parameter &quot;req&quot; is suspicious.
>
><a name='def36'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def36'>[#def36]</a>
>qemu-kvm-1.2.0/trace.h:480: bad_sizeof: Taking the size of pointer parameter &quot;n&quot; is suspicious.
>
><a name='def37'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def37'>[#def37]</a>
>qemu-kvm-1.2.0/trace.h:480: bad_sizeof: Taking the size of pointer parameter &quot;o&quot; is suspicious.
>
><a name='def38'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def38'>[#def38]</a>
>qemu-kvm-1.2.0/trace.h:480: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def39'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def39'>[#def39]</a>
>qemu-kvm-1.2.0/trace.h:480: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def40'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def40'>[#def40]</a>
>qemu-kvm-1.2.0/trace.h:483: bad_sizeof: Taking the size of pointer parameter &quot;n&quot; is suspicious.
>
><a name='def41'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def41'>[#def41]</a>
>qemu-kvm-1.2.0/trace.h:483: bad_sizeof: Taking the size of pointer parameter &quot;o&quot; is suspicious.
>
><a name='def42'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def42'>[#def42]</a>
>qemu-kvm-1.2.0/trace.h:483: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def43'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def43'>[#def43]</a>
>qemu-kvm-1.2.0/trace.h:483: bad_sizeof: Taking the size of pointer parameter &quot;port&quot; is suspicious.
>
><a name='def44'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def44'>[#def44]</a>
>qemu-kvm-1.2.0/trace.h:117: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def45'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def45'>[#def45]</a>
>qemu-kvm-1.2.0/trace.h:2160: bad_sizeof: Taking the size of pointer parameter &quot;cb&quot; is suspicious.
>
><a name='def46'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def46'>[#def46]</a>
>qemu-kvm-1.2.0/trace.h:2160: bad_sizeof: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.
>
><a name='def47'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def47'>[#def47]</a>
>qemu-kvm-1.2.0/trace.h:2157: bad_sizeof: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.
>
><a name='def48'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def48'>[#def48]</a>
>qemu-kvm-1.2.0/trace.h:2163: bad_sizeof: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.
>
><a name='def49'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def49'>[#def49]</a>
>qemu-kvm-1.2.0/trace.h:2166: bad_sizeof: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.
>
><a name='def50'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def50'>[#def50]</a>
>qemu-kvm-1.2.0/trace.h:2154: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def51'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def51'>[#def51]</a>
>qemu-kvm-1.2.0/trace.h:2154: bad_sizeof: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.
>
><a name='def52'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def52'>[#def52]</a>
>qemu-kvm-1.2.0/trace.h:51: bad_sizeof: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.
>
><a name='def53'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def53'>[#def53]</a>
>qemu-kvm-1.2.0/trace.h:51: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def54'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def54'>[#def54]</a>
>qemu-kvm-1.2.0/trace.h:36: bad_sizeof: Taking the size of pointer parameter &quot;elem&quot; is suspicious.
>
><a name='def55'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def55'>[#def55]</a>
>qemu-kvm-1.2.0/trace.h:36: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def56'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def56'>[#def56]</a>
>qemu-kvm-1.2.0/trace.h:39: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def57'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def57'>[#def57]</a>
>qemu-kvm-1.2.0/trace.h:45: bad_sizeof: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.
>
><a name='def58'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def58'>[#def58]</a>
>qemu-kvm-1.2.0/trace.h:45: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def59'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def59'>[#def59]</a>
>qemu-kvm-1.2.0/trace.h:1548: bad_sizeof: Taking the size of pointer parameter &quot;buf&quot; is suspicious.
>
><a name='def60'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def60'>[#def60]</a>
>qemu-kvm-1.2.0/trace.h:1545: bad_sizeof: Taking the size of pointer parameter &quot;buf&quot; is suspicious.
>
><a name='def61'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def61'>[#def61]</a>
>qemu-kvm-1.2.0/trace.h:1551: bad_sizeof: Taking the size of pointer parameter &quot;buf&quot; is suspicious.
>
><a name='def62'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def62'>[#def62]</a>
>qemu-kvm-1.2.0/trace.h:42: bad_sizeof: Taking the size of pointer parameter &quot;elem&quot; is suspicious.
>
><a name='def63'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def63'>[#def63]</a>
>qemu-kvm-1.2.0/trace.h:42: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def64'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def64'>[#def64]</a>
>qemu-kvm-1.2.0/trace.h:54: bad_sizeof: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.
>
><a name='def65'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def65'>[#def65]</a>
>qemu-kvm-1.2.0/trace.h:822: bad_sizeof: Taking the size of pointer parameter &quot;f&quot; is suspicious.
>
><a name='def66'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def66'>[#def66]</a>
>qemu-kvm-1.2.0/trace.h:819: bad_sizeof: Taking the size of pointer parameter &quot;f&quot; is suspicious.
>
><a name='def67'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def67'>[#def67]</a>
>qemu-kvm-1.2.0/trace.h:1908: bad_sizeof: Taking the size of pointer parameter &quot;cmd_name&quot; is suspicious.
>
><a name='def68'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def68'>[#def68]</a>
>qemu-kvm-1.2.0/trace.h:1908: bad_sizeof: Taking the size of pointer parameter &quot;mon&quot; is suspicious.
>
><a name='def69'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def69'>[#def69]</a>
>qemu-kvm-1.2.0/trace.h:1029: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def70'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def70'>[#def70]</a>
>qemu-kvm-1.2.0/trace.h:1026: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def71'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def71'>[#def71]</a>
>qemu-kvm-1.2.0/trace.h:1020: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def72'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def72'>[#def72]</a>
>qemu-kvm-1.2.0/trace.h:1023: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def73'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def73'>[#def73]</a>
>qemu-kvm-1.2.0/trace.h:1017: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def74'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def74'>[#def74]</a>
>qemu-kvm-1.2.0/trace.h:102: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def75'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def75'>[#def75]</a>
>qemu-kvm-1.2.0/trace.h:108: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def76'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def76'>[#def76]</a>
>qemu-kvm-1.2.0/trace.h:99: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def77'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def77'>[#def77]</a>
>qemu-kvm-1.2.0/trace.h:105: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def78'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def78'>[#def78]</a>
>qemu-kvm-1.2.0/trace.h:519: bad_sizeof: Taking the size of pointer parameter &quot;sts&quot; is suspicious.
>
><a name='def79'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def79'>[#def79]</a>
>qemu-kvm-1.2.0/trace.h:522: bad_sizeof: Taking the size of pointer parameter &quot;schedule&quot; is suspicious.
>
><a name='def80'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def80'>[#def80]</a>
>qemu-kvm-1.2.0/trace.h:522: bad_sizeof: Taking the size of pointer parameter &quot;state&quot; is suspicious.
>
><a name='def81'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def81'>[#def81]</a>
>qemu-kvm-1.2.0/trace.h:48: bad_sizeof: Taking the size of pointer parameter &quot;vq&quot; is suspicious.
>
><a name='def82'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def82'>[#def82]</a>
>qemu-kvm-1.2.0/trace.h:1920: bad_sizeof: Taking the size of pointer parameter &quot;data&quot; is suspicious.
>
><a name='def83'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def83'>[#def83]</a>
>qemu-kvm-1.2.0/trace.h:1923: bad_sizeof: Taking the size of pointer parameter &quot;data&quot; is suspicious.
>
><a name='def84'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def84'>[#def84]</a>
>qemu-kvm-1.2.0/trace.h:1914: bad_sizeof: Taking the size of pointer parameter &quot;data&quot; is suspicious.
>
><a name='def85'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def85'>[#def85]</a>
>qemu-kvm-1.2.0/trace.h:1914: bad_sizeof: Taking the size of pointer parameter &quot;evname&quot; is suspicious.
>
><a name='def86'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def86'>[#def86]</a>
>qemu-kvm-1.2.0/trace.h:525: bad_sizeof: Taking the size of pointer parameter &quot;q&quot; is suspicious.
>
><a name='def87'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def87'>[#def87]</a>
>qemu-kvm-1.2.0/trace.h:552: bad_sizeof: Taking the size of pointer parameter &quot;owner&quot; is suspicious.
>
><a name='def88'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def88'>[#def88]</a>
>qemu-kvm-1.2.0/trace.h:501: bad_sizeof: Taking the size of pointer parameter &quot;str&quot; is suspicious.
>
><a name='def89'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def89'>[#def89]</a>
>qemu-kvm-1.2.0/trace.h:507: bad_sizeof: Taking the size of pointer parameter &quot;str&quot; is suspicious.
>
><a name='def90'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def90'>[#def90]</a>
>qemu-kvm-1.2.0/trace.h:504: bad_sizeof: Taking the size of pointer parameter &quot;str&quot; is suspicious.
>
><a name='def91'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def91'>[#def91]</a>
>qemu-kvm-1.2.0/trace.h:549: bad_sizeof: Taking the size of pointer parameter &quot;device&quot; is suspicious.
>
><a name='def92'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def92'>[#def92]</a>
>qemu-kvm-1.2.0/trace.h:549: bad_sizeof: Taking the size of pointer parameter &quot;owner&quot; is suspicious.
>
><a name='def93'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def93'>[#def93]</a>
>qemu-kvm-1.2.0/trace.h:534: bad_sizeof: Taking the size of pointer parameter &quot;q&quot; is suspicious.
>
><a name='def94'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def94'>[#def94]</a>
>qemu-kvm-1.2.0/trace.h:564: bad_sizeof: Taking the size of pointer parameter &quot;action&quot; is suspicious.
>
><a name='def95'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def95'>[#def95]</a>
>qemu-kvm-1.2.0/trace.h:564: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def96'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def96'>[#def96]</a>
>qemu-kvm-1.2.0/trace.h:564: bad_sizeof: Taking the size of pointer parameter &quot;q&quot; is suspicious.
>
><a name='def97'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def97'>[#def97]</a>
>qemu-kvm-1.2.0/trace.h:561: bad_sizeof: Taking the size of pointer parameter &quot;action&quot; is suspicious.
>
><a name='def98'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def98'>[#def98]</a>
>qemu-kvm-1.2.0/trace.h:561: bad_sizeof: Taking the size of pointer parameter &quot;q&quot; is suspicious.
>
><a name='def99'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def99'>[#def99]</a>
>qemu-kvm-1.2.0/trace.h:570: bad_sizeof: Taking the size of pointer parameter &quot;reason&quot; is suspicious.
>
><a name='def100'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def100'>[#def100]</a>
>qemu-kvm-1.2.0/trace.h:87: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def101'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def101'>[#def101]</a>
>qemu-kvm-1.2.0/trace.h:87: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def102'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def102'>[#def102]</a>
>qemu-kvm-1.2.0/trace.h:84: bad_sizeof: Taking the size of pointer parameter &quot;mcb&quot; is suspicious.
>
><a name='def103'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def103'>[#def103]</a>
>qemu-kvm-1.2.0/trace.h:2400: bad_sizeof: Taking the size of pointer parameter &quot;busname&quot; is suspicious.
>
><a name='def104'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def104'>[#def104]</a>
>qemu-kvm-1.2.0/trace.h:2388: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def105'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def105'>[#def105]</a>
>qemu-kvm-1.2.0/trace.h:2385: bad_sizeof: Taking the size of pointer parameter &quot;msg&quot; is suspicious.
>
><a name='def106'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def106'>[#def106]</a>
>qemu-kvm-1.2.0/trace.h:1704: bad_sizeof: Taking the size of pointer parameter &quot;nxt&quot; is suspicious.
>
><a name='def107'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def107'>[#def107]</a>
>qemu-kvm-1.2.0/trace.h:1707: bad_sizeof: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.
>
><a name='def108'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def108'>[#def108]</a>
>qemu-kvm-1.2.0/trace.h:1707: bad_sizeof: Taking the size of pointer parameter &quot;self&quot; is suspicious.
>
><a name='def109'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def109'>[#def109]</a>
>qemu-kvm-1.2.0/trace.h:1710: bad_sizeof: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.
>
><a name='def110'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def110'>[#def110]</a>
>qemu-kvm-1.2.0/trace.h:1710: bad_sizeof: Taking the size of pointer parameter &quot;self&quot; is suspicious.
>
><a name='def111'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def111'>[#def111]</a>
>qemu-kvm-1.2.0/trace.h:1713: bad_sizeof: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.
>
><a name='def112'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def112'>[#def112]</a>
>qemu-kvm-1.2.0/trace.h:1713: bad_sizeof: Taking the size of pointer parameter &quot;self&quot; is suspicious.
>
><a name='def113'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def113'>[#def113]</a>
>qemu-kvm-1.2.0/trace.h:1716: bad_sizeof: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.
>
><a name='def114'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def114'>[#def114]</a>
>qemu-kvm-1.2.0/trace.h:1716: bad_sizeof: Taking the size of pointer parameter &quot;self&quot; is suspicious.
>
><a name='def115'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def115'>[#def115]</a>
>qemu-kvm-1.2.0/trace.h:2295: bad_sizeof: Taking the size of pointer parameter &quot;surface&quot; is suspicious.
>
><a name='def116'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def116'>[#def116]</a>
>qemu-kvm-1.2.0/trace.h:1686: bad_sizeof: Taking the size of pointer parameter &quot;addr&quot; is suspicious.
>
><a name='def117'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def117'>[#def117]</a>
>qemu-kvm-1.2.0/trace.h:1974: bad_sizeof: Taking the size of pointer parameter &quot;aname&quot; is suspicious.
>
><a name='def118'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def118'>[#def118]</a>
>qemu-kvm-1.2.0/trace.h:1974: bad_sizeof: Taking the size of pointer parameter &quot;uname&quot; is suspicious.
>
><a name='def119'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def119'>[#def119]</a>
>qemu-kvm-1.2.0/trace.h:1125: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def120'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def120'>[#def120]</a>
>qemu-kvm-1.2.0/trace.h:1125: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def121'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def121'>[#def121]</a>
>qemu-kvm-1.2.0/trace.h:1122: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def122'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def122'>[#def122]</a>
>qemu-kvm-1.2.0/trace.h:1122: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def123'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def123'>[#def123]</a>
>qemu-kvm-1.2.0/trace.h:2034: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def124'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def124'>[#def124]</a>
>qemu-kvm-1.2.0/trace.h:2049: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def125'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def125'>[#def125]</a>
>qemu-kvm-1.2.0/trace.h:2076: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def126'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def126'>[#def126]</a>
>qemu-kvm-1.2.0/trace.h:2094: bad_sizeof: Taking the size of pointer parameter &quot;target&quot; is suspicious.
>
><a name='def127'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def127'>[#def127]</a>
>qemu-kvm-1.2.0/trace.h:2040: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def128'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def128'>[#def128]</a>
>qemu-kvm-1.2.0/trace.h:2040: bad_sizeof: Taking the size of pointer parameter &quot;symname&quot; is suspicious.
>
><a name='def129'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def129'>[#def129]</a>
>qemu-kvm-1.2.0/trace.h:1968: bad_sizeof: Taking the size of pointer parameter &quot;version&quot; is suspicious.
>
><a name='def130'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def130'>[#def130]</a>
>qemu-kvm-1.2.0/trace.h:1971: bad_sizeof: Taking the size of pointer parameter &quot;version&quot; is suspicious.
>
><a name='def131'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def131'>[#def131]</a>
>qemu-kvm-1.2.0/trace.h:1995: bad_sizeof: Taking the size of pointer parameter &quot;qids&quot; is suspicious.
>
><a name='def132'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def132'>[#def132]</a>
>qemu-kvm-1.2.0/trace.h:2088: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def133'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def133'>[#def133]</a>
>qemu-kvm-1.2.0/trace.h:2082: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def134'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def134'>[#def134]</a>
>qemu-kvm-1.2.0/trace.h:114: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def135'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def135'>[#def135]</a>
>qemu-kvm-1.2.0/trace.h:114: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def136'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def136'>[#def136]</a>
>qemu-kvm-1.2.0/trace.h:111: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def137'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def137'>[#def137]</a>
>qemu-kvm-1.2.0/trace.h:24: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def138'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def138'>[#def138]</a>
>qemu-kvm-1.2.0/trace.h:717: bad_sizeof: Taking the size of pointer parameter &quot;evt&quot; is suspicious.
>
><a name='def139'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def139'>[#def139]</a>
>qemu-kvm-1.2.0/trace.h:717: bad_sizeof: Taking the size of pointer parameter &quot;trb&quot; is suspicious.
>
><a name='def140'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def140'>[#def140]</a>
>qemu-kvm-1.2.0/trace.h:762: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def141'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def141'>[#def141]</a>
>qemu-kvm-1.2.0/trace.h:774: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def142'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def142'>[#def142]</a>
>qemu-kvm-1.2.0/trace.h:765: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def143'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def143'>[#def143]</a>
>qemu-kvm-1.2.0/trace.h:768: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def144'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def144'>[#def144]</a>
>qemu-kvm-1.2.0/trace.h:759: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def145'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def145'>[#def145]</a>
>qemu-kvm-1.2.0/trace.h:18: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def146'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def146'>[#def146]</a>
>qemu-kvm-1.2.0/trace.h:720: bad_sizeof: Taking the size of pointer parameter &quot;name&quot; is suspicious.
>
><a name='def147'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def147'>[#def147]</a>
>qemu-kvm-1.2.0/trace.h:771: bad_sizeof: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.
>
><a name='def148'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def148'>[#def148]</a>
>qemu-kvm-1.2.0/trace.h:147: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def149'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def149'>[#def149]</a>
>qemu-kvm-1.2.0/trace.h:147: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def150'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def150'>[#def150]</a>
>qemu-kvm-1.2.0/trace.h:1419: bad_sizeof: Taking the size of pointer parameter &quot;dcmd&quot; is suspicious.
>
><a name='def151'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def151'>[#def151]</a>
>qemu-kvm-1.2.0/trace.h:1272: bad_sizeof: Taking the size of pointer parameter &quot;cmd&quot; is suspicious.
>
><a name='def152'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def152'>[#def152]</a>
>qemu-kvm-1.2.0/trace.h:918: bad_sizeof: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.
>
><a name='def153'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def153'>[#def153]</a>
>qemu-kvm-1.2.0/trace.h:912: bad_sizeof: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.
>
><a name='def154'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def154'>[#def154]</a>
>qemu-kvm-1.2.0/trace.h:1395: bad_sizeof: Taking the size of pointer parameter &quot;desc&quot; is suspicious.
>
><a name='def155'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def155'>[#def155]</a>
>qemu-kvm-1.2.0/trace.h:1392: bad_sizeof: Taking the size of pointer parameter &quot;desc&quot; is suspicious.
>
><a name='def156'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def156'>[#def156]</a>
>qemu-kvm-1.2.0/trace.h:960: bad_sizeof: Taking the size of pointer parameter &quot;dir&quot; is suspicious.
>
><a name='def157'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def157'>[#def157]</a>
>qemu-kvm-1.2.0/trace.h:960: bad_sizeof: Taking the size of pointer parameter &quot;type&quot; is suspicious.
>
><a name='def158'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def158'>[#def158]</a>
>qemu-kvm-1.2.0/trace.h:966: bad_sizeof: Taking the size of pointer parameter &quot;errmsg&quot; is suspicious.
>
><a name='def159'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def159'>[#def159]</a>
>qemu-kvm-1.2.0/trace.h:909: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def160'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def160'>[#def160]</a>
>qemu-kvm-1.2.0/trace.h:897: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def161'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def161'>[#def161]</a>
>qemu-kvm-1.2.0/trace.h:900: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def162'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def162'>[#def162]</a>
>qemu-kvm-1.2.0/trace.h:906: bad_sizeof: Taking the size of pointer parameter &quot;p&quot; is suspicious.
>
><a name='def163'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def163'>[#def163]</a>
>qemu-kvm-1.2.0/block/curl.c:296: bad_sizeof: Taking the size of &quot;curl_read_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?
>
><a name='def164'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def164'>[#def164]</a>
>qemu-kvm-1.2.0/block/curl.c:390: bad_sizeof: Taking the size of &quot;curl_read_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?
>
><a name='def165'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def165'>[#def165]</a>
>qemu-kvm-1.2.0/block/curl.c:386: bad_sizeof: Taking the size of &quot;curl_size_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?
>
><a name='def166'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def166'>[#def166]</a>
>qemu-kvm-1.2.0/trace.h:1911: bad_sizeof: Taking the size of pointer parameter &quot;mon&quot; is suspicious.
>
><a name='def167'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def167'>[#def167]</a>
>qemu-kvm-1.2.0/trace.h:2202: bad_sizeof: Taking the size of pointer parameter &quot;cookie&quot; is suspicious.
>
><a name='def168'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def168'>[#def168]</a>
>qemu-kvm-1.2.0/trace.h:2364: bad_sizeof: Taking the size of pointer parameter &quot;client_monitors_config&quot; is suspicious.
>
><a name='def169'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def169'>[#def169]</a>
>qemu-kvm-1.2.0/trace.h:2361: bad_sizeof: Taking the size of pointer parameter &quot;heads&quot; is suspicious.
>
><a name='def170'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def170'>[#def170]</a>
>qemu-kvm-1.2.0/trace.h:2274: bad_sizeof: Taking the size of pointer parameter &quot;last_release&quot; is suspicious.
>
><a name='def171'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def171'>[#def171]</a>
>qemu-kvm-1.2.0/trace.h:2274: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def172'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def172'>[#def172]</a>
>qemu-kvm-1.2.0/trace.h:2274: bad_sizeof: Taking the size of pointer parameter &quot;notify&quot; is suspicious.
>
><a name='def173'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def173'>[#def173]</a>
>qemu-kvm-1.2.0/trace.h:2256: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def174'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def174'>[#def174]</a>
>qemu-kvm-1.2.0/trace.h:2259: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def175'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def175'>[#def175]</a>
>qemu-kvm-1.2.0/trace.h:2265: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def176'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def176'>[#def176]</a>
>qemu-kvm-1.2.0/trace.h:2268: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def177'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def177'>[#def177]</a>
>qemu-kvm-1.2.0/hw/qxl.c:952: bad_sizeof: Taking the size of pointer parameter &quot;caps&quot; is suspicious.
>
><a name='def178'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def178'>[#def178]</a>
>qemu-kvm-1.2.0/hw/qxl.c:954: bad_sizeof: Taking the size of pointer parameter &quot;caps&quot; is suspicious.
>
><a name='def179'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def179'>[#def179]</a>
>qemu-kvm-1.2.0/trace.h:2226: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def180'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def180'>[#def180]</a>
>qemu-kvm-1.2.0/trace.h:2229: bad_sizeof: Taking the size of pointer parameter &quot;log_buf&quot; is suspicious.
>
><a name='def181'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def181'>[#def181]</a>
>qemu-kvm-1.2.0/trace.h:2235: bad_sizeof: Taking the size of pointer parameter &quot;desc&quot; is suspicious.
>
><a name='def182'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def182'>[#def182]</a>
>qemu-kvm-1.2.0/trace.h:2238: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def183'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def183'>[#def183]</a>
>qemu-kvm-1.2.0/trace.h:2331: bad_sizeof: Taking the size of pointer parameter &quot;ext&quot; is suspicious.
>
><a name='def184'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def184'>[#def184]</a>
>qemu-kvm-1.2.0/trace.h:2244: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def185'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def185'>[#def185]</a>
>qemu-kvm-1.2.0/trace.h:1101: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def186'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def186'>[#def186]</a>
>qemu-kvm-1.2.0/trace.h:1107: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def187'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def187'>[#def187]</a>
>qemu-kvm-1.2.0/trace.h:1107: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def188'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def188'>[#def188]</a>
>qemu-kvm-1.2.0/trace.h:1113: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def189'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def189'>[#def189]</a>
>qemu-kvm-1.2.0/trace.h:1113: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def190'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def190'>[#def190]</a>
>qemu-kvm-1.2.0/trace.h:1110: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def191'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def191'>[#def191]</a>
>qemu-kvm-1.2.0/trace.h:1110: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def192'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def192'>[#def192]</a>
>qemu-kvm-1.2.0/trace.h:1110: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def193'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def193'>[#def193]</a>
>qemu-kvm-1.2.0/trace.h:1104: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def194'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def194'>[#def194]</a>
>qemu-kvm-1.2.0/trace.h:1344: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def195'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def195'>[#def195]</a>
>qemu-kvm-1.2.0/trace.h:1347: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def196'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def196'>[#def196]</a>
>qemu-kvm-1.2.0/trace.h:1311: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def197'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def197'>[#def197]</a>
>qemu-kvm-1.2.0/trace.h:1326: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def198'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def198'>[#def198]</a>
>qemu-kvm-1.2.0/trace.h:1305: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def199'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def199'>[#def199]</a>
>qemu-kvm-1.2.0/trace.h:1305: bad_sizeof: Taking the size of pointer parameter &quot;sdev&quot; is suspicious.
>
><a name='def200'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def200'>[#def200]</a>
>qemu-kvm-1.2.0/trace.h:1308: bad_sizeof: Taking the size of pointer parameter &quot;frame&quot; is suspicious.
>
><a name='def201'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def201'>[#def201]</a>
>qemu-kvm-1.2.0/trace.h:126: bad_sizeof: Taking the size of pointer parameter &quot;job&quot; is suspicious.
>
><a name='def202'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def202'>[#def202]</a>
>qemu-kvm-1.2.0/trace.h:132: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def203'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def203'>[#def203]</a>
>qemu-kvm-1.2.0/trace.h:132: bad_sizeof: Taking the size of pointer parameter &quot;job&quot; is suspicious.
>
><a name='def204'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def204'>[#def204]</a>
>qemu-kvm-1.2.0/trace.h:129: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def205'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def205'>[#def205]</a>
>qemu-kvm-1.2.0/trace.h:129: bad_sizeof: Taking the size of pointer parameter &quot;job&quot; is suspicious.
>
><a name='def206'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def206'>[#def206]</a>
>qemu-kvm-1.2.0/trace.h:1044: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def207'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def207'>[#def207]</a>
>qemu-kvm-1.2.0/trace.h:1056: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def208'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def208'>[#def208]</a>
>qemu-kvm-1.2.0/trace.h:1047: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def209'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def209'>[#def209]</a>
>qemu-kvm-1.2.0/trace.h:1053: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def210'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def210'>[#def210]</a>
>qemu-kvm-1.2.0/trace.h:1050: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def211'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def211'>[#def211]</a>
>qemu-kvm-1.2.0/trace.h:2175: bad_sizeof: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.
>
><a name='def212'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def212'>[#def212]</a>
>qemu-kvm-1.2.0/trace.h:2175: bad_sizeof: Taking the size of pointer parameter &quot;filename&quot; is suspicious.
>
><a name='def213'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def213'>[#def213]</a>
>qemu-kvm-1.2.0/trace.h:93: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def214'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def214'>[#def214]</a>
>qemu-kvm-1.2.0/trace.h:93: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def215'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def215'>[#def215]</a>
>qemu-kvm-1.2.0/trace.h:96: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def216'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def216'>[#def216]</a>
>qemu-kvm-1.2.0/trace.h:96: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def217'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def217'>[#def217]</a>
>qemu-kvm-1.2.0/trace.h:1071: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def218'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def218'>[#def218]</a>
>qemu-kvm-1.2.0/trace.h:1074: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def219'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def219'>[#def219]</a>
>qemu-kvm-1.2.0/trace.h:1059: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def220'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def220'>[#def220]</a>
>qemu-kvm-1.2.0/trace.h:1068: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def221'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def221'>[#def221]</a>
>qemu-kvm-1.2.0/trace.h:1065: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def222'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def222'>[#def222]</a>
>qemu-kvm-1.2.0/trace.h:1062: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def223'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def223'>[#def223]</a>
>qemu-kvm-1.2.0/trace.h:1086: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def224'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def224'>[#def224]</a>
>qemu-kvm-1.2.0/trace.h:1086: bad_sizeof: Taking the size of pointer parameter &quot;table&quot; is suspicious.
>
><a name='def225'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def225'>[#def225]</a>
>qemu-kvm-1.2.0/trace.h:1092: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def226'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def226'>[#def226]</a>
>qemu-kvm-1.2.0/trace.h:1092: bad_sizeof: Taking the size of pointer parameter &quot;table&quot; is suspicious.
>
><a name='def227'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def227'>[#def227]</a>
>qemu-kvm-1.2.0/trace.h:1089: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def228'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def228'>[#def228]</a>
>qemu-kvm-1.2.0/trace.h:1089: bad_sizeof: Taking the size of pointer parameter &quot;table&quot; is suspicious.
>
><a name='def229'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def229'>[#def229]</a>
>qemu-kvm-1.2.0/trace.h:1095: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def230'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def230'>[#def230]</a>
>qemu-kvm-1.2.0/trace.h:1095: bad_sizeof: Taking the size of pointer parameter &quot;table&quot; is suspicious.
>
><a name='def231'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def231'>[#def231]</a>
>qemu-kvm-1.2.0/trace.h:1197: bad_sizeof: Taking the size of pointer parameter &quot;scd&quot; is suspicious.
>
><a name='def232'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def232'>[#def232]</a>
>qemu-kvm-1.2.0/trace.h:1194: bad_sizeof: Taking the size of pointer parameter &quot;scd&quot; is suspicious.
>
><a name='def233'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def233'>[#def233]</a>
>qemu-kvm-1.2.0/trace.h:1038: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def234'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def234'>[#def234]</a>
>qemu-kvm-1.2.0/trace.h:1035: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def235'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def235'>[#def235]</a>
>qemu-kvm-1.2.0/trace.h:1041: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def236'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def236'>[#def236]</a>
>qemu-kvm-1.2.0/trace.h:1032: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def237'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def237'>[#def237]</a>
>qemu-kvm-1.2.0/trace.h:33: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def238'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def238'>[#def238]</a>
>qemu-kvm-1.2.0/trace.h:27: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def239'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def239'>[#def239]</a>
>qemu-kvm-1.2.0/trace.h:30: bad_sizeof: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.
>
><a name='def240'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def240'>[#def240]</a>
>qemu-kvm-1.2.0/trace.h:2382: bad_sizeof: Taking the size of pointer parameter &quot;cookie&quot; is suspicious.
>
><a name='def241'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def241'>[#def241]</a>
>qemu-kvm-1.2.0/trace.h:81: bad_sizeof: Taking the size of pointer parameter &quot;mcb&quot; is suspicious.
>
><a name='def242'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def242'>[#def242]</a>
>qemu-kvm-1.2.0/trace.h:1917: bad_sizeof: Taking the size of pointer parameter &quot;data&quot; is suspicious.
>
><a name='def243'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def243'>[#def243]</a>
>qemu-kvm-1.2.0/trace.h:153: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def244'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def244'>[#def244]</a>
>qemu-kvm-1.2.0/trace.h:153: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def245'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def245'>[#def245]</a>
>qemu-kvm-1.2.0/trace.h:150: bad_sizeof: Taking the size of pointer parameter &quot;acb&quot; is suspicious.
>
><a name='def246'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def246'>[#def246]</a>
>qemu-kvm-1.2.0/trace.h:150: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def247'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def247'>[#def247]</a>
>qemu-kvm-1.2.0/block/rbd.c:593: bad_sizeof: Taking the size of pointer parameter &quot;rcb&quot; is suspicious.
>
><a name='def248'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def248'>[#def248]</a>
>qemu-kvm-1.2.0/trace.h:120: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def249'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def249'>[#def249]</a>
>qemu-kvm-1.2.0/trace.h:123: bad_sizeof: Taking the size of pointer parameter &quot;base&quot; is suspicious.
>
><a name='def250'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def250'>[#def250]</a>
>qemu-kvm-1.2.0/trace.h:123: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def251'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def251'>[#def251]</a>
>qemu-kvm-1.2.0/trace.h:123: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def252'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def252'>[#def252]</a>
>qemu-kvm-1.2.0/trace.h:123: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def253'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def253'>[#def253]</a>
>qemu-kvm-1.2.0/trace.h:123: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def254'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def254'>[#def254]</a>
>qemu-kvm-1.2.0/trace.h:162: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def255'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def255'>[#def255]</a>
>qemu-kvm-1.2.0/trace.h:1077: bad_sizeof: Taking the size of pointer parameter &quot;entry&quot; is suspicious.
>
><a name='def256'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def256'>[#def256]</a>
>qemu-kvm-1.2.0/trace.h:1077: bad_sizeof: Taking the size of pointer parameter &quot;l2_cache&quot; is suspicious.
>
><a name='def257'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def257'>[#def257]</a>
>qemu-kvm-1.2.0/trace.h:1083: bad_sizeof: Taking the size of pointer parameter &quot;entry&quot; is suspicious.
>
><a name='def258'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def258'>[#def258]</a>
>qemu-kvm-1.2.0/trace.h:1083: bad_sizeof: Taking the size of pointer parameter &quot;l2_cache&quot; is suspicious.
>
><a name='def259'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def259'>[#def259]</a>
>qemu-kvm-1.2.0/trace.h:1080: bad_sizeof: Taking the size of pointer parameter &quot;entry&quot; is suspicious.
>
><a name='def260'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def260'>[#def260]</a>
>qemu-kvm-1.2.0/trace.h:1098: bad_sizeof: Taking the size of pointer parameter &quot;s&quot; is suspicious.
>
><a name='def261'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def261'>[#def261]</a>
>qemu-kvm-1.2.0/trace.h:1698: bad_sizeof: Taking the size of pointer parameter &quot;co&quot; is suspicious.
>
><a name='def262'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def262'>[#def262]</a>
>qemu-kvm-1.2.0/trace.h:1692: bad_sizeof: Taking the size of pointer parameter &quot;from&quot; is suspicious.
>
><a name='def263'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def263'>[#def263]</a>
>qemu-kvm-1.2.0/trace.h:1692: bad_sizeof: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.
>
><a name='def264'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def264'>[#def264]</a>
>qemu-kvm-1.2.0/trace.h:1692: bad_sizeof: Taking the size of pointer parameter &quot;to&quot; is suspicious.
>
><a name='def265'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def265'>[#def265]</a>
>qemu-kvm-1.2.0/trace.h:1695: bad_sizeof: Taking the size of pointer parameter &quot;from&quot; is suspicious.
>
><a name='def266'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def266'>[#def266]</a>
>qemu-kvm-1.2.0/trace.h:1695: bad_sizeof: Taking the size of pointer parameter &quot;to&quot; is suspicious.
>
><a name='def267'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def267'>[#def267]</a>
>qemu-kvm-1.2.0/trace.h:1458: bad_sizeof: Taking the size of pointer parameter &quot;intr&quot; is suspicious.
>
><a name='def268'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def268'>[#def268]</a>
>qemu-kvm-1.2.0/trace.h:1458: bad_sizeof: Taking the size of pointer parameter &quot;mode&quot; is suspicious.
>
><a name='def269'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def269'>[#def269]</a>
>qemu-kvm-1.2.0/trace.h:264: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def270'/>Error: BAD_SIZEOF (CWE-467): <a href ='#def270'>[#def270]</a>
>qemu-kvm-1.2.0/trace.h:267: bad_sizeof: Taking the size of pointer parameter &quot;bs&quot; is suspicious.
>
><a name='def271'/>Error: BUFFER_SIZE (CWE-170): <a href ='#def271'>[#def271]</a>
>qemu-kvm-1.2.0/block/vvfat.c:620: cond_true: Condition &quot;is_dot&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:622: buffer_size: You might overrun the 8 byte destination string &quot;entry-&gt;name&quot; by writing the maximum 11 bytes from &quot;32&quot;.
>
><a name='def272'/>Error: BUFFER_SIZE (CWE-170): <a href ='#def272'>[#def272]</a>
>qemu-kvm-1.2.0/block/vvfat.c:620: cond_false: Condition &quot;is_dot&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:625: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:630: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_false: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:630: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:631: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:632: cond_true: Condition &quot;j &gt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:632: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:634: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:637: buffer_size: You might overrun the 8 byte destination string &quot;entry-&gt;name&quot; by writing the maximum 11 bytes from &quot;32&quot;.
>
><a name='def273'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def273'>[#def273]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1178: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1180: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1183: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;buf&quot; of size 256 bytes might leave the destination string unterminated.
>
><a name='def274'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def274'>[#def274]</a>
>qemu-kvm-1.2.0/hw/bt-hci.c:1390: cond_true: Condition &quot;hci-&gt;device.lmp_name&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci.c:1391: buffer_size_warning: Calling strncpy with a maximum size argument of 248 bytes on destination array &quot;params.name&quot; of size 248 bytes might leave the destination string unterminated.
>
><a name='def275'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def275'>[#def275]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:2451: cond_true: Condition &quot;len &gt;= 80&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2453: cond_false: Condition &quot;copy_from_user(&amp;psinfo-&gt;pr_psargs, ts-&gt;info-&gt;arg_start, len)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2454: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2455: cond_true: Condition &quot;i &lt; len&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2456: cond_true: Condition &quot;psinfo-&gt;pr_psargs[i] == 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2457: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2455: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2455: cond_true: Condition &quot;i &lt; len&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2456: cond_true: Condition &quot;psinfo-&gt;pr_psargs[i] == 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2457: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2455: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2455: cond_false: Condition &quot;i &lt; len&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2457: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2467: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2468: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2469: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;psinfo-&gt;pr_fname&quot; of size 16 bytes might leave the destination string unterminated.
>
><a name='def276'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def276'>[#def276]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:108: cond_false: Condition &quot;!v9fs_synth_fs&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:110: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:111: cond_false: Condition &quot;!name&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:111: cond_false: Condition &quot;strlen(name) &gt;= 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:113: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:114: cond_true: Condition &quot;!parent&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: cond_true: Condition &quot;tmp&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:120: cond_false: Condition &quot;!__coverity_strcmp(tmp-&gt;name, name)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:123: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:124: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: cond_false: Condition &quot;tmp&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:124: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:135: buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array &quot;node-&gt;name&quot; of size 255 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:136: cond_true: Condition &quot;parent-&gt;child.lh_first != NULL&quot;, taking true branch
>
><a name='def277'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def277'>[#def277]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:47: cond_true: Condition &quot;attr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:51: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:59: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:61: buffer_size_warning: Calling strncpy with a maximum size argument of 255 bytes on destination array &quot;node-&gt;name&quot; of size 255 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:62: cond_true: Condition &quot;parent-&gt;child.lh_first != NULL&quot;, taking true branch
>
><a name='def278'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def278'>[#def278]</a>
>qemu-kvm-1.2.0/block.c:1280: cond_false: Condition &quot;!drv&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1281: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:1283: cond_false: Condition &quot;!bs-&gt;backing_hd&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1285: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:1287: cond_false: Condition &quot;bs-&gt;backing_hd-&gt;keep_read_only&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:1291: cond_false: Condition &quot;bdrv_in_use(bs)&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1291: cond_false: Condition &quot;bdrv_in_use(bs-&gt;backing_hd)&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1293: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:1297: buffer_size_warning: Calling strncpy with a maximum size argument of 1024 bytes on destination array &quot;filename&quot; of size 1024 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/block.c:1300: cond_true: Condition &quot;ro&quot;, taking true branch
>qemu-kvm-1.2.0/block.c:1307: cond_true: Condition &quot;rw_ret &lt; 0&quot;, taking true branch
>
><a name='def279'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def279'>[#def279]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1102: cond_false: Condition &quot;parse_vdiname(s, filename, vdi, &amp;snapid, tag) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1105: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1107: cond_false: Condition &quot;s-&gt;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1110: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1113: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1115: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1117: cond_true: Condition &quot;flags &amp; 0x40&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1120: cond_false: Condition &quot;s-&gt;flush_fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1124: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1127: cond_true: Condition &quot;snapid&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1133: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1137: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1145: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1147: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1154: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;s-&gt;name&quot; of size 256 bytes might leave the destination string unterminated.
>
><a name='def280'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def280'>[#def280]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1746: cond_false: Condition &quot;s-&gt;is_snapshot&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1751: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1757: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;s-&gt;inode.tag&quot; of size 256 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/block/sheepdog.c:1763: cond_true: Condition &quot;fd &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1765: goto: Jumping to label &quot;cleanup&quot;
>qemu-kvm-1.2.0/block/sheepdog.c:1797: label: Reached label &quot;cleanup&quot;
>
><a name='def281'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def281'>[#def281]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1821: cond_true: Condition &quot;!snapid&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1822: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;tag&quot; of size 256 bytes might leave the destination string unterminated.
>
><a name='def282'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def282'>[#def282]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1817: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;vdi&quot; of size 256 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/block/sheepdog.c:1821: cond_true: Condition &quot;!snapid&quot;, taking true branch
>
><a name='def283'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def283'>[#def283]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1896: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1899: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1912: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1914: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1923: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1927: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1929: cond_true: Condition &quot;found &lt; nr&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1930: cond_false: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1932: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1939: cond_true: Condition &quot;ret&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1940: continue: Continuing loop
>qemu-kvm-1.2.0/block/sheepdog.c:1955: loop: Looping back
>qemu-kvm-1.2.0/block/sheepdog.c:1929: cond_true: Condition &quot;found &lt; nr&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1930: cond_false: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1932: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1939: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1941: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1943: cond_true: Condition &quot;!__coverity_strcmp(inode.name, s-&gt;name)&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1943: cond_true: Condition &quot;is_snapshot(&amp;inode)&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1951: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;(sn_tab + found).name&quot; of size 256 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/block/sheepdog.c:1955: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/sheepdog.c:1929: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/sheepdog.c:1929: cond_true: Condition &quot;found &lt; nr&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1930: cond_true: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:1931: break: Breaking from loop
>qemu-kvm-1.2.0/block/sheepdog.c:1955: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/sheepdog.c:1963: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1965: if_end: End of if statement
>
><a name='def284'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def284'>[#def284]</a>
>qemu-kvm-1.2.0/os-posix.c:149: cond_false: Condition &quot;!s&quot;, taking false branch
>qemu-kvm-1.2.0/os-posix.c:150: if_end: End of if statement
>qemu-kvm-1.2.0/os-posix.c:152: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;name&quot; of size 16 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/os-posix.c:155: cond_true: Condition &quot;prctl(15, name)&quot;, taking true branch
>
><a name='def285'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def285'>[#def285]</a>
>qemu-kvm-1.2.0/hw/r2d.c:231: cond_false: Condition &quot;__s == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:231: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/r2d.c:231: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:231: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/r2d.c:239: cond_true: Condition &quot;cpu_model == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:244: cond_false: Condition &quot;cpu == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:247: if_end: End of if statement
>qemu-kvm-1.2.0/hw/r2d.c:283: cond_true: Condition &quot;dinfo&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:290: cond_true: Condition &quot;i &lt; nb_nics&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:291: cond_true: Condition &quot;i == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:291: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/r2d.c:290: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/r2d.c:290: cond_true: Condition &quot;i &lt; nb_nics&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:291: cond_false: Condition &quot;i == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:291: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/r2d.c:290: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/r2d.c:290: cond_false: Condition &quot;i &lt; nb_nics&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:291: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/r2d.c:299: cond_true: Condition &quot;kernel_filename&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:305: cond_false: Condition &quot;kernel_size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:308: if_end: End of if statement
>qemu-kvm-1.2.0/hw/r2d.c:316: cond_true: Condition &quot;initrd_filename&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:323: cond_false: Condition &quot;initrd_size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/r2d.c:326: if_end: End of if statement
>qemu-kvm-1.2.0/hw/r2d.c:334: cond_true: Condition &quot;kernel_cmdline&quot;, taking true branch
>qemu-kvm-1.2.0/hw/r2d.c:335: buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;boot_params.kernel_cmdline&quot; of size 256 bytes might leave the destination string unterminated.
>
><a name='def286'/>Error: BUFFER_SIZE_WARNING (CWE-170): <a href ='#def286'>[#def286]</a>
>qemu-kvm-1.2.0/qga/commands-posix.c:785: cond_false: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:790: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:792: cond_true: Condition &quot;ifa&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:806: cond_true: Condition &quot;!info&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:811: cond_true: Condition &quot;!cur_item&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:813: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:816: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:823: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:828: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:831: buffer_size_warning: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;ifr.ifr_ifrn.ifrn_name&quot; of size 16 bytes might leave the destination string unterminated.
>qemu-kvm-1.2.0/qga/commands-posix.c:832: cond_true: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:838: goto: Jumping to label &quot;error&quot;
>qemu-kvm-1.2.0/qga/commands-posix.c:932: label: Reached label &quot;error&quot;
>
><a name='def287'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def287'>[#def287]</a>
>qemu-kvm-1.2.0/audio/audio.c:165: switch: Switch case default
>qemu-kvm-1.2.0/audio/audio.c:175: switch_default: Reached default
>qemu-kvm-1.2.0/audio/audio.c:176: check_return: Calling function &quot;audio_bug(char const *, int)&quot; without checking return value (as is done elsewhere 25 out of 26 times).
>qemu-kvm-1.2.0/audio/audio.c:192: example_checked: &quot;audio_bug(&quot;audio_calloc&quot;, cond)&quot; has its value checked in &quot;audio_bug(&quot;audio_calloc&quot;, cond)&quot;.
>qemu-kvm-1.2.0/audio/audio.c:1003: example_checked: &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; hw-&gt;samples)&quot;.
>qemu-kvm-1.2.0/audio/audio.c:1530: example_checked: &quot;audio_bug(&lt;anonymous&gt;, captured &gt; sw-&gt;total_hw_samples_mixed)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, captured &gt; sw-&gt;total_hw_samples_mixed)&quot;.
>qemu-kvm-1.2.0/audio/audio.c:1281: example_checked: &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; sw-&gt;hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; sw-&gt;hw-&gt;samples)&quot;.
>qemu-kvm-1.2.0/audio/sdlaudio.c:256: example_checked: &quot;audio_bug(&lt;anonymous&gt;, sdl-&gt;live &lt; 0 || sdl-&gt;live &gt; hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, sdl-&gt;live &lt; 0 || sdl-&gt;live &gt; hw-&gt;samples)&quot;.
>qemu-kvm-1.2.0/audio/audio.c:176: unchecked_value: No check of the return value of &quot;audio_bug(&quot;bits_to_index&quot;, 1)&quot;.
>
><a name='def288'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def288'>[#def288]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:162: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:164: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:166: check_return: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: example_assign: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: example_checked: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:166: unchecked_value: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 0UL, 0, &quot;dd&quot;, &amp;header.type, &amp;header.size)&quot;.
>
><a name='def289'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def289'>[#def289]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:162: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:164: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:171: cond_false: Condition &quot;header.size &gt; 65536U /* 64 * 1024 */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:183: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:187: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:189: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:192: cond_false: Condition &quot;header.type == T_ERROR&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:199: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:201: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:246: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:247: check_return: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: example_assign: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: example_checked: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:247: unchecked_value: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;q&quot;, response)&quot;.
>
><a name='def290'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def290'>[#def290]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:271: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:273: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:275: check_return: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: example_assign: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: example_checked: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:275: unchecked_value: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 0UL, 0, &quot;dd&quot;, &amp;header.type, &amp;header.size)&quot;.
>
><a name='def291'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def291'>[#def291]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:271: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:273: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:276: cond_false: Condition &quot;header.size != 4UL /* sizeof (int) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:279: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:282: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:286: check_return: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: example_assign: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: example_checked: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: example_assign: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: example_assign: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: example_checked: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:286: unchecked_value: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.
>
><a name='def292'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def292'>[#def292]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:505: cond_true: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:507: cond_false: Condition &quot;err == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:509: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:512: cond_true: Condition &quot;err == -1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:514: goto: Jumping to label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:541: label: Reached label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:542: check_return: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:542: unchecked_value: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.
>
><a name='def293'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def293'>[#def293]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:445: cond_true: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:448: cond_false: Condition &quot;err == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:450: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:452: cond_true: Condition &quot;err == -1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:454: goto: Jumping to label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:483: label: Reached label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:484: check_return: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:484: unchecked_value: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.
>
><a name='def294'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def294'>[#def294]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:609: cond_true: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:611: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:614: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:618: cond_true: Condition &quot;err == -1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:620: goto: Jumping to label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:652: label: Reached label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:654: check_return: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:654: unchecked_value: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.
>
><a name='def295'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def295'>[#def295]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:676: cond_true: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:681: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:684: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:689: cond_false: Condition &quot;write_size == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:691: cond_false: Condition &quot;write_size != oldpath_size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:696: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:701: cond_true: Condition &quot;err == -1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:703: goto: Jumping to label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:756: label: Reached label &quot;err_end&quot;
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:757: check_return: Calling function &quot;remove(rpath(fs_ctx, newpath, buffer))&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:757: unchecked_value: No check of the return value of &quot;remove(rpath(fs_ctx, newpath, buffer))&quot;.
>
><a name='def296'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def296'>[#def296]</a>
>qemu-kvm-1.2.0/hw/loader.c:191: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:192: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:195: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:196: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:198: cond_true: Condition &quot;bswap_needed&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:203: switch: Switch case value &quot;267U&quot;
>qemu-kvm-1.2.0/hw/loader.c:204: switch_case: Reached case &quot;267U&quot;
>qemu-kvm-1.2.0/hw/loader.c:207: cond_false: Condition &quot;e.a_text + e.a_data &gt; max_sz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:208: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:209: cond_true: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:209: check_return: Calling function &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/loader.c:209: unchecked_value: No check of the return value of &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot;.
>
><a name='def297'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def297'>[#def297]</a>
>qemu-kvm-1.2.0/hw/loader.c:191: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:192: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:195: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:196: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:198: cond_true: Condition &quot;bswap_needed&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:203: switch: Switch case value &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:214: switch_case: Reached case &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_false: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:216: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:217: cond_true: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:217: check_return: Calling function &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/loader.c:217: unchecked_value: No check of the return value of &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot;.
>
><a name='def298'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def298'>[#def298]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:238: check_return: Calling function &quot;lseek(fd, ehdr.e_phoff, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/elf_ops.h:238: unchecked_value: No check of the return value of &quot;lseek(fd, ehdr.e_phoff, 0)&quot;.
>
><a name='def299'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def299'>[#def299]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:238: check_return: Calling function &quot;lseek(fd, ehdr.e_phoff, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/elf_ops.h:238: unchecked_value: No check of the return value of &quot;lseek(fd, ehdr.e_phoff, 0)&quot;.
>
><a name='def300'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def300'>[#def300]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:2764: cond_false: Condition &quot;dumpsize.rlim_cur == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2765: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2767: cond_false: Condition &quot;core_dump_filename(ts, corefile, 4096UL /* sizeof (corefile) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2768: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2770: cond_false: Condition &quot;(fd = open(corefile, 65 /* 1 | 0x40 */, 420 /* ((0x100 | 0x80) | (0x100 &gt;&gt; 3)) | ((0x100 &gt;&gt; 3) &gt;&gt; 3) */)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2772: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2779: cond_false: Condition &quot;(mm = vma_init()) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2780: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2790: cond_false: Condition &quot;dump_write(fd, &amp;elf, 52UL /* sizeof (elf) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2791: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2794: cond_false: Condition &quot;fill_note_info(&amp;info, signr, env) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2795: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2804: cond_false: Condition &quot;dump_write(fd, &amp;phdr, 32UL /* sizeof (phdr) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2805: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2811: cond_true: Condition &quot;1 /* 1 &amp;&amp; (8192 - 1 &amp; 0x2000) == 0 */&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2817: cond_true: Condition &quot;vma != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2827: cond_true: Condition &quot;vma-&gt;vma_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2828: cond_true: Condition &quot;vma-&gt;vma_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2830: cond_true: Condition &quot;vma-&gt;vma_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2835: check_return: Calling function &quot;dump_write(int, void const *, size_t)&quot; without checking return value (as is done elsewhere 6 out of 7 times).
>qemu-kvm-1.2.0/linux-user/elfload.c:2591: example_checked: &quot;dump_write(fd, &amp;en, 12UL)&quot; has its value checked in &quot;dump_write(fd, &amp;en, 12UL) != 0&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2593: example_checked: &quot;dump_write(fd, men-&gt;name, men-&gt;namesz_rounded)&quot; has its value checked in &quot;dump_write(fd, men-&gt;name, men-&gt;namesz_rounded) != 0&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2595: example_checked: &quot;dump_write(fd, men-&gt;data, men-&gt;datasz_rounded)&quot; has its value checked in &quot;dump_write(fd, men-&gt;data, men-&gt;datasz_rounded) != 0&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2790: example_checked: &quot;dump_write(fd, &amp;elf, 52UL)&quot; has its value checked in &quot;dump_write(fd, &amp;elf, 52UL) != 0&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2804: example_checked: &quot;dump_write(fd, &amp;phdr, 32UL)&quot; has its value checked in &quot;dump_write(fd, &amp;phdr, 32UL) != 0&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2835: unchecked_value: No check of the return value of &quot;dump_write(fd, &amp;phdr, 32UL)&quot;.
>
><a name='def301'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def301'>[#def301]</a>
>qemu-kvm-1.2.0/net/tap.c:525: cond_true: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_BRIDGE&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:528: cond_true: Condition &quot;bridge-&gt;has_helper&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:529: cond_true: Condition &quot;bridge-&gt;has_br&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:532: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:534: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap.c:536: check_return: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/net/tap.c:536: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.
>
><a name='def302'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def302'>[#def302]</a>
>qemu-kvm-1.2.0/net/tap.c:602: cond_true: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_TAP&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:605: cond_true: Condition &quot;tap-&gt;has_fd&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:606: cond_false: Condition &quot;tap-&gt;has_ifname&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:606: cond_false: Condition &quot;tap-&gt;has_script&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:606: cond_false: Condition &quot;tap-&gt;has_downscript&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:606: cond_false: Condition &quot;tap-&gt;has_vnet_hdr&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:606: cond_false: Condition &quot;tap-&gt;has_helper&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:611: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap.c:614: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:616: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap.c:618: check_return: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/net/tap.c:618: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.
>
><a name='def303'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def303'>[#def303]</a>
>qemu-kvm-1.2.0/net/tap.c:602: cond_true: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_TAP&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:605: cond_false: Condition &quot;tap-&gt;has_fd&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:624: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/tap.c:624: cond_true: Condition &quot;tap-&gt;has_helper&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap.c:625: cond_false: Condition &quot;tap-&gt;has_ifname&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:625: cond_false: Condition &quot;tap-&gt;has_script&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:625: cond_false: Condition &quot;tap-&gt;has_downscript&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:625: cond_false: Condition &quot;tap-&gt;has_vnet_hdr&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:630: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap.c:633: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap.c:635: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap.c:637: check_return: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/net/tap.c:637: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.
>
><a name='def304'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def304'>[#def304]</a>
>qemu-kvm-1.2.0/qemu-char.c:2468: check_return: Calling function &quot;setsockopt(fd, 6, 1, (char *)&amp;val, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:2468: unchecked_value: No check of the return value of &quot;setsockopt(fd, 6, 1, (char *)&amp;val, 4U)&quot;.
>
><a name='def305'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def305'>[#def305]</a>
>qemu-kvm-1.2.0/qemu-char.c:2456: check_return: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:2456: unchecked_value: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.
>
><a name='def306'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def306'>[#def306]</a>
>qemu-kvm-1.2.0/qemu-char.c:2458: check_return: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:2458: unchecked_value: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.
>
><a name='def307'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def307'>[#def307]</a>
>qemu-kvm-1.2.0/qemu-char.c:2460: check_return: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:2460: unchecked_value: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.
>
><a name='def308'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def308'>[#def308]</a>
>qemu-kvm-1.2.0/qemu-char.c:2462: check_return: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:2462: unchecked_value: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.
>
><a name='def309'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def309'>[#def309]</a>
>qemu-kvm-1.2.0/qemu-char.c:858: cond_false: Condition &quot;stdio_nb_clients &gt;= 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:860: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:861: cond_true: Condition &quot;stdio_nb_clients == 0&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:864: check_return: Calling function &quot;fcntl(0, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:864: unchecked_value: No check of the return value of &quot;fcntl(0, 4, 2048)&quot;.
>
><a name='def310'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def310'>[#def310]</a>
>qemu-kvm-1.2.0/block/raw-posix.c:1095: check_return: Calling function &quot;fd_open(BlockDriverState *)&quot; without checking return value (as is done elsewhere 6 out of 7 times).
>qemu-kvm-1.2.0/block/raw-posix.c:1083: example_checked: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &gt;= 0&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:941: example_checked: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:369: example_checked: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:325: example_checked: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:612: example_assign: Assigning: &quot;ret&quot; = return value from &quot;fd_open(bs)&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:613: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:1095: unchecked_value: No check of the return value of &quot;fd_open(bs)&quot;.
>
><a name='def311'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def311'>[#def311]</a>
>qemu-kvm-1.2.0/hw/ivshmem.c:324: check_return: Calling function &quot;fstat(fd, &amp;buf)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/ivshmem.c:324: unchecked_value: No check of the return value of &quot;fstat(fd, &amp;buf)&quot;.
>
><a name='def312'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def312'>[#def312]</a>
>qemu-kvm-1.2.0/hw/pc.c:660: check_return: Calling function &quot;fseek(f, where, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/pc.c:660: unchecked_value: No check of the return value of &quot;fseek(f, where, 0)&quot;.
>
><a name='def313'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def313'>[#def313]</a>
>qemu-kvm-1.2.0/hw/pflash_cfi01.c:203: cond_true: Condition &quot;pfl-&gt;bs&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pflash_cfi01.c:208: check_return: Calling function &quot;bdrv_write(BlockDriverState *, int64_t, uint8_t const *, int)&quot; without checking return value (as is done elsewhere 36 out of 40 times).
>qemu-kvm-1.2.0/block/qcow.c:813: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs, sector_num, buf, s-&gt;cluster_sectors)&quot;.
>qemu-kvm-1.2.0/block/qcow.c:814: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/qcow2.c:1161: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, (meta.cluster_offset &gt;&gt; 9) + num - 1UL, buf, 1)&quot;.
>qemu-kvm-1.2.0/block/qcow2.c:1162: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vdi.c:596: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, 0L, block, 1)&quot;.
>qemu-kvm-1.2.0/block/vdi.c:600: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vmdk.c:761: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(extent-&gt;file, cluster_offset, whole_grain, extent-&gt;cluster_sectors)&quot;.
>qemu-kvm-1.2.0/block/vmdk.c:763: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vvfat.c:1697: example_checked: &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot; has its value checked in &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot;.
>qemu-kvm-1.2.0/hw/pflash_cfi01.c:208: unchecked_value: No check of the return value of &quot;bdrv_write(pfl-&gt;bs, offset, pfl-&gt;storage + (offset &lt;&lt; 9), offset_end - offset)&quot;.
>
><a name='def314'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def314'>[#def314]</a>
>qemu-kvm-1.2.0/hw/pflash_cfi02.c:234: cond_true: Condition &quot;pfl-&gt;bs&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pflash_cfi02.c:239: check_return: Calling function &quot;bdrv_write(BlockDriverState *, int64_t, uint8_t const *, int)&quot; without checking return value (as is done elsewhere 36 out of 40 times).
>qemu-kvm-1.2.0/block/qcow.c:813: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs, sector_num, buf, s-&gt;cluster_sectors)&quot;.
>qemu-kvm-1.2.0/block/qcow.c:814: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/qcow2.c:1161: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, (meta.cluster_offset &gt;&gt; 9) + num - 1UL, buf, 1)&quot;.
>qemu-kvm-1.2.0/block/qcow2.c:1162: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vdi.c:596: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, 0L, block, 1)&quot;.
>qemu-kvm-1.2.0/block/vdi.c:600: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vmdk.c:761: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(extent-&gt;file, cluster_offset, whole_grain, extent-&gt;cluster_sectors)&quot;.
>qemu-kvm-1.2.0/block/vmdk.c:763: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vvfat.c:1697: example_checked: &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot; has its value checked in &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot;.
>qemu-kvm-1.2.0/hw/pflash_cfi02.c:239: unchecked_value: No check of the return value of &quot;bdrv_write(pfl-&gt;bs, offset, pfl-&gt;storage + (offset &lt;&lt; 9), offset_end - offset)&quot;.
>
><a name='def315'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def315'>[#def315]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:956: cond_true: Condition &quot;!nr_copies&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:962: cond_true: Condition &quot;aiocb_type == AIOCB_READ_UDATA&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:966: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:974: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:976: cond_true: Condition &quot;s-&gt;cache_enabled&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:997: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1001: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1003: cond_false: Condition &quot;wlen&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:1010: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:1012: check_return: Calling function &quot;socket_set_cork(s-&gt;fd, 0)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/osdep.c:60:5: return_wrapper: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;
>qemu-kvm-1.2.0/block/sheepdog.c:1012: unchecked_value: No check of the return value of &quot;socket_set_cork(s-&gt;fd, 0)&quot;.
>
><a name='def316'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def316'>[#def316]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:956: cond_true: Condition &quot;!nr_copies&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:962: cond_true: Condition &quot;aiocb_type == AIOCB_READ_UDATA&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:966: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:974: if_end: End of if statement
>qemu-kvm-1.2.0/block/sheepdog.c:976: cond_true: Condition &quot;s-&gt;cache_enabled&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:993: check_return: Calling function &quot;socket_set_cork(s-&gt;fd, 1)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/osdep.c:60:5: return_wrapper: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;
>qemu-kvm-1.2.0/block/sheepdog.c:993: unchecked_value: No check of the return value of &quot;socket_set_cork(s-&gt;fd, 1)&quot;.
>
><a name='def317'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def317'>[#def317]</a>
>qemu-kvm-1.2.0/cmd.c:163: cond_true: Condition &quot;!done&quot;, taking true branch
>qemu-kvm-1.2.0/cmd.c:163: cond_false: Condition &quot;i &lt; ncmdline&quot;, taking false branch
>qemu-kvm-1.2.0/cmd.c:187: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cmd.c:188: cond_false: Condition &quot;cmdline&quot;, taking false branch
>qemu-kvm-1.2.0/cmd.c:191: if_end: End of if statement
>qemu-kvm-1.2.0/cmd.c:193: cond_true: Condition &quot;!done&quot;, taking true branch
>qemu-kvm-1.2.0/cmd.c:194: cond_true: Condition &quot;!prompted&quot;, taking true branch
>qemu-kvm-1.2.0/cmd.c:201: check_return: Calling function &quot;main_loop_wait(0)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/main-loop.c:478:5: cond_true: Condition &quot;nonblocking&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:480:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/main-loop.c:482:5: if_end: End of if statement
>qemu-kvm-1.2.0/main-loop.c:496:5: return_wrapper: The function wraps and returns the value of &quot;os_host_main_loop_wait(timeout)&quot;
>qemu-kvm-1.2.0/main-loop.c:298:5: cond_true: Condition &quot;timeout &lt; 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:304:5: cond_true: Condition &quot;timeout &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:308:5: return_wrapper: The function wraps and returns the value of &quot;select(nfds + 1, &amp;rfds, &amp;wfds, &amp;xfds, tvarg)&quot;
>qemu-kvm-1.2.0/main-loop.c:310:5: cond_true: Condition &quot;timeout &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:314:5: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/main-loop.c:314:5: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/main-loop.c:499:5: cond_true: Condition &quot;ret &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/cmd.c:201: unchecked_value: No check of the return value of &quot;main_loop_wait(0)&quot;.
>
><a name='def318'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def318'>[#def318]</a>
>qemu-kvm-1.2.0/net/socket.c:514: cond_false: Condition &quot;parse_host_port(&amp;saddr, host_str) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:515: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:518: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:521: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:526: check_return: Calling function &quot;setsockopt(fd, 1, 2, (char const *)&amp;val, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/net/socket.c:526: unchecked_value: No check of the return value of &quot;setsockopt(fd, 1, 2, (char const *)&amp;val, 4U)&quot;.
>
><a name='def319'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def319'>[#def319]</a>
>qemu-kvm-1.2.0/target-s390x/helper.c:431: cond_true: Condition &quot;!(env-&gt;psw.mask &amp; 0x100000000ULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/helper.c:435: check_return: Calling function &quot;mmu_translate(CPUS390XState *, target_ulong, int, uint64_t, target_ulong *, int *)&quot; without checking return value (as is done elsewhere 7 out of 8 times).
>qemu-kvm-1.2.0/target-s390x/helper.c:400: example_checked: &quot;mmu_translate(env, vaddr, rw, asc, &amp;raddr, &amp;prot)&quot; has its value checked in &quot;mmu_translate(env, vaddr, rw, asc, &amp;raddr, &amp;prot)&quot;.
>qemu-kvm-1.2.0/target-s390x/mem_helper.c:117: example_checked: &quot;mmu_translate(env, src, 0, asc, &amp;src_phys, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, src, 0, asc, &amp;src_phys, &amp;flags)&quot;.
>qemu-kvm-1.2.0/target-s390x/mem_helper.c:87: example_checked: &quot;mmu_translate(env, dest, 1, asc, &amp;dest_phys, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, dest, 1, asc, &amp;dest_phys, &amp;flags)&quot;.
>qemu-kvm-1.2.0/target-s390x/mem_helper.c:1183: example_checked: &quot;mmu_translate(env, addr, 0, asc, &amp;ret, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, addr, 0, asc, &amp;ret, &amp;flags)&quot;.
>qemu-kvm-1.2.0/target-s390x/mem_helper.c:1090: example_checked: &quot;mmu_translate(env, a1 &amp; 0xfffffffffffff000UL, 1, mode1, &amp;dest, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, a1 &amp; 0xfffffffffffff000UL, 1, mode1, &amp;dest, &amp;flags)&quot;.
>qemu-kvm-1.2.0/target-s390x/helper.c:435: unchecked_value: No check of the return value of &quot;mmu_translate(env, vaddr, 2, asc, &amp;raddr, &amp;prot)&quot;.
>
><a name='def320'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def320'>[#def320]</a>
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: cond_false: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:413: check_return: Calling function &quot;fcntl(card-&gt;pipe[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:413: unchecked_value: No check of the return value of &quot;fcntl(card-&gt;pipe[0], 4, 2048)&quot;.
>
><a name='def321'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def321'>[#def321]</a>
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: cond_false: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:415: check_return: Calling function &quot;fcntl(card-&gt;pipe[0], 8, getpid())&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:415: unchecked_value: No check of the return value of &quot;fcntl(card-&gt;pipe[0], 8, getpid())&quot;.
>
><a name='def322'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def322'>[#def322]</a>
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: cond_false: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:414: check_return: Calling function &quot;fcntl(card-&gt;pipe[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:414: unchecked_value: No check of the return value of &quot;fcntl(card-&gt;pipe[1], 4, 2048)&quot;.
>
><a name='def323'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def323'>[#def323]</a>
>qemu-kvm-1.2.0/posix-aio-compat.c:646: cond_false: Condition &quot;posix_aio_state&quot;, taking false branch
>qemu-kvm-1.2.0/posix-aio-compat.c:647: if_end: End of if statement
>qemu-kvm-1.2.0/posix-aio-compat.c:652: cond_false: Condition &quot;qemu_pipe(fds) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/posix-aio-compat.c:656: if_end: End of if statement
>qemu-kvm-1.2.0/posix-aio-compat.c:661: check_return: Calling function &quot;fcntl(s-&gt;rfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/posix-aio-compat.c:661: unchecked_value: No check of the return value of &quot;fcntl(s-&gt;rfd, 4, 2048)&quot;.
>
><a name='def324'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def324'>[#def324]</a>
>qemu-kvm-1.2.0/posix-aio-compat.c:646: cond_false: Condition &quot;posix_aio_state&quot;, taking false branch
>qemu-kvm-1.2.0/posix-aio-compat.c:647: if_end: End of if statement
>qemu-kvm-1.2.0/posix-aio-compat.c:652: cond_false: Condition &quot;qemu_pipe(fds) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/posix-aio-compat.c:656: if_end: End of if statement
>qemu-kvm-1.2.0/posix-aio-compat.c:662: check_return: Calling function &quot;fcntl(s-&gt;wfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/posix-aio-compat.c:662: unchecked_value: No check of the return value of &quot;fcntl(s-&gt;wfd, 4, 2048)&quot;.
>
><a name='def325'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def325'>[#def325]</a>
>qemu-kvm-1.2.0/qemu-char.c:821: check_return: Calling function &quot;fcntl(0, 4, old_fd0_flags)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-char.c:821: unchecked_value: No check of the return value of &quot;fcntl(0, 4, old_fd0_flags)&quot;.
>
><a name='def326'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def326'>[#def326]</a>
>qemu-kvm-1.2.0/hw/qxl.c:1707: cond_false: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:1711: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:1712: check_return: Calling function &quot;fcntl(d-&gt;pipe[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/qxl.c:1712: unchecked_value: No check of the return value of &quot;fcntl(d-&gt;pipe[0], 4, 2048)&quot;.
>
><a name='def327'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def327'>[#def327]</a>
>qemu-kvm-1.2.0/hw/qxl.c:1707: cond_false: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:1711: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:1714: check_return: Calling function &quot;fcntl(d-&gt;pipe[0], 8, getpid())&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/qxl.c:1714: unchecked_value: No check of the return value of &quot;fcntl(d-&gt;pipe[0], 8, getpid())&quot;.
>
><a name='def328'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def328'>[#def328]</a>
>qemu-kvm-1.2.0/hw/qxl.c:1707: cond_false: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/qxl.c:1711: if_end: End of if statement
>qemu-kvm-1.2.0/hw/qxl.c:1713: check_return: Calling function &quot;fcntl(d-&gt;pipe[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/qxl.c:1713: unchecked_value: No check of the return value of &quot;fcntl(d-&gt;pipe[1], 4, 2048)&quot;.
>
><a name='def329'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def329'>[#def329]</a>
>qemu-kvm-1.2.0/savevm.c:356: check_return: Calling function &quot;fseek(s-&gt;stdio_file, pos, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/savevm.c:356: unchecked_value: No check of the return value of &quot;fseek(s-&gt;stdio_file, pos, 0)&quot;.
>
><a name='def330'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def330'>[#def330]</a>
>qemu-kvm-1.2.0/savevm.c:349: check_return: Calling function &quot;fseek(s-&gt;stdio_file, pos, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/savevm.c:349: unchecked_value: No check of the return value of &quot;fseek(s-&gt;stdio_file, pos, 0)&quot;.
>
><a name='def331'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def331'>[#def331]</a>
>qemu-kvm-1.2.0/hw/scsi-bus.c:91: cond_true: Condition &quot;req&quot;, taking true branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:91: cond_true: Condition &quot;(next = req-&gt;next.tqe_next) , 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:93: cond_true: Condition &quot;req-&gt;retry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:95: switch: Switch case value &quot;SCSI_XFER_NONE&quot;
>qemu-kvm-1.2.0/hw/scsi-bus.c:100: switch_case: Reached case &quot;SCSI_XFER_NONE&quot;
>qemu-kvm-1.2.0/hw/scsi-bus.c:101: cond_true: Condition &quot;!req-&gt;sg&quot;, taking true branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:103: check_return: Calling function &quot;scsi_req_enqueue(SCSIRequest *)&quot; without checking return value (as is done elsewhere 9 out of 11 times).
>qemu-kvm-1.2.0/hw/esp.c:133: example_assign: Assigning: &quot;datalen&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current_req)&quot;.
>qemu-kvm-1.2.0/hw/esp.c:135: example_checked: &quot;datalen&quot; has its value checked in &quot;datalen != 0&quot;.
>qemu-kvm-1.2.0/hw/lsi53c895a.c:773: example_assign: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current-&gt;req)&quot;.
>qemu-kvm-1.2.0/hw/lsi53c895a.c:774: example_checked: &quot;n&quot; has its value checked in &quot;n&quot;.
>qemu-kvm-1.2.0/hw/megasas.c:1123: example_assign: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req)&quot;.
>qemu-kvm-1.2.0/hw/megasas.c:1124: example_checked: &quot;len&quot; has its value checked in &quot;len &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:624: example_assign: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(req-&gt;sreq)&quot;.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:629: example_checked: &quot;n&quot; has its value checked in &quot;n&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-uas.c:560: example_assign: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req-&gt;req)&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-uas.c:561: example_checked: &quot;len&quot; has its value checked in &quot;len&quot;.
>qemu-kvm-1.2.0/hw/scsi-bus.c:103: unchecked_value: No check of the return value of &quot;scsi_req_enqueue(req)&quot;.
>
><a name='def332'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def332'>[#def332]</a>
>qemu-kvm-1.2.0/slirp/socket.c:602: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:604: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:607: cond_false: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:610: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:616: cond_true: Condition &quot;flags &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U /* sizeof (int) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), 16U /* sizeof (addr) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:643: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:646: check_return: Calling function &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/socket.c:646: unchecked_value: No check of the return value of &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.
>
><a name='def333'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def333'>[#def333]</a>
>qemu-kvm-1.2.0/slirp/socket.c:602: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:604: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:607: cond_false: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:610: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:616: cond_true: Condition &quot;flags &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U /* sizeof (int) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), 16U /* sizeof (addr) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:643: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:644: check_return: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/socket.c:644: unchecked_value: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.
>
><a name='def334'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def334'>[#def334]</a>
>qemu-kvm-1.2.0/slirp/socket.c:355: cond_true: Condition &quot;so-&gt;so_urgc&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:356: check_return: Calling function &quot;sosendoob(so)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/slirp/socket.c:298:2: cond_true: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:301:2: cond_true: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:303:3: return_wrapper: The function wraps and returns the value of &quot;slirp_send(so, sb-&gt;sb_rptr, so-&gt;so_urgc, 1)&quot;
>qemu-kvm-1.2.0/slirp/slirp.c:828:2: cond_true: Condition &quot;so-&gt;s == -1&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:828:2: cond_false: Condition &quot;so-&gt;extra&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:831:2: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:833:2: return_wrapper: The function wraps and returns the value of &quot;send(so-&gt;s, buf, len, flags)&quot;
>qemu-kvm-1.2.0/slirp/socket.c:307:2: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/socket.c:330:2: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:334:2: cond_true: Condition &quot;sb-&gt;sb_rptr &gt;= sb-&gt;sb_data + sb-&gt;sb_datalen&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:356: unchecked_value: No check of the return value of &quot;sosendoob(so)&quot;.
>
><a name='def335'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def335'>[#def335]</a>
>qemu-kvm-1.2.0/block/vmdk.c:1223: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1225: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1226: cond_false: Condition &quot;flat&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1232: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1236: cond_true: Condition &quot;compress&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1238: cond_true: Condition &quot;compress&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1277: cond_false: Condition &quot;ret != 4UL /* sizeof (magic) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1280: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1282: cond_false: Condition &quot;ret != 75UL /* sizeof (header) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1285: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1288: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1291: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1295: cond_true: Condition &quot;i &lt; gt_count&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1298: cond_false: Condition &quot;ret != 4UL /* sizeof (tmp) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1301: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1302: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vmdk.c:1295: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vmdk.c:1295: cond_true: Condition &quot;i &lt; gt_count&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1298: cond_false: Condition &quot;ret != 4UL /* sizeof (tmp) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1301: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1302: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vmdk.c:1295: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vmdk.c:1295: cond_false: Condition &quot;i &lt; gt_count&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1302: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vmdk.c:1305: check_return: Calling function &quot;lseek(fd, le64_to_cpu(header.gd_offset) &lt;&lt; 9, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/block/vmdk.c:1305: unchecked_value: No check of the return value of &quot;lseek(fd, le64_to_cpu(header.gd_offset) &lt;&lt; 9, 0)&quot;.
>
><a name='def336'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def336'>[#def336]</a>
>qemu-kvm-1.2.0/block/vmdk.c:1223: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1225: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1226: cond_false: Condition &quot;flat&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1232: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1236: cond_true: Condition &quot;compress&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1238: cond_true: Condition &quot;compress&quot;, taking true branch
>qemu-kvm-1.2.0/block/vmdk.c:1277: cond_false: Condition &quot;ret != 4UL /* sizeof (magic) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1280: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1282: cond_false: Condition &quot;ret != 75UL /* sizeof (header) */&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1285: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1288: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/vmdk.c:1291: if_end: End of if statement
>qemu-kvm-1.2.0/block/vmdk.c:1294: check_return: Calling function &quot;lseek(fd, le64_to_cpu(header.rgd_offset) &lt;&lt; 9, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/block/vmdk.c:1294: unchecked_value: No check of the return value of &quot;lseek(fd, le64_to_cpu(header.rgd_offset) &lt;&lt; 9, 0)&quot;.
>
><a name='def337'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def337'>[#def337]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:280: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:284: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:285: check_return: Calling function &quot;setsockopt(sock, 1, 2, &amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-sockets.c:285: unchecked_value: No check of the return value of &quot;setsockopt(sock, 1, 2, &amp;on, 4U)&quot;.
>
><a name='def338'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def338'>[#def338]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:121: cond_false: Condition &quot;qemu_opt_get(opts, &quot;host&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:121: cond_false: Condition &quot;qemu_opt_get(opts, &quot;port&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:126: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:131: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:132: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:133: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:134: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:137: cond_true: Condition &quot;port_offset&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:139: cond_true: Condition &quot;strlen(addr)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:140: cond_false: Condition &quot;rc != 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:145: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:148: cond_true: Condition &quot;e != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:153: cond_false: Condition &quot;slisten &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:160: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:162: check_return: Calling function &quot;setsockopt(slisten, 1, 2, (void *)&amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-sockets.c:162: unchecked_value: No check of the return value of &quot;setsockopt(slisten, 1, 2, (void *)&amp;on, 4U)&quot;.
>
><a name='def339'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def339'>[#def339]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:121: cond_false: Condition &quot;qemu_opt_get(opts, &quot;host&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:121: cond_false: Condition &quot;qemu_opt_get(opts, &quot;port&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:126: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:131: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:132: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:133: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:134: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:137: cond_true: Condition &quot;port_offset&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:139: cond_true: Condition &quot;strlen(addr)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:140: cond_false: Condition &quot;rc != 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:145: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:148: cond_true: Condition &quot;e != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:153: cond_false: Condition &quot;slisten &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:160: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:164: cond_true: Condition &quot;e-&gt;ai_family == 10&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:166: check_return: Calling function &quot;setsockopt(slisten, 41, 26, (void *)&amp;off, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-sockets.c:166: unchecked_value: No check of the return value of &quot;setsockopt(slisten, 41, 26, (void *)&amp;off, 4U)&quot;.
>
><a name='def340'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def340'>[#def340]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:424: cond_true: Condition &quot;addr == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:427: cond_false: Condition &quot;port == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:427: cond_false: Condition &quot;strlen(port) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:430: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:432: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:433: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:434: cond_false: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:435: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:437: cond_false: Condition &quot;0 != (rc = getaddrinfo(addr, port, &amp;ai, &amp;peer))&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:441: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:451: cond_true: Condition &quot;addr == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:454: cond_true: Condition &quot;!port&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:457: cond_false: Condition &quot;0 != (rc = getaddrinfo(addr, port, &amp;ai, &amp;local))&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:461: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:465: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:469: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:470: check_return: Calling function &quot;setsockopt(sock, 1, 2, (void *)&amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qemu-sockets.c:470: unchecked_value: No check of the return value of &quot;setsockopt(sock, 1, 2, (void *)&amp;on, 4U)&quot;.
>
><a name='def341'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def341'>[#def341]</a>
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:393: switch: Switch case value &quot;225&quot;
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:394: switch_case: Reached case &quot;225&quot;
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:395: cond_false: Condition &quot;devep != 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:396: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:398: switch: Switch case value &quot;USB_MSDM_CBW&quot;
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:399: switch_case: Reached case &quot;USB_MSDM_CBW&quot;
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:400: cond_false: Condition &quot;p-&gt;iov.size != 31&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:403: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:405: cond_false: Condition &quot;le32_to_cpu(cbw.sig) != 1128420181&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:409: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:411: cond_false: Condition &quot;cbw.lun != 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:414: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:417: cond_true: Condition &quot;s-&gt;data_len == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:419: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:423: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:426: cond_true: Condition &quot;le32_to_cpu(s-&gt;csw.residue) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: check_return: Calling function &quot;scsi_req_enqueue(SCSIRequest *)&quot; without checking return value (as is done elsewhere 9 out of 11 times).
>qemu-kvm-1.2.0/hw/esp.c:133: example_assign: Assigning: &quot;datalen&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current_req)&quot;.
>qemu-kvm-1.2.0/hw/esp.c:135: example_checked: &quot;datalen&quot; has its value checked in &quot;datalen != 0&quot;.
>qemu-kvm-1.2.0/hw/lsi53c895a.c:773: example_assign: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current-&gt;req)&quot;.
>qemu-kvm-1.2.0/hw/lsi53c895a.c:774: example_checked: &quot;n&quot; has its value checked in &quot;n&quot;.
>qemu-kvm-1.2.0/hw/megasas.c:1123: example_assign: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req)&quot;.
>qemu-kvm-1.2.0/hw/megasas.c:1124: example_checked: &quot;len&quot; has its value checked in &quot;len &gt; 0L&quot;.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:624: example_assign: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(req-&gt;sreq)&quot;.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:629: example_checked: &quot;n&quot; has its value checked in &quot;n&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-uas.c:560: example_assign: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req-&gt;req)&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-uas.c:561: example_checked: &quot;len&quot; has its value checked in &quot;len&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: unchecked_value: No check of the return value of &quot;scsi_req_enqueue(s-&gt;req)&quot;.
>
><a name='def342'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def342'>[#def342]</a>
>qemu-kvm-1.2.0/block/vpc.c:286: cond_false: Condition &quot;pagetable_index &gt;= s-&gt;max_table_entries&quot;, taking false branch
>qemu-kvm-1.2.0/block/vpc.c:286: cond_false: Condition &quot;s-&gt;pagetable[pagetable_index] == 4294967295U&quot;, taking false branch
>qemu-kvm-1.2.0/block/vpc.c:287: if_end: End of if statement
>qemu-kvm-1.2.0/block/vpc.c:297: cond_true: Condition &quot;write&quot;, taking true branch
>qemu-kvm-1.2.0/block/vpc.c:297: cond_true: Condition &quot;s-&gt;last_bitmap_offset != bitmap_offset&quot;, taking true branch
>qemu-kvm-1.2.0/block/vpc.c:302: check_return: Calling function &quot;bdrv_pwrite_sync(BlockDriverState *, int64_t, void const *, int)&quot; without checking return value (as is done elsewhere 23 out of 24 times).
>qemu-kvm-1.2.0/block/cow.c:122: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, offset, &amp;bitmap, 1)&quot;.
>qemu-kvm-1.2.0/block/cow.c:123: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/qcow.c:382: example_checked: &quot;bdrv_pwrite_sync(bs-&gt;file, l2_offset + l2_index * 8UL, &amp;tmp, 8)&quot; has its value checked in &quot;bdrv_pwrite_sync(bs-&gt;file, l2_offset + l2_index * 8UL, &amp;tmp, 8) &lt; 0&quot;.
>qemu-kvm-1.2.0/block/qcow2-cluster.c:145: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, s-&gt;l1_table_offset + 8 * l1_start_index, buf, 512)&quot;.
>qemu-kvm-1.2.0/block/qcow2-cluster.c:147: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:265: example_assign: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, s-&gt;refcount_table_offset + refcount_table_index * 8UL, &amp;data64, 8)&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:268: example_checked: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vmdk.c:785: example_checked: &quot;bdrv_pwrite_sync(extent-&gt;file, (int64_t)m_data-&gt;l2_offset * 512L + m_data-&gt;l2_index * 4UL, &amp;m_data-&gt;offset, 4)&quot; has its value checked in &quot;bdrv_pwrite_sync(extent-&gt;file, (int64_t)m_data-&gt;l2_offset * 512L + m_data-&gt;l2_index * 4UL, &amp;m_data-&gt;offset, 4) &lt; 0&quot;.
>qemu-kvm-1.2.0/block/vpc.c:302: unchecked_value: No check of the return value of &quot;bdrv_pwrite_sync(bs-&gt;file, bitmap_offset, bitmap, s-&gt;bitmap_size)&quot;.
>
><a name='def343'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def343'>[#def343]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1274: check_return: Calling function &quot;strstart(char const *, char const *, char const **)&quot; without checking return value (as is done elsewhere 74 out of 76 times).
>qemu-kvm-1.2.0/block/nbd.c:95: example_checked: &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot; has its value checked in &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:1055: example_checked: &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot; has its value checked in &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot;.
>qemu-kvm-1.2.0/block/rbd.c:170: example_checked: &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot; has its value checked in &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot;.
>qemu-kvm-1.2.0/block/vvfat.c:1024: example_checked: &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot; has its value checked in &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot;.
>qemu-kvm-1.2.0/dump.c:847: example_checked: &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot; has its value checked in &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:1274: unchecked_value: No check of the return value of &quot;strstart(filename, &quot;sheepdog:&quot;, &amp;vdiname)&quot;.
>
><a name='def344'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def344'>[#def344]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:1094: check_return: Calling function &quot;strstart(char const *, char const *, char const **)&quot; without checking return value (as is done elsewhere 74 out of 76 times).
>qemu-kvm-1.2.0/block/nbd.c:95: example_checked: &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot; has its value checked in &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot;.
>qemu-kvm-1.2.0/block/raw-posix.c:1055: example_checked: &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot; has its value checked in &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot;.
>qemu-kvm-1.2.0/block/rbd.c:170: example_checked: &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot; has its value checked in &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot;.
>qemu-kvm-1.2.0/block/vvfat.c:1024: example_checked: &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot; has its value checked in &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot;.
>qemu-kvm-1.2.0/dump.c:847: example_checked: &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot; has its value checked in &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:1094: unchecked_value: No check of the return value of &quot;strstart(filename, &quot;sheepdog:&quot;, (char const **)&amp;filename)&quot;.
>
><a name='def345'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def345'>[#def345]</a>
>qemu-kvm-1.2.0/nbd.c:738: cond_false: Condition &quot;!len&quot;, taking false branch
>qemu-kvm-1.2.0/nbd.c:740: else_branch: Reached else branch
>qemu-kvm-1.2.0/nbd.c:743: cond_true: Condition &quot;rc &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/nbd.c:745: cond_true: Condition &quot;ret != len&quot;, taking true branch
>qemu-kvm-1.2.0/nbd.c:749: check_return: Calling function &quot;socket_set_cork(csock, 0)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/osdep.c:60:5: return_wrapper: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;
>qemu-kvm-1.2.0/nbd.c:749: unchecked_value: No check of the return value of &quot;socket_set_cork(csock, 0)&quot;.
>
><a name='def346'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def346'>[#def346]</a>
>qemu-kvm-1.2.0/nbd.c:738: cond_false: Condition &quot;!len&quot;, taking false branch
>qemu-kvm-1.2.0/nbd.c:740: else_branch: Reached else branch
>qemu-kvm-1.2.0/nbd.c:741: check_return: Calling function &quot;socket_set_cork(csock, 1)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/osdep.c:60:5: return_wrapper: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;
>qemu-kvm-1.2.0/nbd.c:741: unchecked_value: No check of the return value of &quot;socket_set_cork(csock, 1)&quot;.
>
><a name='def347'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def347'>[#def347]</a>
>qemu-kvm-1.2.0/oslib-posix.c:147: check_return: Calling function &quot;fcntl(fd, 4, f &amp; 0xfffffffffffff7ff)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/oslib-posix.c:147: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, f &amp; 0xfffffffffffff7ff)&quot;.
>
><a name='def348'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def348'>[#def348]</a>
>qemu-kvm-1.2.0/oslib-posix.c:154: check_return: Calling function &quot;fcntl(fd, 4, f | 0x800)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/oslib-posix.c:154: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, f | 0x800)&quot;.
>
><a name='def349'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def349'>[#def349]</a>
>qemu-kvm-1.2.0/oslib-posix.c:161: check_return: Calling function &quot;fcntl(fd, 2, f | 1)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/oslib-posix.c:161: unchecked_value: No check of the return value of &quot;fcntl(fd, 2, f | 1)&quot;.
>
><a name='def350'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def350'>[#def350]</a>
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;*__errno_location() != 38&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:225: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:232: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:235: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:241: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:242: check_return: Calling function &quot;stat(path, &amp;st)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/oslib-posix.c:242: unchecked_value: No check of the return value of &quot;stat(path, &amp;st)&quot;.
>
><a name='def351'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def351'>[#def351]</a>
>qemu-kvm-1.2.0/hw/milkymist.c:87: cond_false: Condition &quot;__s == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/milkymist.c:87: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/milkymist.c:87: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/milkymist.c:87: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/milkymist.c:106: cond_true: Condition &quot;cpu_model == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:121: cond_true: Condition &quot;dinfo&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:129: cond_true: Condition &quot;i &lt; 32&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:131: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/milkymist.c:129: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/milkymist.c:129: cond_true: Condition &quot;i &lt; 32&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:131: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/milkymist.c:129: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/milkymist.c:129: cond_false: Condition &quot;i &lt; 32&quot;, taking false branch
>qemu-kvm-1.2.0/hw/milkymist.c:131: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/milkymist.c:134: cond_true: Condition &quot;bios_name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:139: cond_true: Condition &quot;bios_filename&quot;, taking true branch
>qemu-kvm-1.2.0/hw/milkymist.c:140: check_return: Calling function &quot;load_image_targphys(char const *, target_phys_addr_t, uint64_t)&quot; without checking return value (as is done elsewhere 50 out of 60 times).
>qemu-kvm-1.2.0/hw/an5206.c:73: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/an5206.c:77: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:400: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(info-&gt;kernel_filename, entry, info-&gt;ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:404: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/armv7m.c:238: example_assign: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 0UL, flash_size)&quot;.
>qemu-kvm-1.2.0/hw/armv7m.c:241: example_checked: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/cris-boot.c:79: example_assign: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(li-&gt;image_filename, 1073758208U, ram_size)&quot;.
>qemu-kvm-1.2.0/hw/cris-boot.c:84: example_checked: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/dummy_m68k.c:56: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/dummy_m68k.c:61: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/milkymist.c:140: unchecked_value: No check of the return value of &quot;load_image_targphys(bios_filename, 8781824U, 524288UL)&quot;.
>
><a name='def352'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def352'>[#def352]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:335: cond_true: Condition &quot;(ret = so-&gt;s = qemu_socket(2, SOCK_STREAM, 0)) &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:343: check_return: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:343: unchecked_value: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.
>
><a name='def353'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def353'>[#def353]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:335: cond_true: Condition &quot;(ret = so-&gt;s = qemu_socket(2, SOCK_STREAM, 0)) &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:341: check_return: Calling function &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:341: unchecked_value: No check of the return value of &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot;.
>
><a name='def354'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def354'>[#def354]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: cond_true: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: cond_false: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:431: check_return: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:431: unchecked_value: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.
>
><a name='def355'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def355'>[#def355]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: cond_true: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: cond_false: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:429: check_return: Calling function &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:429: unchecked_value: No check of the return value of &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot;.
>
><a name='def356'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def356'>[#def356]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: cond_true: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: cond_false: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tcp_subr.c:433: check_return: Calling function &quot;setsockopt(s, 6, 1, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:433: unchecked_value: No check of the return value of &quot;setsockopt(s, 6, 1, (char *)&amp;opt, 4U)&quot;.
>
><a name='def357'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def357'>[#def357]</a>
>qemu-kvm-1.2.0/slirp/tftp.c:105: cond_true: Condition &quot;spt-&gt;fd &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tftp.c:109: cond_false: Condition &quot;spt-&gt;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/tftp.c:111: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/tftp.c:113: cond_true: Condition &quot;len&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tftp.c:114: check_return: Calling function &quot;lseek(spt-&gt;fd, block_nr * 512U, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/tftp.c:114: unchecked_value: No check of the return value of &quot;lseek(spt-&gt;fd, block_nr * 512U, 0)&quot;.
>
><a name='def358'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def358'>[#def358]</a>
>qemu-kvm-1.2.0/qga/channel-posix.c:31: cond_true: Condition &quot;channel != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: cond_true: Condition &quot;({...})&quot;, taking true branch
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:35: cond_false: Condition &quot;client_fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:38: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:39: check_return: Calling function &quot;fcntl(client_fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/qga/channel-posix.c:39: unchecked_value: No check of the return value of &quot;fcntl(client_fd, 4, 2048)&quot;.
>
><a name='def359'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def359'>[#def359]</a>
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;115&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:349: switch_case: Reached case &quot;115&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:351: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;110&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:352: switch_case: Reached case &quot;110&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:356: cond_false: Condition &quot;seen_cache&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:358: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:360: cond_false: Condition &quot;bdrv_parse_cache_flags(optarg, &amp;flags) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:362: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:363: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;2&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:365: switch_case: Reached case &quot;2&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:366: cond_false: Condition &quot;seen_aio&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:368: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:370: cond_true: Condition &quot;!__coverity_strcmp(optarg, &quot;native&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:372: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:376: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:377: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;115&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:349: switch_case: Reached case &quot;115&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:351: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;98&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:379: switch_case: Reached case &quot;98&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:381: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;112&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:382: switch_case: Reached case &quot;112&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:384: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:386: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:387: cond_false: Condition &quot;li &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:387: cond_false: Condition &quot;li &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:389: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:391: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;111&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:392: switch_case: Reached case &quot;111&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:394: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:396: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:397: cond_false: Condition &quot;dev_offset &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:399: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:400: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;114&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:401: switch_case: Reached case &quot;114&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:404: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;114&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:401: switch_case: Reached case &quot;114&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:404: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_true: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:348: switch: Switch case value &quot;80&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:405: switch_case: Reached case &quot;80&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:407: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:408: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:409: cond_false: Condition &quot;partition &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:409: cond_false: Condition &quot;partition &gt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:410: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:411: break: Breaking from switch
>qemu-kvm-1.2.0/qemu-nbd.c:449: switch_end: Reached end of switch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-nbd.c:347: cond_false: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:450: loop_end: Reached end of loop
>qemu-kvm-1.2.0/qemu-nbd.c:452: cond_false: Condition &quot;argc - optind != 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:458: cond_false: Condition &quot;disconnect&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:470: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:472: cond_false: Condition &quot;device&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:522: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:524: cond_false: Condition &quot;device != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:527: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:534: cond_false: Condition &quot;(ret = bdrv_open(bs, srcpath, flags, NULL)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:537: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:541: cond_true: Condition &quot;partition != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:543: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:546: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:551: cond_true: Condition &quot;sockpath&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:555: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:557: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:559: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:561: cond_false: Condition &quot;device&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:569: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-nbd.c:580: cond_false: Condition &quot;chdir(&quot;/&quot;) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:582: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:585: check_return: Calling function &quot;main_loop_wait(0)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/main-loop.c:478:5: cond_true: Condition &quot;nonblocking&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:480:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/main-loop.c:482:5: if_end: End of if statement
>qemu-kvm-1.2.0/main-loop.c:496:5: return_wrapper: The function wraps and returns the value of &quot;os_host_main_loop_wait(timeout)&quot;
>qemu-kvm-1.2.0/main-loop.c:298:5: cond_true: Condition &quot;timeout &lt; 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:304:5: cond_true: Condition &quot;timeout &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:308:5: return_wrapper: The function wraps and returns the value of &quot;select(nfds + 1, &amp;rfds, &amp;wfds, &amp;xfds, tvarg)&quot;
>qemu-kvm-1.2.0/main-loop.c:310:5: cond_true: Condition &quot;timeout &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/main-loop.c:314:5: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/main-loop.c:314:5: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/main-loop.c:499:5: cond_true: Condition &quot;ret &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:585: unchecked_value: No check of the return value of &quot;main_loop_wait(0)&quot;.
>
><a name='def360'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def360'>[#def360]</a>
>qemu-kvm-1.2.0/block/rbd.c:460: cond_false: Condition &quot;qemu_rbd_parsename(filename, pool, 128 /* sizeof (pool) */, snap_buf, 128 /* sizeof (snap_buf) */, s-&gt;name, 96 /* sizeof (s-&gt;name) */, conf, 1024 /* sizeof (conf) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:465: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:469: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:472: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:475: cond_true: Condition &quot;snap_buf[0] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:486: cond_true: Condition &quot;flags &amp; 0x20&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:488: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/rbd.c:496: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:498: cond_false: Condition &quot;strstr(conf, &quot;conf=&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:501: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:503: cond_true: Condition &quot;conf[0] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:505: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:508: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:512: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:515: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:518: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:521: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:524: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:527: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:529: cond_true: Condition &quot;s-&gt;snap != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:533: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:536: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:537: check_return: Calling function &quot;fcntl(s-&gt;fds[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/block/rbd.c:537: unchecked_value: No check of the return value of &quot;fcntl(s-&gt;fds[0], 4, 2048)&quot;.
>
><a name='def361'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def361'>[#def361]</a>
>qemu-kvm-1.2.0/block/rbd.c:460: cond_false: Condition &quot;qemu_rbd_parsename(filename, pool, 128 /* sizeof (pool) */, snap_buf, 128 /* sizeof (snap_buf) */, s-&gt;name, 96 /* sizeof (s-&gt;name) */, conf, 1024 /* sizeof (conf) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:465: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:469: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:472: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:475: cond_true: Condition &quot;snap_buf[0] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:486: cond_true: Condition &quot;flags &amp; 0x20&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:488: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/rbd.c:496: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:498: cond_false: Condition &quot;strstr(conf, &quot;conf=&quot;) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:501: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:503: cond_true: Condition &quot;conf[0] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:505: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:508: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:512: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:515: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:518: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:521: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:524: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:527: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:529: cond_true: Condition &quot;s-&gt;snap != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/block/rbd.c:533: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/rbd.c:536: if_end: End of if statement
>qemu-kvm-1.2.0/block/rbd.c:538: check_return: Calling function &quot;fcntl(s-&gt;fds[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/block/rbd.c:538: unchecked_value: No check of the return value of &quot;fcntl(s-&gt;fds[1], 4, 2048)&quot;.
>
><a name='def362'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def362'>[#def362]</a>
>qemu-kvm-1.2.0/linux-aio.c:209: cond_false: Condition &quot;s-&gt;efd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-aio.c:210: if_end: End of if statement
>qemu-kvm-1.2.0/linux-aio.c:211: check_return: Calling function &quot;fcntl(s-&gt;efd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/linux-aio.c:211: unchecked_value: No check of the return value of &quot;fcntl(s-&gt;efd, 4, 2048)&quot;.
>
><a name='def363'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def363'>[#def363]</a>
>qemu-kvm-1.2.0/hw/ds1225y.c:56: cond_true: Condition &quot;s-&gt;file&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ds1225y.c:57: check_return: Calling function &quot;fseek(s-&gt;file, addr, 0)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/ds1225y.c:57: unchecked_value: No check of the return value of &quot;fseek(s-&gt;file, addr, 0)&quot;.
>
><a name='def364'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def364'>[#def364]</a>
>qemu-kvm-1.2.0/hw/mips_r4k.c:161: cond_false: Condition &quot;__s == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:161: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:161: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:161: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:163: cond_false: Condition &quot;__s == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:163: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:163: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:163: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:176: cond_true: Condition &quot;cpu_model == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:184: cond_false: Condition &quot;cpu == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:187: if_end: End of if statement
>qemu-kvm-1.2.0/hw/mips_r4k.c:196: cond_false: Condition &quot;ram_size &gt; (268435456UL /* 0x100 &lt;&lt; 20 */)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:201: if_end: End of if statement
>qemu-kvm-1.2.0/hw/mips_r4k.c:214: cond_true: Condition &quot;bios_name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:217: cond_true: Condition &quot;filename&quot;, taking true branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:219: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/mips_r4k.c:221: if_end: End of if statement
>qemu-kvm-1.2.0/hw/mips_r4k.c:227: cond_true: Condition &quot;bios_size &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:227: cond_true: Condition &quot;bios_size &lt;= 4194304 /* 4 * 1024 * 1024 */&quot;, taking true branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:228: cond_false: Condition &quot;__s == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:228: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:228: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:228: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/mips_r4k.c:234: check_return: Calling function &quot;load_image_targphys(char const *, target_phys_addr_t, uint64_t)&quot; without checking return value (as is done elsewhere 50 out of 60 times).
>qemu-kvm-1.2.0/hw/an5206.c:73: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/an5206.c:77: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:400: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(info-&gt;kernel_filename, entry, info-&gt;ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:404: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/armv7m.c:238: example_assign: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 0UL, flash_size)&quot;.
>qemu-kvm-1.2.0/hw/armv7m.c:241: example_checked: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/cris-boot.c:79: example_assign: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(li-&gt;image_filename, 1073758208U, ram_size)&quot;.
>qemu-kvm-1.2.0/hw/cris-boot.c:84: example_checked: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/dummy_m68k.c:56: example_assign: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.
>qemu-kvm-1.2.0/hw/dummy_m68k.c:61: example_checked: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.
>qemu-kvm-1.2.0/hw/mips_r4k.c:234: unchecked_value: No check of the return value of &quot;load_image_targphys(filename, 532676608UL, 4194304UL)&quot;.
>
><a name='def365'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def365'>[#def365]</a>
>qemu-kvm-1.2.0/slirp/udp.c:361: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/udp.c:363: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/udp.c:372: cond_false: Condition &quot;bind(so-&gt;s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/udp.c:375: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/udp.c:378: check_return: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/udp.c:378: unchecked_value: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.
>
><a name='def366'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def366'>[#def366]</a>
>qemu-kvm-1.2.0/slirp/udp.c:361: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/udp.c:363: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/udp.c:372: cond_false: Condition &quot;bind(so-&gt;s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/udp.c:375: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/udp.c:376: check_return: Calling function &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/udp.c:376: unchecked_value: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot;.
>
><a name='def367'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def367'>[#def367]</a>
>qemu-kvm-1.2.0/slirp/misc.c:296: cond_true: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:297: cond_true: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:299: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/misc.c:303: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:304: cond_true: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:306: check_return: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:306: unchecked_value: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot;.
>
><a name='def368'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def368'>[#def368]</a>
>qemu-kvm-1.2.0/slirp/misc.c:296: cond_true: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:297: cond_true: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:299: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/misc.c:303: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:304: cond_true: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:309: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/misc.c:314: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:316: cond_true: Condition &quot;src.sin_addr.s_addr&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:318: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:318: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:320: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:320: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:322: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/slirp/misc.c:296: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/slirp/misc.c:296: cond_true: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:297: cond_false: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:299: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:299: cond_true: Condition &quot;so-&gt;so_tcpcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:301: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/misc.c:303: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:304: cond_false: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:309: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:316: cond_false: Condition &quot;src.sin_addr.s_addr&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:318: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:318: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:320: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:320: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:322: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/slirp/misc.c:296: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/slirp/misc.c:296: cond_false: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:322: loop_end: Reached end of loop
>qemu-kvm-1.2.0/slirp/misc.c:324: cond_true: Condition &quot;so != &amp;slirp-&gt;udb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:325: cond_true: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:328: check_return: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:328: unchecked_value: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot;.
>
><a name='def369'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def369'>[#def369]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:146: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:152: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:156: check_return: Calling function &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:156: unchecked_value: No check of the return value of &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.
>
><a name='def370'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def370'>[#def370]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:146: switch: Switch case default
>qemu-kvm-1.2.0/slirp/misc.c:201: switch_default: Reached default
>qemu-kvm-1.2.0/slirp/misc.c:212: cond_true: Condition &quot;so-&gt;s &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:212: cond_false: Condition &quot;*__errno_location() == 4&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:217: check_return: Calling function &quot;setsockopt(so-&gt;s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:217: unchecked_value: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 10, (char *)&amp;opt, 4U)&quot;.
>
><a name='def371'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def371'>[#def371]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:146: switch: Switch case default
>qemu-kvm-1.2.0/slirp/misc.c:201: switch_default: Reached default
>qemu-kvm-1.2.0/slirp/misc.c:212: cond_true: Condition &quot;so-&gt;s &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:212: cond_false: Condition &quot;*__errno_location() == 4&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:215: check_return: Calling function &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:215: unchecked_value: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot;.
>
><a name='def372'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def372'>[#def372]</a>
>qemu-kvm-1.2.0/slirp/misc.c:267: check_return: Calling function &quot;select(0, &amp;fdset, &amp;fdset, &amp;fdset, &amp;t)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/slirp/misc.c:267: unchecked_value: No check of the return value of &quot;select(0, &amp;fdset, &amp;fdset, &amp;fdset, &amp;t)&quot;.
>
><a name='def373'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def373'>[#def373]</a>
>qemu-kvm-1.2.0/net/tap-linux.c:43: cond_true: Condition &quot;(fd = open(&quot;/dev/net/tun&quot;, 2)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:43: break: Breaking from loop
>qemu-kvm-1.2.0/net/tap-linux.c:43: loop_end: Reached end of loop
>qemu-kvm-1.2.0/net/tap-linux.c:44: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap-linux.c:47: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:51: cond_true: Condition &quot;*vnet_hdr&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:54: cond_true: Condition &quot;ioctl(fd, 2147767503UL /* (((2U &lt;&lt; 0 + 8 + 8 + 14) | (0x54 &lt;&lt; 0 + 8)) | (0xcf &lt;&lt; 0)) | (sizeof (unsigned int) &lt;&lt; 0 + 8 + 8) */, &amp;features) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:54: cond_true: Condition &quot;features &amp; 16384&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:58: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:60: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:62: cond_true: Condition &quot;vnet_hdr_required&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:62: cond_false: Condition &quot;!*vnet_hdr&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap-linux.c:67: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:70: cond_true: Condition &quot;ifname[0] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/net/tap-linux.c:71: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:73: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:75: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/tap-linux.c:83: if_end: End of if statement
>qemu-kvm-1.2.0/net/tap-linux.c:85: check_return: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/net/tap-linux.c:85: unchecked_value: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.
>
><a name='def374'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def374'>[#def374]</a>
>qemu-kvm-1.2.0/slirp/sbuf.c:80: cond_false: Condition &quot;m-&gt;m_hdr.mh_len &lt;= 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/sbuf.c:83: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/sbuf.c:90: cond_true: Condition &quot;so-&gt;so_urgc&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/sbuf.c:93: check_return: Calling function &quot;sosendoob(so)&quot; without checking return value. It wraps a library function that may fail and return an error code.
>qemu-kvm-1.2.0/slirp/socket.c:298:2: cond_true: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:301:2: cond_true: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:303:3: return_wrapper: The function wraps and returns the value of &quot;slirp_send(so, sb-&gt;sb_rptr, so-&gt;so_urgc, 1)&quot;
>qemu-kvm-1.2.0/slirp/slirp.c:828:2: cond_true: Condition &quot;so-&gt;s == -1&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:828:2: cond_false: Condition &quot;so-&gt;extra&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:831:2: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:833:2: return_wrapper: The function wraps and returns the value of &quot;send(so-&gt;s, buf, len, flags)&quot;
>qemu-kvm-1.2.0/slirp/socket.c:307:2: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/socket.c:330:2: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:334:2: cond_true: Condition &quot;sb-&gt;sb_rptr &gt;= sb-&gt;sb_data + sb-&gt;sb_datalen&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/sbuf.c:93: unchecked_value: No check of the return value of &quot;sosendoob(so)&quot;.
>
><a name='def375'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def375'>[#def375]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:70: cond_false: Condition &quot;qemu_pipe(notifier_fds) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:73: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:75: cond_false: Condition &quot;!p-&gt;pool&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:78: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:80: cond_false: Condition &quot;!p-&gt;completed&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:87: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:91: check_return: Calling function &quot;fcntl(p-&gt;rfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:91: unchecked_value: No check of the return value of &quot;fcntl(p-&gt;rfd, 4, 2048)&quot;.
>
><a name='def376'/>Error: CHECKED_RETURN (CWE-252): <a href ='#def376'>[#def376]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:70: cond_false: Condition &quot;qemu_pipe(notifier_fds) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:73: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:75: cond_false: Condition &quot;!p-&gt;pool&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:78: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:80: cond_false: Condition &quot;!p-&gt;completed&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:87: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:92: check_return: Calling function &quot;fcntl(p-&gt;wfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:92: unchecked_value: No check of the return value of &quot;fcntl(p-&gt;wfd, 4, 2048)&quot;.
>
><a name='def377'/>Error: CHROOT (CWE-243): <a href ='#def377'>[#def377]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;61&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5714: switch_case: Reached case &quot;61&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5715: cond_false: Condition &quot;!(p = lock_user_string(arg1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5716: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:5717: chroot_call: Calling chroot: &quot;chroot(p)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:5717: chroot: Calling function &quot;get_errno(abi_long)&quot; after chroot() but before calling chdir(&quot;/&quot;).
>
><a name='def378'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def378'>[#def378]</a>
>qemu-kvm-1.2.0/target-arm/helper.c:565: result_independent_of_operands: (ret &amp; (20 /* 0xa &lt;&lt; 1 */)) &gt;&gt; 5 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def379'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def379'>[#def379]</a>
>qemu-kvm-1.2.0/hw/megasas.c:1222: result_independent_of_operands: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def380'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def380'>[#def380]</a>
>qemu-kvm-1.2.0/hw/megasas.c:910: result_independent_of_operands: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def381'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def381'>[#def381]</a>
>qemu-kvm-1.2.0/qapi/opts-visitor.c:287: result_independent_of_operands: -9223372036854775808LL /* -9223372036854775807L - 1 */ &lt;= val is always true regardless of the values of its operands. This occurs as the logical second operand of &apos;&amp;&amp;&apos;.
>
><a name='def382'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def382'>[#def382]</a>
>qemu-kvm-1.2.0/hw/megasas.c:1105: result_independent_of_operands: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def383'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def383'>[#def383]</a>
>qemu-kvm-1.2.0/hw/megasas.c:954: result_independent_of_operands: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def384'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def384'>[#def384]</a>
>qemu-kvm-1.2.0/hw/megasas.c:695: result_independent_of_operands: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def385'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def385'>[#def385]</a>
>qemu-kvm-1.2.0/hw/pxa2xx_lcd.c:622: result_independent_of_operands: *((uint16_t *)src) &amp; (16777216 /* 1 &lt;&lt; 24 */) is always 0 regardless of the values of its operands. This occurs as the operand of assignment.
>
><a name='def386'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def386'>[#def386]</a>
>qemu-kvm-1.2.0/target-sh4/translate.c:1414: result_independent_of_operands: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.
>
><a name='def387'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def387'>[#def387]</a>
>qemu-kvm-1.2.0/target-sh4/translate.c:1418: result_independent_of_operands: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.
>
><a name='def388'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def388'>[#def388]</a>
>qemu-kvm-1.2.0/target-sh4/translate.c:1423: result_independent_of_operands: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.
>
><a name='def389'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def389'>[#def389]</a>
>qemu-kvm-1.2.0/target-sh4/translate.c:1430: result_independent_of_operands: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.
>
><a name='def390'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def390'>[#def390]</a>
>qemu-kvm-1.2.0/target-s390x/int_helper.c:60: result_independent_of_operands: (__uint128_t)env-&gt;regs[r1] &lt;&lt; 64 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.
>
><a name='def391'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def391'>[#def391]</a>
>qemu-kvm-1.2.0/target-s390x/int_helper.c:40: result_independent_of_operands: res &gt;&gt; 64 is 0 regardless of the values of its operands. This occurs as the operand of assignment.
>
><a name='def392'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def392'>[#def392]</a>
>qemu-kvm-1.2.0/hw/imx_ccm.c:156: result_independent_of_operands: (s-&gt;ccmr &amp; (6U /* 3 &lt;&lt; 1 */)) == 1 is always false regardless of the values of its operands. This occurs as the logical operand of if.
>
><a name='def393'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def393'>[#def393]</a>
>qemu-kvm-1.2.0/hw/sun4c_intctl.c:129: result_independent_of_operands: s-&gt;reg &amp; 0x80000000U is always 0 regardless of the values of its operands. This occurs as the logical operand of &apos;!&apos;.
>
><a name='def394'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def394'>[#def394]</a>
>qemu-kvm-1.2.0/hw/max111x.c:76: missing_parentheses: ((value &amp; 4294967279U /* ~(1 &lt;&lt; 4) */) &gt;&gt; 2 /* 2 + 0 */) &amp; 4 is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;. Did you intend to apply &apos;&amp;&apos; to 2 /* 2 + 0 */ and 4? If so, parentheses would be required to force this interpretation.
>
><a name='def395'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def395'>[#def395]</a>
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:574: pointless_expression: The expression cdb[1] &amp; 1 || cdb[1] &amp; 1 does not accomplish anything because it evaluates to either of its identical operands, cdb[1] &amp; 1. Did you intend the operands to be different?
>
><a name='def396'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def396'>[#def396]</a>
>qemu-kvm-1.2.0/buffered_file.c:226: result_independent_of_operands: new_rate &gt; 18446744073709551615UL is always false regardless of the values of its operands. This occurs as the logical operand of if.
>
><a name='def397'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def397'>[#def397]</a>
>qemu-kvm-1.2.0/sparc-dis.c:3053: result_independent_of_operands: (unsigned int)((insn &gt;&gt; 14) &amp; 31) &lt; 32 is always true regardless of the values of its operands. This occurs as the logical operand of if.
>
><a name='def398'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def398'>[#def398]</a>
>qemu-kvm-1.2.0/sparc-dis.c:3061: result_independent_of_operands: (unsigned int)((insn &gt;&gt; 25) &amp; 31) &lt; 32 is always true regardless of the values of its operands. This occurs as the logical operand of if.
>
><a name='def399'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def399'>[#def399]</a>
>/usr/include/bits/stdio2.h:287: pointless_expression: The expression 1 /* !0 */ || 1 /* !0 */ does not accomplish anything because it evaluates to either of its identical operands, 1 /* !0 */. Did you intend the operands to be different?
>
><a name='def400'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def400'>[#def400]</a>
>qemu-kvm-1.2.0/target-i386/arch_memory_mapping.c:134: result_independent_of_operands: (pde &amp; 2088960) &lt;&lt; 19 is 0 regardless of the values of its operands. This occurs as the bitwise second operand of &apos;|&apos;.
>
><a name='def401'/>Error: CONSTANT_EXPRESSION_RESULT (CWE-569): <a href ='#def401'>[#def401]</a>
>qemu-kvm-1.2.0/hw/qdev-addr.c:52: result_independent_of_operands: (uint64_t)value &lt;= 18446744073709551615UL /* (uint64_t)~((target_phys_addr_t)0) */ is always true regardless of the values of its operands. This occurs as the logical operand of if.
>
><a name='def402'/>Error: COPY_PASTE_ERROR: <a href ='#def402'>[#def402]</a>
>qemu-kvm-1.2.0/target-i386/seg_helper.c:128: original: &quot;lduw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + index + 2U) + guest_base))&quot; looks like the original copy.
>qemu-kvm-1.2.0/target-i386/seg_helper.c:131: copy_paste_error: &quot;lduw_le_p&quot; in &quot;lduw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + index + 4U) + guest_base))&quot; looks like a copy-paste error. Should it say &quot;ldl_le_p&quot; instead?
>
><a name='def403'/>Error: COPY_PASTE_ERROR: <a href ='#def403'>[#def403]</a>
>qemu-kvm-1.2.0/target-i386/seg_helper.c:352: original: &quot;stw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + (34 + i * 4)) + guest_base), env-&gt;segs[i].selector)&quot; looks like the original copy.
>qemu-kvm-1.2.0/target-i386/seg_helper.c:336: copy_paste_error: &quot;stw_le_p&quot; in &quot;stw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + (72 + i * 4)) + guest_base), env-&gt;segs[i].selector)&quot; looks like a copy-paste error. Should it say &quot;stl_le_p&quot; instead?
>
><a name='def404'/>Error: DEADCODE (CWE-561): <a href ='#def404'>[#def404]</a>
>qemu-kvm-1.2.0/migration.c:122: assignment: Assigning: &quot;head&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/migration.c:128: null: At condition &quot;head == NULL&quot;, the value of &quot;head&quot; must be NULL.
>qemu-kvm-1.2.0/migration.c:128: dead_error_condition: The condition &quot;head == NULL&quot; must be true.
>qemu-kvm-1.2.0/migration.c:132: dead_error_begin: Execution cannot reach this statement &quot;caps-&gt;next = g_malloc0(16UL);&quot;.
>
><a name='def405'/>Error: DEADCODE (CWE-561): <a href ='#def405'>[#def405]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2404: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2403: equality_cond: Jumping to case &quot;6&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2407: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[6,6], [10,10]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:2407: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2417: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def406'/>Error: DEADCODE (CWE-561): <a href ='#def406'>[#def406]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2430: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2429: equality_cond: Jumping to case &quot;7&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2433: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[7,7], [11,11]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:2433: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2442: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def407'/>Error: DEADCODE (CWE-561): <a href ='#def407'>[#def407]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2352: equality_cond: Jumping to case &quot;4&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2353: equality_cond: Jumping to case &quot;8&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2356: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [8,8]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:2356: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2366: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def408'/>Error: DEADCODE (CWE-561): <a href ='#def408'>[#def408]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2377: equality_cond: Jumping to case &quot;5&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2378: equality_cond: Jumping to case &quot;9&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2381: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[5,5], [9,9]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:2381: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2391: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def409'/>Error: DEADCODE (CWE-561): <a href ='#def409'>[#def409]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def410'/>Error: DEADCODE (CWE-561): <a href ='#def410'>[#def410]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def411'/>Error: DEADCODE (CWE-561): <a href ='#def411'>[#def411]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:2035: assignment: Assigning: &quot;rm&quot; = &quot;modrm &amp; 7&quot;.
>qemu-kvm-1.2.0/target-i386/translate.c:2152: between: When switching on &quot;rm&quot;, the value of &quot;rm&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/target-i386/translate.c:2152: dead_error_condition: The switch value &quot;rm&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:2178: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def412'/>Error: DEADCODE (CWE-561): <a href ='#def412'>[#def412]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:2208: assignment: Assigning: &quot;mod&quot; = &quot;(modrm &gt;&gt; 6) &amp; 3&quot;.
>qemu-kvm-1.2.0/target-i386/translate.c:2222: between: When switching on &quot;mod&quot;, the value of &quot;mod&quot; must be between 0 and 2.
>qemu-kvm-1.2.0/target-i386/translate.c:2209: cond_cannot_single: Condition &quot;mod == 3&quot;, taking false branch. Now the value of &quot;mod&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-i386/translate.c:2222: cannot_single: When switching on &quot;mod&quot;, the value of &quot;mod&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-i386/translate.c:2222: dead_error_condition: The switch value &quot;mod&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:2231: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def413'/>Error: DEADCODE (CWE-561): <a href ='#def413'>[#def413]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:2208: assignment: Assigning: &quot;mod&quot; = &quot;(modrm &gt;&gt; 6) &amp; 3&quot;.
>qemu-kvm-1.2.0/target-i386/translate.c:2237: between: When switching on &quot;mod&quot;, the value of &quot;mod&quot; must be between 0 and 2.
>qemu-kvm-1.2.0/target-i386/translate.c:2209: cond_cannot_single: Condition &quot;mod == 3&quot;, taking false branch. Now the value of &quot;mod&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-i386/translate.c:2237: cannot_single: When switching on &quot;mod&quot;, the value of &quot;mod&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-i386/translate.c:2237: dead_error_condition: The switch value &quot;mod&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:2246: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def414'/>Error: DEADCODE (CWE-561): <a href ='#def414'>[#def414]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:11077: dead_error_condition: The switch value &quot;(ctx-&gt;opcode &gt;&gt; 6) &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-mips/translate.c:11097: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def415'/>Error: DEADCODE (CWE-561): <a href ='#def415'>[#def415]</a>
>qemu-kvm-1.2.0/hw/serial.c:521: assignment: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.
>qemu-kvm-1.2.0/hw/serial.c:522: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/hw/serial.c:522: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/serial.c:523: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def416'/>Error: DEADCODE (CWE-561): <a href ='#def416'>[#def416]</a>
>qemu-kvm-1.2.0/hw/serial.c:374: assignment: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.
>qemu-kvm-1.2.0/hw/serial.c:376: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/hw/serial.c:376: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/serial.c:377: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def417'/>Error: DEADCODE (CWE-561): <a href ='#def417'>[#def417]</a>
>qemu-kvm-1.2.0/target-unicore32/translate.c:1305: dead_error_condition: The switch value &quot;(insn &gt;&gt; 25) &amp; 0xfU&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-unicore32/translate.c:1431: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def418'/>Error: DEADCODE (CWE-561): <a href ='#def418'>[#def418]</a>
>qemu-kvm-1.2.0/target-ppc/fpu_helper.c:260: dead_error_condition: The switch value &quot;(env-&gt;fpscr &gt;&gt; 0) &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-ppc/fpu_helper.c:273: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def419'/>Error: DEADCODE (CWE-561): <a href ='#def419'>[#def419]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def420'/>Error: DEADCODE (CWE-561): <a href ='#def420'>[#def420]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def421'/>Error: DEADCODE (CWE-561): <a href ='#def421'>[#def421]</a>
>qemu-kvm-1.2.0/softmmu_template.h:143: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:144: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def422'/>Error: DEADCODE (CWE-561): <a href ='#def422'>[#def422]</a>
>qemu-kvm-1.2.0/hw/shpc.c:557: assignment: Assigning: &quot;nslots&quot; = &quot;31&quot;.
>qemu-kvm-1.2.0/hw/shpc.c:565: const: At condition &quot;nslots &lt; 1&quot;, the value of &quot;nslots&quot; must be equal to 31.
>qemu-kvm-1.2.0/hw/shpc.c:565: dead_error_condition: The condition &quot;nslots &lt; 1&quot; cannot be true.
>qemu-kvm-1.2.0/hw/shpc.c:566: dead_error_line: Execution cannot reach this statement &quot;return 0;&quot;.
>
><a name='def423'/>Error: DEADCODE (CWE-561): <a href ='#def423'>[#def423]</a>
>qemu-kvm-1.2.0/hw/shpc.c:557: assignment: Assigning: &quot;nslots&quot; = &quot;31&quot;.
>qemu-kvm-1.2.0/hw/shpc.c:568: const: At condition &quot;nslots &gt; 31&quot;, the value of &quot;nslots&quot; must be equal to 31.
>qemu-kvm-1.2.0/hw/shpc.c:568: dead_error_condition: The condition &quot;nslots &gt; 31&quot; cannot be true.
>qemu-kvm-1.2.0/hw/shpc.c:568: const: At condition &quot;nslots + 1 &gt; 32&quot;, the value of &quot;nslots&quot; must be equal to 31.
>qemu-kvm-1.2.0/hw/shpc.c:568: dead_error_condition: The condition &quot;nslots + 1 &gt; 32&quot; cannot be true.
>qemu-kvm-1.2.0/hw/shpc.c:571: dead_error_line: Execution cannot reach this statement &quot;return -22;&quot;.
>
><a name='def424'/>Error: DEADCODE (CWE-561): <a href ='#def424'>[#def424]</a>
>qemu-kvm-1.2.0/target-sparc/translate.c:4674: assignment: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 23U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 23.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 7U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 7.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 20U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 19.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_const: Condition &quot;xop != 14U&quot;, taking false branch. Now the value of &quot;xop&quot; is equal to 14.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:4911: cond_const: Condition &quot;xop &gt;= 32U&quot;, taking false branch. Now the value of &quot;xop&quot; is equal to 30.
>qemu-kvm-1.2.0/target-sparc/translate.c:4966: intervals: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be in one of the following intervals: {[4,7], [14,14], [20,23], [30,30]}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4966: dead_error_condition: The switch value &quot;xop&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/translate.c:5056: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def425'/>Error: DEADCODE (CWE-561): <a href ='#def425'>[#def425]</a>
>qemu-kvm-1.2.0/target-sparc/translate.c:4674: assignment: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:4911: cond_between: Condition &quot;xop &gt;= 32U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:4911: cond_between: Condition &quot;xop &lt; 36U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 36 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:5059: cond_between: Condition &quot;xop &lt; 40U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 36 and 39.
>qemu-kvm-1.2.0/target-sparc/translate.c:5063: between: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be between 36 and 39.
>qemu-kvm-1.2.0/target-sparc/translate.c:4683: cond_cannot_single: Condition &quot;xop == 60U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to 60.
>qemu-kvm-1.2.0/target-sparc/translate.c:4683: cond_cannot_set: Condition &quot;xop == 62U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {60, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_cannot_set: Condition &quot;xop == 31U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_cannot_set: Condition &quot;xop == 61U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4963: cond_cannot_set: Condition &quot;xop == 14U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {14, 31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4963: cond_cannot_set: Condition &quot;xop == 30U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {14, 30, 31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:5063: cannot_set: When switching on &quot;xop&quot;, the value of &quot;xop&quot; cannot be equal to any of {14, 30, 31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:5063: dead_error_condition: The switch value &quot;xop&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/translate.c:5114: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def426'/>Error: DEADCODE (CWE-561): <a href ='#def426'>[#def426]</a>
>qemu-kvm-1.2.0/target-sparc/translate.c:4674: assignment: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_between: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:4911: cond_between: Condition &quot;xop &gt;= 32U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 44.
>qemu-kvm-1.2.0/target-sparc/translate.c:4911: cond_between: Condition &quot;xop &lt; 36U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 35.
>qemu-kvm-1.2.0/target-sparc/translate.c:4915: between: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be between 32 and 35.
>qemu-kvm-1.2.0/target-sparc/translate.c:4683: cond_cannot_single: Condition &quot;xop == 60U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to 60.
>qemu-kvm-1.2.0/target-sparc/translate.c:4683: cond_cannot_set: Condition &quot;xop == 62U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {60, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_cannot_set: Condition &quot;xop == 31U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4698: cond_cannot_set: Condition &quot;xop == 61U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4915: cannot_set: When switching on &quot;xop&quot;, the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.
>qemu-kvm-1.2.0/target-sparc/translate.c:4915: dead_error_condition: The switch value &quot;xop&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/translate.c:4960: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def427'/>Error: DEADCODE (CWE-561): <a href ='#def427'>[#def427]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def428'/>Error: DEADCODE (CWE-561): <a href ='#def428'>[#def428]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def429'/>Error: DEADCODE (CWE-561): <a href ='#def429'>[#def429]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def430'/>Error: DEADCODE (CWE-561): <a href ='#def430'>[#def430]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def431'/>Error: DEADCODE (CWE-561): <a href ='#def431'>[#def431]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1355: assignment: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1356: null: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.
>qemu-kvm-1.2.0/linux-user/elfload.c:1356: dead_error_condition: The condition &quot;k_platform&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/elfload.c:1357: dead_error_begin: Execution cannot reach this statement &quot;len = strlen(k_platform) + ...&quot;.
>
><a name='def432'/>Error: DEADCODE (CWE-561): <a href ='#def432'>[#def432]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1355: assignment: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1382: null: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.
>qemu-kvm-1.2.0/linux-user/elfload.c:1382: dead_error_condition: The condition &quot;k_platform&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/elfload.c:1383: dead_error_line: Execution cannot reach this statement &quot;size += 2;&quot;.
>
><a name='def433'/>Error: DEADCODE (CWE-561): <a href ='#def433'>[#def433]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1355: assignment: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1420: null: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.
>qemu-kvm-1.2.0/linux-user/elfload.c:1420: dead_error_condition: The condition &quot;k_platform&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/elfload.c:1421: dead_error_begin: Execution cannot reach this statement &quot;do {
> sp -= 4U;
> ({
> a...&quot;.
>
><a name='def434'/>Error: DEADCODE (CWE-561): <a href ='#def434'>[#def434]</a>
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1439: assignment: Assigning: &quot;stack_adjust&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1453: const: At condition &quot;stack_adjust == 8&quot;, the value of &quot;stack_adjust&quot; must be equal to 0.
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1453: dead_error_condition: The condition &quot;stack_adjust == 8&quot; cannot be true.
>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1455: dead_error_line: Execution cannot reach this statement &quot;tcg_out_pop(s, 1);&quot;.
>
><a name='def435'/>Error: DEADCODE (CWE-561): <a href ='#def435'>[#def435]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:5110: dead_error_condition: The condition &quot;({...})&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:5111: dead_error_line: Execution cannot reach this statement &quot;goto badframe;&quot;.
>
><a name='def436'/>Error: DEADCODE (CWE-561): <a href ='#def436'>[#def436]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:5114: dead_error_condition: The condition &quot;({...})&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:5115: dead_error_line: Execution cannot reach this statement &quot;goto badframe;&quot;.
>
><a name='def437'/>Error: DEADCODE (CWE-561): <a href ='#def437'>[#def437]</a>
>qemu-kvm-1.2.0/qapi-visit.c:479: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:482: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:482: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:482: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def438'/>Error: DEADCODE (CWE-561): <a href ='#def438'>[#def438]</a>
>qemu-kvm-1.2.0/qapi-visit.c:479: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:487: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:487: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:487: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_MigrationStats(m...&quot;.
>
><a name='def439'/>Error: DEADCODE (CWE-561): <a href ='#def439'>[#def439]</a>
>qemu-kvm-1.2.0/qapi-visit.c:479: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:492: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:492: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:492: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_MigrationStats(m...&quot;.
>
><a name='def440'/>Error: DEADCODE (CWE-561): <a href ='#def440'>[#def440]</a>
>qemu-kvm-1.2.0/qapi-visit.c:479: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:497: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:497: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:497: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_XBZRLECacheStats...&quot;.
>
><a name='def441'/>Error: DEADCODE (CWE-561): <a href ='#def441'>[#def441]</a>
>qemu-kvm-1.2.0/qapi-visit.c:479: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:502: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:502: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:502: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def442'/>Error: DEADCODE (CWE-561): <a href ='#def442'>[#def442]</a>
>qemu-kvm-1.2.0/qapi-visit.c:29: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:32: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:32: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:32: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def443'/>Error: DEADCODE (CWE-561): <a href ='#def443'>[#def443]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1331: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1355: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1355: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1355: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_PciDeviceInfoLis...&quot;.
>
><a name='def444'/>Error: DEADCODE (CWE-561): <a href ='#def444'>[#def444]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1277: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1284: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1284: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1284: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def445'/>Error: DEADCODE (CWE-561): <a href ='#def445'>[#def445]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1277: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1289: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1289: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1289: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def446'/>Error: DEADCODE (CWE-561): <a href ='#def446'>[#def446]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1397: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1409: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1409: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1409: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def447'/>Error: DEADCODE (CWE-561): <a href ='#def447'>[#def447]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1397: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1441: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1441: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1441: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def448'/>Error: DEADCODE (CWE-561): <a href ='#def448'>[#def448]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1397: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1447: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1447: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1447: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_PciBridgeInfo(m,...&quot;.
>
><a name='def449'/>Error: DEADCODE (CWE-561): <a href ='#def449'>[#def449]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1096: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1096: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1096: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def450'/>Error: DEADCODE (CWE-561): <a href ='#def450'>[#def450]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1101: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1101: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1101: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def451'/>Error: DEADCODE (CWE-561): <a href ='#def451'>[#def451]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1106: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1106: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1106: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def452'/>Error: DEADCODE (CWE-561): <a href ='#def452'>[#def452]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1111: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1111: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1111: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def453'/>Error: DEADCODE (CWE-561): <a href ='#def453'>[#def453]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1116: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1116: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1116: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def454'/>Error: DEADCODE (CWE-561): <a href ='#def454'>[#def454]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1091: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1122: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1122: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1122: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_SpiceChannelList...&quot;.
>
><a name='def455'/>Error: DEADCODE (CWE-561): <a href ='#def455'>[#def455]</a>
>qemu-kvm-1.2.0/qapi-visit.c:920: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:926: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:926: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:926: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def456'/>Error: DEADCODE (CWE-561): <a href ='#def456'>[#def456]</a>
>qemu-kvm-1.2.0/qapi-visit.c:920: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:931: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:931: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:931: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def457'/>Error: DEADCODE (CWE-561): <a href ='#def457'>[#def457]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1582: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1587: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1587: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1587: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def458'/>Error: DEADCODE (CWE-561): <a href ='#def458'>[#def458]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1582: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1592: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1592: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1592: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_NewImageMode(m, ...&quot;.
>
><a name='def459'/>Error: DEADCODE (CWE-561): <a href ='#def459'>[#def459]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2737: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2741: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2741: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2741: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def460'/>Error: DEADCODE (CWE-561): <a href ='#def460'>[#def460]</a>
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:678: assignment: Assigning: &quot;fn&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:680: const: At condition &quot;fn&quot;, the value of &quot;fn&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:680: dead_error_condition: The condition &quot;fn&quot; cannot be true.
>qemu-kvm-1.2.0/hw/spapr_vscsi.c:682: dead_error_line: Execution cannot reach this statement &quot;;&quot;.
>
><a name='def461'/>Error: DEADCODE (CWE-561): <a href ='#def461'>[#def461]</a>
>qemu-kvm-1.2.0/hw/xilinx_axienet.c:538: assignment: Assigning: &quot;value&quot; &amp;= &quot;0UL&quot;.
>qemu-kvm-1.2.0/hw/xilinx_axienet.c:541: const: At condition &quot;value &amp; 0x40UL&quot;, the value of &quot;value&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/xilinx_axienet.c:541: dead_error_condition: The condition &quot;value &amp; 0x40UL&quot; cannot be true.
>qemu-kvm-1.2.0/hw/xilinx_axienet.c:542: dead_error_begin: Execution cannot reach this statement &quot;miiclkdiv = value &amp; 0x3fUL;&quot;.
>
><a name='def462'/>Error: DEADCODE (CWE-561): <a href ='#def462'>[#def462]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:4921: cond_const: Condition &quot;err&quot;, taking false branch. Now the value of &quot;err&quot; is equal to 0.
>qemu-kvm-1.2.0/linux-user/signal.c:4932: assignment: Assigning: &quot;err&quot; |= &quot;({...})&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:4936: assignment: Assigning: &quot;err&quot; |= &quot;({...})&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:4939: const: At condition &quot;err&quot;, the value of &quot;err&quot; must be equal to 0.
>qemu-kvm-1.2.0/linux-user/signal.c:4939: dead_error_condition: The condition &quot;err&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:4940: dead_error_line: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.
>
><a name='def463'/>Error: DEADCODE (CWE-561): <a href ='#def463'>[#def463]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:4925: dead_error_condition: The condition &quot;({...})&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:4926: dead_error_line: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.
>
><a name='def464'/>Error: DEADCODE (CWE-561): <a href ='#def464'>[#def464]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:5062: cond_const: Condition &quot;err&quot;, taking false branch. Now the value of &quot;err&quot; is equal to 0.
>qemu-kvm-1.2.0/linux-user/signal.c:5073: assignment: Assigning: &quot;err&quot; |= &quot;({...})&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:5077: assignment: Assigning: &quot;err&quot; |= &quot;({...})&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:5079: assignment: Assigning: &quot;err&quot; |= &quot;({...})&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:5081: const: At condition &quot;err&quot;, the value of &quot;err&quot; must be equal to 0.
>qemu-kvm-1.2.0/linux-user/signal.c:5081: dead_error_condition: The condition &quot;err&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:5082: dead_error_line: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.
>
><a name='def465'/>Error: DEADCODE (CWE-561): <a href ='#def465'>[#def465]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:5066: dead_error_condition: The condition &quot;({...})&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/signal.c:5067: dead_error_line: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.
>
><a name='def466'/>Error: DEADCODE (CWE-561): <a href ='#def466'>[#def466]</a>
>qemu-kvm-1.2.0/hw/cuda.c:260: assignment: Assigning: &quot;addr&quot; = &quot;(addr &gt;&gt; 9) &amp; 0xfUL&quot;.
>qemu-kvm-1.2.0/hw/cuda.c:261: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 15.
>qemu-kvm-1.2.0/hw/cuda.c:261: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/cuda.c:316: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def467'/>Error: DEADCODE (CWE-561): <a href ='#def467'>[#def467]</a>
>qemu-kvm-1.2.0/hw/cuda.c:332: assignment: Assigning: &quot;addr&quot; = &quot;(addr &gt;&gt; 9) &amp; 0xfUL&quot;.
>qemu-kvm-1.2.0/hw/cuda.c:335: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 15.
>qemu-kvm-1.2.0/hw/cuda.c:335: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/cuda.c:400: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def468'/>Error: DEADCODE (CWE-561): <a href ='#def468'>[#def468]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def469'/>Error: DEADCODE (CWE-561): <a href ='#def469'>[#def469]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def470'/>Error: DEADCODE (CWE-561): <a href ='#def470'>[#def470]</a>
>qemu-kvm-1.2.0/softmmu_template.h:143: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:144: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def471'/>Error: DEADCODE (CWE-561): <a href ='#def471'>[#def471]</a>
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:166: cond_at_least: Condition &quot;count &lt; 64L&quot;, taking false branch. Now the value of &quot;count&quot; is at least 64.
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: at_least: At condition &quot;count &lt; 64L&quot;, the value of &quot;count&quot; must be at least 64.
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:162: cond_cannot_single: Condition &quot;count == 0L&quot;, taking false branch. Now the value of &quot;count&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: cannot_single: At condition &quot;count &lt; 64L&quot;, the value of &quot;count&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: dead_error_condition: The condition &quot;count &lt; 64L&quot; cannot be true.
>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: dead_error_line: Execution cannot reach this expression &quot;a0 &gt;&gt; (count &amp; 0x3fL)&quot; inside statement &quot;z1 = ((count &lt; 64L) ? a0 &gt;&gt;...&quot;.
>
><a name='def472'/>Error: DEADCODE (CWE-561): <a href ='#def472'>[#def472]</a>
>qemu-kvm-1.2.0/target-arm/helper.c:2030: dead_error_condition: The switch value &quot;desc &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/helper.c:2059: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def473'/>Error: DEADCODE (CWE-561): <a href ='#def473'>[#def473]</a>
>qemu-kvm-1.2.0/target-arm/helper.c:2139: dead_error_condition: The switch value &quot;desc &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/helper.c:2153: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def474'/>Error: DEADCODE (CWE-561): <a href ='#def474'>[#def474]</a>
>qemu-kvm-1.2.0/cpus.c:944: cond_null: Condition &quot;penv&quot;, taking false branch. Now the value of &quot;penv&quot; is NULL.
>qemu-kvm-1.2.0/cpus.c:953: null: At condition &quot;penv&quot;, the value of &quot;penv&quot; must be NULL.
>qemu-kvm-1.2.0/cpus.c:953: dead_error_condition: The condition &quot;penv&quot; cannot be true.
>qemu-kvm-1.2.0/cpus.c:954: dead_error_begin: Execution cannot reach this statement &quot;penv-&gt;stop = 0U;&quot;.
>
><a name='def475'/>Error: DEADCODE (CWE-561): <a href ='#def475'>[#def475]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:4375: dead_error_condition: The condition &quot;flags &amp; 0U&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/syscall.c:4376: dead_error_line: Execution cannot reach this statement &quot;return -22;&quot;.
>
><a name='def476'/>Error: DEADCODE (CWE-561): <a href ='#def476'>[#def476]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def477'/>Error: DEADCODE (CWE-561): <a href ='#def477'>[#def477]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def478'/>Error: DEADCODE (CWE-561): <a href ='#def478'>[#def478]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def479'/>Error: DEADCODE (CWE-561): <a href ='#def479'>[#def479]</a>
>qemu-kvm-1.2.0/i386-dis.c:4957: assignment: Assigning: &quot;disp&quot; = &quot;0UL&quot;.
>qemu-kvm-1.2.0/i386-dis.c:5063: cond_const: Condition &quot;disp&quot;, taking false branch. Now the value of &quot;disp&quot; is equal to 0.
>qemu-kvm-1.2.0/i386-dis.c:5063: cond_at_least: Condition &quot;disp&quot;, taking true branch. Now the value of &quot;disp&quot; is at least 1.
>qemu-kvm-1.2.0/i386-dis.c:5066: at_least: At condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot;, the value of &quot;disp&quot; must be at least 0.
>qemu-kvm-1.2.0/i386-dis.c:5066: dead_error_condition: The condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot; must be true.
>qemu-kvm-1.2.0/i386-dis.c:5071: dead_error_line: Execution cannot reach this statement &quot;if (modrm.mod != 1){
> *obu...&quot;.
>
><a name='def480'/>Error: DEADCODE (CWE-561): <a href ='#def480'>[#def480]</a>
>qemu-kvm-1.2.0/i386-dis.c:4957: assignment: Assigning: &quot;disp&quot; = &quot;0UL&quot;.
>qemu-kvm-1.2.0/i386-dis.c:5139: cond_const: Condition &quot;disp&quot;, taking false branch. Now the value of &quot;disp&quot; is equal to 0.
>qemu-kvm-1.2.0/i386-dis.c:5139: cond_at_least: Condition &quot;disp&quot;, taking true branch. Now the value of &quot;disp&quot; is at least 1.
>qemu-kvm-1.2.0/i386-dis.c:5142: at_least: At condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot;, the value of &quot;disp&quot; must be at least 0.
>qemu-kvm-1.2.0/i386-dis.c:5142: dead_error_condition: The condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot; must be true.
>qemu-kvm-1.2.0/i386-dis.c:5147: dead_error_line: Execution cannot reach this statement &quot;if (modrm.mod != 1){
> *obu...&quot;.
>
><a name='def481'/>Error: DEADCODE (CWE-561): <a href ='#def481'>[#def481]</a>
>qemu-kvm-1.2.0/hw/ppc.c:826: dead_error_condition: The switch value &quot;(env-&gt;spr[986] &gt;&gt; 24) &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/ppc.c:839: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def482'/>Error: DEADCODE (CWE-561): <a href ='#def482'>[#def482]</a>
>qemu-kvm-1.2.0/hw/ppc.c:916: dead_error_condition: The switch value &quot;(env-&gt;spr[986] &gt;&gt; 30) &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/ppc.c:929: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def483'/>Error: DEADCODE (CWE-561): <a href ='#def483'>[#def483]</a>
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:373: cond_at_least: Condition &quot;(int64_t)r == 0L&quot;, taking false branch. Now the value of &quot;r&quot; is at least 1.
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: at_least: At condition &quot;(int64_t)r &lt; 0L&quot;, the value of &quot;r&quot; must be at least 1.
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:373: cond_cannot_single: Condition &quot;(int64_t)r == 0L&quot;, taking false branch. Now the value of &quot;r&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: cannot_single: At condition &quot;(int64_t)r &lt; 0L&quot;, the value of &quot;r&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: dead_error_condition: The condition &quot;(int64_t)r &lt; 0L&quot; cannot be true.
>qemu-kvm-1.2.0/target-s390x/cc_helper.c:376: dead_error_line: Execution cannot reach this statement &quot;return 1U;&quot;.
>
><a name='def484'/>Error: DEADCODE (CWE-561): <a href ='#def484'>[#def484]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:6629: assignment: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6631: equality_cond: Jumping to case &quot;0U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6632: equality_cond: Jumping to case &quot;1U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6633: equality_cond: Jumping to case &quot;2U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6634: equality_cond: Jumping to case &quot;3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6646: between: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:6646: dead_error_condition: The switch value &quot;i&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:6651: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def485'/>Error: DEADCODE (CWE-561): <a href ='#def485'>[#def485]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:6629: assignment: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6630: between: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:6630: dead_error_condition: The switch value &quot;i&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:6635: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def486'/>Error: DEADCODE (CWE-561): <a href ='#def486'>[#def486]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:6671: assignment: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6673: equality_cond: Jumping to case &quot;0U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6674: equality_cond: Jumping to case &quot;1U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6675: equality_cond: Jumping to case &quot;2U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6676: equality_cond: Jumping to case &quot;3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6687: between: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:6687: dead_error_condition: The switch value &quot;i&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:6692: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def487'/>Error: DEADCODE (CWE-561): <a href ='#def487'>[#def487]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:6671: assignment: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6672: between: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:6672: dead_error_condition: The switch value &quot;i&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:6677: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def488'/>Error: DEADCODE (CWE-561): <a href ='#def488'>[#def488]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:6949: assignment: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 0xfU&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:6980: cond_const: Condition &quot;op1 != 13U&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 13.
>qemu-kvm-1.2.0/target-arm/translate.c:6980: cond_const: Condition &quot;op1 != 15U&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 15.
>qemu-kvm-1.2.0/target-arm/translate.c:6987: between: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 15.
>qemu-kvm-1.2.0/target-arm/translate.c:6987: dead_error_condition: The switch value &quot;op1&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:7113: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def489'/>Error: DEADCODE (CWE-561): <a href ='#def489'>[#def489]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:7201: assignment: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:7202: cond_const: Condition &quot;op1&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 0.
>qemu-kvm-1.2.0/target-arm/translate.c:7202: cond_between: Condition &quot;op1&quot;, taking true branch. Now the value of &quot;op1&quot; is between 1 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7209: between: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7209: dead_error_condition: The switch value &quot;op1&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:7222: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def490'/>Error: DEADCODE (CWE-561): <a href ='#def490'>[#def490]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:7201: assignment: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:7202: cond_const: Condition &quot;op1&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 0.
>qemu-kvm-1.2.0/target-arm/translate.c:7202: cond_between: Condition &quot;op1&quot;, taking true branch. Now the value of &quot;op1&quot; is between 1 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7227: between: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7227: dead_error_condition: The switch value &quot;op1&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:7240: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def491'/>Error: DEADCODE (CWE-561): <a href ='#def491'>[#def491]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:7132: assignment: Assigning: &quot;sh&quot; = &quot;(insn &gt;&gt; 5) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:7133: cond_between: Condition &quot;sh == 0U&quot;, taking false branch. Now the value of &quot;sh&quot; is between 1 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7277: between: When switching on &quot;sh&quot;, the value of &quot;sh&quot; must be between 1 and 3.
>qemu-kvm-1.2.0/target-arm/translate.c:7133: cond_cannot_single: Condition &quot;sh == 0U&quot;, taking false branch. Now the value of &quot;sh&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-arm/translate.c:7277: cannot_single: When switching on &quot;sh&quot;, the value of &quot;sh&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-arm/translate.c:7277: dead_error_condition: The switch value &quot;sh&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:7284: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def492'/>Error: DEADCODE (CWE-561): <a href ='#def492'>[#def492]</a>
>qemu-kvm-1.2.0/hw/escc.c:475: assignment: Assigning: &quot;saddr&quot; = &quot;(addr &gt;&gt; serial-&gt;it_shift) &amp; 1UL&quot;.
>qemu-kvm-1.2.0/hw/escc.c:478: between: When switching on &quot;saddr&quot;, the value of &quot;saddr&quot; must be between 0 and 1.
>qemu-kvm-1.2.0/hw/escc.c:478: dead_error_condition: The switch value &quot;saddr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/escc.c:563: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def493'/>Error: DEADCODE (CWE-561): <a href ='#def493'>[#def493]</a>
>qemu-kvm-1.2.0/hw/escc.c:577: assignment: Assigning: &quot;saddr&quot; = &quot;(addr &gt;&gt; serial-&gt;it_shift) &amp; 1UL&quot;.
>qemu-kvm-1.2.0/hw/escc.c:580: between: When switching on &quot;saddr&quot;, the value of &quot;saddr&quot; must be between 0 and 1.
>qemu-kvm-1.2.0/hw/escc.c:580: dead_error_condition: The switch value &quot;saddr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/escc.c:597: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def494'/>Error: DEADCODE (CWE-561): <a href ='#def494'>[#def494]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:3939: assignment: Assigning: &quot;nregs&quot; = &quot;((insn &gt;&gt; 8) &amp; 3U) + 1U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3941: between: When switching on &quot;nregs&quot;, the value of &quot;nregs&quot; must be between 1 and 4.
>qemu-kvm-1.2.0/target-arm/translate.c:3941: dead_error_condition: The switch value &quot;nregs&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:3963: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def495'/>Error: DEADCODE (CWE-561): <a href ='#def495'>[#def495]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:3870: assignment: Assigning: &quot;size&quot; = &quot;(insn &gt;&gt; 10) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3924: equality_cond: Jumping to case &quot;0&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3978: equality_cond: Jumping to case &quot;0&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3928: equality_cond: Jumping to case &quot;1&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3981: equality_cond: Jumping to case &quot;1&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3932: equality_cond: Jumping to case &quot;2&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3984: equality_cond: Jumping to case &quot;2&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3977: between: When switching on &quot;size&quot;, the value of &quot;size&quot; must be between 0 and 2.
>qemu-kvm-1.2.0/target-arm/translate.c:3977: dead_error_condition: The switch value &quot;size&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:3987: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def496'/>Error: DEADCODE (CWE-561): <a href ='#def496'>[#def496]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:3870: assignment: Assigning: &quot;size&quot; = &quot;(insn &gt;&gt; 10) &amp; 3U&quot;.
>qemu-kvm-1.2.0/target-arm/translate.c:3923: between: When switching on &quot;size&quot;, the value of &quot;size&quot; must be between 0 and 2.
>qemu-kvm-1.2.0/target-arm/translate.c:3871: cond_cannot_single: Condition &quot;size == 3&quot;, taking false branch. Now the value of &quot;size&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-arm/translate.c:3923: cannot_single: When switching on &quot;size&quot;, the value of &quot;size&quot; cannot be equal to 3.
>qemu-kvm-1.2.0/target-arm/translate.c:3923: dead_error_condition: The switch value &quot;size&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:3936: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def497'/>Error: DEADCODE (CWE-561): <a href ='#def497'>[#def497]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def498'/>Error: DEADCODE (CWE-561): <a href ='#def498'>[#def498]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def499'/>Error: DEADCODE (CWE-561): <a href ='#def499'>[#def499]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def500'/>Error: DEADCODE (CWE-561): <a href ='#def500'>[#def500]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def501'/>Error: DEADCODE (CWE-561): <a href ='#def501'>[#def501]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1590: assignment: Assigning: &quot;addr&quot; = &quot;addr1 &amp; 7U&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1594: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/hw/ide/core.c:1594: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/ide/core.c:1645: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def502'/>Error: DEADCODE (CWE-561): <a href ='#def502'>[#def502]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1593: assignment: Assigning: &quot;hob&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1602: const: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/ide/core.c:1602: dead_error_condition: The condition &quot;!hob&quot; must be true.
>qemu-kvm-1.2.0/hw/ide/core.c:1605: dead_error_line: Execution cannot reach this statement &quot;ret = s-&gt;hob_feature;&quot;.
>
><a name='def503'/>Error: DEADCODE (CWE-561): <a href ='#def503'>[#def503]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1593: assignment: Assigning: &quot;hob&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1610: const: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/ide/core.c:1610: dead_error_condition: The condition &quot;!hob&quot; must be true.
>qemu-kvm-1.2.0/hw/ide/core.c:1613: dead_error_line: Execution cannot reach this statement &quot;ret = s-&gt;hob_nsector;&quot;.
>
><a name='def504'/>Error: DEADCODE (CWE-561): <a href ='#def504'>[#def504]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1593: assignment: Assigning: &quot;hob&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1618: const: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/ide/core.c:1618: dead_error_condition: The condition &quot;!hob&quot; must be true.
>qemu-kvm-1.2.0/hw/ide/core.c:1621: dead_error_line: Execution cannot reach this statement &quot;ret = s-&gt;hob_sector;&quot;.
>
><a name='def505'/>Error: DEADCODE (CWE-561): <a href ='#def505'>[#def505]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1593: assignment: Assigning: &quot;hob&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1626: const: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/ide/core.c:1626: dead_error_condition: The condition &quot;!hob&quot; must be true.
>qemu-kvm-1.2.0/hw/ide/core.c:1629: dead_error_line: Execution cannot reach this statement &quot;ret = s-&gt;hob_lcyl;&quot;.
>
><a name='def506'/>Error: DEADCODE (CWE-561): <a href ='#def506'>[#def506]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:1593: assignment: Assigning: &quot;hob&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:1634: const: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/ide/core.c:1634: dead_error_condition: The condition &quot;!hob&quot; must be true.
>qemu-kvm-1.2.0/hw/ide/core.c:1637: dead_error_line: Execution cannot reach this statement &quot;ret = s-&gt;hob_hcyl;&quot;.
>
><a name='def507'/>Error: DEADCODE (CWE-561): <a href ='#def507'>[#def507]</a>
>qemu-kvm-1.2.0/hw/ide/core.c:914: assignment: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.
>qemu-kvm-1.2.0/hw/ide/core.c:917: cond_const: Condition &quot;addr != 7U&quot;, taking false branch. Now the value of &quot;addr&quot; is equal to 7.
>qemu-kvm-1.2.0/hw/ide/core.c:920: between: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/hw/ide/core.c:920: dead_error_condition: The switch value &quot;addr&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/ide/core.c:966: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def508'/>Error: DEADCODE (CWE-561): <a href ='#def508'>[#def508]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1168: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1168: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1168: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def509'/>Error: DEADCODE (CWE-561): <a href ='#def509'>[#def509]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1173: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1173: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1173: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def510'/>Error: DEADCODE (CWE-561): <a href ='#def510'>[#def510]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1178: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1178: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1178: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def511'/>Error: DEADCODE (CWE-561): <a href ='#def511'>[#def511]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1183: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1183: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1183: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def512'/>Error: DEADCODE (CWE-561): <a href ='#def512'>[#def512]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1188: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1188: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1188: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def513'/>Error: DEADCODE (CWE-561): <a href ='#def513'>[#def513]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1164: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1193: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1193: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1193: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def514'/>Error: DEADCODE (CWE-561): <a href ='#def514'>[#def514]</a>
>qemu-kvm-1.2.0/qapi-visit.c:699: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:705: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:705: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:705: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def515'/>Error: DEADCODE (CWE-561): <a href ='#def515'>[#def515]</a>
>qemu-kvm-1.2.0/qapi-visit.c:761: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:768: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:768: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:768: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockDeviceInfo(...&quot;.
>
><a name='def516'/>Error: DEADCODE (CWE-561): <a href ='#def516'>[#def516]</a>
>qemu-kvm-1.2.0/qapi-visit.c:761: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:773: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:773: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:773: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def517'/>Error: DEADCODE (CWE-561): <a href ='#def517'>[#def517]</a>
>qemu-kvm-1.2.0/qapi-visit.c:761: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:778: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:778: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:778: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockDeviceIoSta...&quot;.
>
><a name='def518'/>Error: DEADCODE (CWE-561): <a href ='#def518'>[#def518]</a>
>qemu-kvm-1.2.0/qapi-visit.c:869: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:872: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:872: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:872: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def519'/>Error: DEADCODE (CWE-561): <a href ='#def519'>[#def519]</a>
>qemu-kvm-1.2.0/qapi-visit.c:869: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:878: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:878: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:878: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockStats(m, (o...&quot;.
>
><a name='def520'/>Error: DEADCODE (CWE-561): <a href ='#def520'>[#def520]</a>
>qemu-kvm-1.2.0/qapi-visit.c:635: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:641: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:641: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:641: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def521'/>Error: DEADCODE (CWE-561): <a href ='#def521'>[#def521]</a>
>qemu-kvm-1.2.0/qapi-visit.c:635: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:646: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:646: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:646: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def522'/>Error: DEADCODE (CWE-561): <a href ='#def522'>[#def522]</a>
>qemu-kvm-1.2.0/qapi-visit.c:635: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:651: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:651: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:651: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def523'/>Error: DEADCODE (CWE-561): <a href ='#def523'>[#def523]</a>
>qemu-kvm-1.2.0/qapi-visit.c:635: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:656: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:656: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:656: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.
>
><a name='def524'/>Error: DEADCODE (CWE-561): <a href ='#def524'>[#def524]</a>
>qemu-kvm-1.2.0/qapi-visit.c:973: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:977: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:977: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:977: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def525'/>Error: DEADCODE (CWE-561): <a href ='#def525'>[#def525]</a>
>qemu-kvm-1.2.0/qapi-visit.c:973: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:982: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:982: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:982: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def526'/>Error: DEADCODE (CWE-561): <a href ='#def526'>[#def526]</a>
>qemu-kvm-1.2.0/qapi-visit.c:973: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:987: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:987: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:987: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def527'/>Error: DEADCODE (CWE-561): <a href ='#def527'>[#def527]</a>
>qemu-kvm-1.2.0/qapi-visit.c:973: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:992: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:992: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:992: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def528'/>Error: DEADCODE (CWE-561): <a href ='#def528'>[#def528]</a>
>qemu-kvm-1.2.0/qapi-visit.c:973: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:997: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:997: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:997: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_VncClientInfoLis...&quot;.
>
><a name='def529'/>Error: DEADCODE (CWE-561): <a href ='#def529'>[#def529]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1854: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1857: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1857: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1857: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def530'/>Error: DEADCODE (CWE-561): <a href ='#def530'>[#def530]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1854: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1862: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1862: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1862: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def531'/>Error: DEADCODE (CWE-561): <a href ='#def531'>[#def531]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1854: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1867: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1867: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1867: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def532'/>Error: DEADCODE (CWE-561): <a href ='#def532'>[#def532]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1854: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1872: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1872: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1872: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def533'/>Error: DEADCODE (CWE-561): <a href ='#def533'>[#def533]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1854: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1877: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1877: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1877: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint32(m, (obj ?...&quot;.
>
><a name='def534'/>Error: DEADCODE (CWE-561): <a href ='#def534'>[#def534]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2335: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2338: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2338: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2338: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def535'/>Error: DEADCODE (CWE-561): <a href ='#def535'>[#def535]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2335: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2343: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2343: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2343: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def536'/>Error: DEADCODE (CWE-561): <a href ='#def536'>[#def536]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2285: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2288: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2288: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2288: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_size(m, (obj ? &amp;...&quot;.
>
><a name='def537'/>Error: DEADCODE (CWE-561): <a href ='#def537'>[#def537]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2285: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2293: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2293: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2293: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def538'/>Error: DEADCODE (CWE-561): <a href ='#def538'>[#def538]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2158: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2158: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2158: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def539'/>Error: DEADCODE (CWE-561): <a href ='#def539'>[#def539]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2163: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2163: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2163: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def540'/>Error: DEADCODE (CWE-561): <a href ='#def540'>[#def540]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2168: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2168: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2168: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def541'/>Error: DEADCODE (CWE-561): <a href ='#def541'>[#def541]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2173: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2173: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2173: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def542'/>Error: DEADCODE (CWE-561): <a href ='#def542'>[#def542]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2178: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2178: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2178: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def543'/>Error: DEADCODE (CWE-561): <a href ='#def543'>[#def543]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2155: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2183: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2183: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2183: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def544'/>Error: DEADCODE (CWE-561): <a href ='#def544'>[#def544]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2068: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2068: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2068: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def545'/>Error: DEADCODE (CWE-561): <a href ='#def545'>[#def545]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2073: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2073: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2073: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def546'/>Error: DEADCODE (CWE-561): <a href ='#def546'>[#def546]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2078: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2078: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2078: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def547'/>Error: DEADCODE (CWE-561): <a href ='#def547'>[#def547]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2083: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2083: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2083: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def548'/>Error: DEADCODE (CWE-561): <a href ='#def548'>[#def548]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2088: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2088: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2088: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def549'/>Error: DEADCODE (CWE-561): <a href ='#def549'>[#def549]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2093: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2093: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2093: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_size(m, (obj ? &amp;...&quot;.
>
><a name='def550'/>Error: DEADCODE (CWE-561): <a href ='#def550'>[#def550]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2098: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2098: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2098: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def551'/>Error: DEADCODE (CWE-561): <a href ='#def551'>[#def551]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2103: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2103: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2103: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def552'/>Error: DEADCODE (CWE-561): <a href ='#def552'>[#def552]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2108: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2108: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2108: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def553'/>Error: DEADCODE (CWE-561): <a href ='#def553'>[#def553]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2065: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2113: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2113: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2113: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def554'/>Error: DEADCODE (CWE-561): <a href ='#def554'>[#def554]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1963: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1963: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1963: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def555'/>Error: DEADCODE (CWE-561): <a href ='#def555'>[#def555]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1968: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1968: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1968: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def556'/>Error: DEADCODE (CWE-561): <a href ='#def556'>[#def556]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1973: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1973: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1973: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def557'/>Error: DEADCODE (CWE-561): <a href ='#def557'>[#def557]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1978: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1978: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1978: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def558'/>Error: DEADCODE (CWE-561): <a href ='#def558'>[#def558]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1983: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1983: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1983: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def559'/>Error: DEADCODE (CWE-561): <a href ='#def559'>[#def559]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1988: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1988: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1988: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def560'/>Error: DEADCODE (CWE-561): <a href ='#def560'>[#def560]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1993: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1993: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1993: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def561'/>Error: DEADCODE (CWE-561): <a href ='#def561'>[#def561]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1998: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:1998: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:1998: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def562'/>Error: DEADCODE (CWE-561): <a href ='#def562'>[#def562]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2003: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2003: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2003: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def563'/>Error: DEADCODE (CWE-561): <a href ='#def563'>[#def563]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2008: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2008: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2008: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def564'/>Error: DEADCODE (CWE-561): <a href ='#def564'>[#def564]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2013: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2013: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2013: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def565'/>Error: DEADCODE (CWE-561): <a href ='#def565'>[#def565]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2018: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2018: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2018: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_StringList(m, (o...&quot;.
>
><a name='def566'/>Error: DEADCODE (CWE-561): <a href ='#def566'>[#def566]</a>
>qemu-kvm-1.2.0/qapi-visit.c:1960: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2023: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2023: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2023: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_StringList(m, (o...&quot;.
>
><a name='def567'/>Error: DEADCODE (CWE-561): <a href ='#def567'>[#def567]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2225: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2228: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2228: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2228: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def568'/>Error: DEADCODE (CWE-561): <a href ='#def568'>[#def568]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2225: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2233: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2233: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2233: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint16(m, (obj ?...&quot;.
>
><a name='def569'/>Error: DEADCODE (CWE-561): <a href ='#def569'>[#def569]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2225: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2238: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2238: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2238: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def570'/>Error: DEADCODE (CWE-561): <a href ='#def570'>[#def570]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2225: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2243: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2243: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2243: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint16(m, (obj ?...&quot;.
>
><a name='def571'/>Error: DEADCODE (CWE-561): <a href ='#def571'>[#def571]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2505: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2508: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2508: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2508: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int32(m, (obj ? ...&quot;.
>
><a name='def572'/>Error: DEADCODE (CWE-561): <a href ='#def572'>[#def572]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2505: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2513: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2513: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2513: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def573'/>Error: DEADCODE (CWE-561): <a href ='#def573'>[#def573]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2505: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2518: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2518: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2518: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def574'/>Error: DEADCODE (CWE-561): <a href ='#def574'>[#def574]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2603: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2607: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2607: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2607: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def575'/>Error: DEADCODE (CWE-561): <a href ='#def575'>[#def575]</a>
>qemu-kvm-1.2.0/qapi-visit.c:2603: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2612: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qapi-visit.c:2612: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qapi-visit.c:2612: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.
>
><a name='def576'/>Error: DEADCODE (CWE-561): <a href ='#def576'>[#def576]</a>
>qemu-kvm-1.2.0/target-microblaze/translate.c:1494: assignment: Assigning: &quot;fpu_insn&quot; = &quot;(dc-&gt;ir &gt;&gt; 7) &amp; 7U&quot;.
>qemu-kvm-1.2.0/target-microblaze/translate.c:1496: between: When switching on &quot;fpu_insn&quot;, the value of &quot;fpu_insn&quot; must be between 0 and 7.
>qemu-kvm-1.2.0/target-microblaze/translate.c:1496: dead_error_condition: The switch value &quot;fpu_insn&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-microblaze/translate.c:1578: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def577'/>Error: DEADCODE (CWE-561): <a href ='#def577'>[#def577]</a>
>qemu-kvm-1.2.0/target-microblaze/translate.c:650: assignment: Assigning: &quot;subcode&quot; = &quot;dc-&gt;imm &amp; 3&quot;.
>qemu-kvm-1.2.0/target-microblaze/translate.c:661: cond_const: Condition &quot;subcode &gt;= 1U&quot;, taking false branch. Now the value of &quot;subcode&quot; is equal to 0.
>qemu-kvm-1.2.0/target-microblaze/translate.c:661: cond_between: Condition &quot;subcode &gt;= 1U&quot;, taking true branch. Now the value of &quot;subcode&quot; is between 1 and 3.
>qemu-kvm-1.2.0/target-microblaze/translate.c:666: between: When switching on &quot;subcode&quot;, the value of &quot;subcode&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/target-microblaze/translate.c:666: dead_error_condition: The switch value &quot;subcode&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-microblaze/translate.c:683: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def578'/>Error: DEADCODE (CWE-561): <a href ='#def578'>[#def578]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3082: equality_cond: Jumping to case &quot;14&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3083: equality_cond: Jumping to case &quot;30&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3084: equality_cond: Jumping to case &quot;31&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3089: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[14,14], [30,31]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3089: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3099: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def579'/>Error: DEADCODE (CWE-561): <a href ='#def579'>[#def579]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3173: equality_cond: Jumping to case &quot;148&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3174: equality_cond: Jumping to case &quot;149&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3175: equality_cond: Jumping to case &quot;150&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3178: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 148 and 150.
>qemu-kvm-1.2.0/target-s390x/translate.c:3178: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3188: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def580'/>Error: DEADCODE (CWE-561): <a href ='#def580'>[#def580]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3194: equality_cond: Jumping to case &quot;152&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3195: equality_cond: Jumping to case &quot;153&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3196: equality_cond: Jumping to case &quot;154&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3200: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 152 and 154.
>qemu-kvm-1.2.0/target-s390x/translate.c:3200: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3210: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def581'/>Error: DEADCODE (CWE-561): <a href ='#def581'>[#def581]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3218: equality_cond: Jumping to case &quot;164&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3219: equality_cond: Jumping to case &quot;165&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3222: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 164 and 165.
>qemu-kvm-1.2.0/target-s390x/translate.c:3222: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3229: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def582'/>Error: DEADCODE (CWE-561): <a href ='#def582'>[#def582]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1522: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1523: equality_cond: Jumping to case &quot;24&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1524: equality_cond: Jumping to case &quot;26&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1521: equality_cond: Jumping to case &quot;8&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1539: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[8,8], [10,10], [24,24], [26,26]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:1539: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1548: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def583'/>Error: DEADCODE (CWE-561): <a href ='#def583'>[#def583]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1556: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1557: equality_cond: Jumping to case &quot;25&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1558: equality_cond: Jumping to case &quot;27&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1555: equality_cond: Jumping to case &quot;9&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1571: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[9,9], [11,11], [25,25], [27,27]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:1571: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1580: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def584'/>Error: DEADCODE (CWE-561): <a href ='#def584'>[#def584]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1760: equality_cond: Jumping to case &quot;118&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1761: equality_cond: Jumping to case &quot;119&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1764: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 118 and 119.
>qemu-kvm-1.2.0/target-s390x/translate.c:1764: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1773: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def585'/>Error: DEADCODE (CWE-561): <a href ='#def585'>[#def585]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1784: equality_cond: Jumping to case &quot;128&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1785: equality_cond: Jumping to case &quot;129&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1786: equality_cond: Jumping to case &quot;130&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1789: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 128 and 130.
>qemu-kvm-1.2.0/target-s390x/translate.c:1789: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1799: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def586'/>Error: DEADCODE (CWE-561): <a href ='#def586'>[#def586]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1637: equality_cond: Jumping to case &quot;32&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1643: equality_cond: Jumping to case &quot;32&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1638: equality_cond: Jumping to case &quot;33&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1644: equality_cond: Jumping to case &quot;33&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1639: equality_cond: Jumping to case &quot;48&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1647: equality_cond: Jumping to case &quot;48&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1640: equality_cond: Jumping to case &quot;49&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1650: equality_cond: Jumping to case &quot;49&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1656: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[32,33], [48,49]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:1656: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1665: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def587'/>Error: DEADCODE (CWE-561): <a href ='#def587'>[#def587]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1637: equality_cond: Jumping to case &quot;32&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1638: equality_cond: Jumping to case &quot;33&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1639: equality_cond: Jumping to case &quot;48&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1640: equality_cond: Jumping to case &quot;49&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1642: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[32,33], [48,49]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:1642: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1653: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def588'/>Error: DEADCODE (CWE-561): <a href ='#def588'>[#def588]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1709: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1719: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1710: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1722: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1729: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 90 and 91.
>qemu-kvm-1.2.0/target-s390x/translate.c:1729: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1736: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def589'/>Error: DEADCODE (CWE-561): <a href ='#def589'>[#def589]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1709: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1710: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1718: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 90 and 91.
>qemu-kvm-1.2.0/target-s390x/translate.c:1718: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:1725: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def590'/>Error: DEADCODE (CWE-561): <a href ='#def590'>[#def590]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:1978: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1979: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1976: equality_cond: Jumping to case &quot;12&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1977: equality_cond: Jumping to case &quot;13&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1980: equality_cond: Jumping to case &quot;28&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:1987: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[10,13], [28,28]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:1987: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2012: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def591'/>Error: DEADCODE (CWE-561): <a href ='#def591'>[#def591]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2049: equality_cond: Jumping to case &quot;150&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2062: equality_cond: Jumping to case &quot;150&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2045: equality_cond: Jumping to case &quot;36&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2075: equality_cond: Jumping to case &quot;36&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2048: equality_cond: Jumping to case &quot;38&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2078: equality_cond: Jumping to case &quot;38&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2044: equality_cond: Jumping to case &quot;4&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2059: equality_cond: Jumping to case &quot;4&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2058: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [36,36], [38,38], [150,150]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:2058: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2084: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def592'/>Error: DEADCODE (CWE-561): <a href ='#def592'>[#def592]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:2021: equality_cond: Jumping to case &quot;29&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:2031: const: When switching on &quot;op&quot;, the value of &quot;op&quot; must be equal to 29.
>qemu-kvm-1.2.0/target-s390x/translate.c:2031: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:2035: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def593'/>Error: DEADCODE (CWE-561): <a href ='#def593'>[#def593]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def594'/>Error: DEADCODE (CWE-561): <a href ='#def594'>[#def594]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def595'/>Error: DEADCODE (CWE-561): <a href ='#def595'>[#def595]</a>
>qemu-kvm-1.2.0/softmmu_template.h:288: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:289: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def596'/>Error: DEADCODE (CWE-561): <a href ='#def596'>[#def596]</a>
>qemu-kvm-1.2.0/hw/qdev-monitor.c:434: cond_notnull: Condition &quot;bus&quot;, taking true branch. Now the value of &quot;bus&quot; is not NULL.
>qemu-kvm-1.2.0/hw/qdev-monitor.c:455: notnull: At condition &quot;bus&quot;, the value of &quot;bus&quot; cannot be NULL.
>qemu-kvm-1.2.0/hw/qdev-monitor.c:455: dead_error_condition: The condition &quot;!bus&quot; cannot be true.
>qemu-kvm-1.2.0/hw/qdev-monitor.c:456: dead_error_line: Execution cannot reach this statement &quot;bus = sysbus_get_default();&quot;.
>
><a name='def597'/>Error: DEADCODE (CWE-561): <a href ='#def597'>[#def597]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:524: dead_error_condition: The switch value &quot;idx &amp; 3&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:534: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def598'/>Error: DEADCODE (CWE-561): <a href ='#def598'>[#def598]</a>
>qemu-kvm-1.2.0/hw/kvmvapic.c:513: assignment: Assigning: &quot;patches&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/kvmvapic.c:546: const: At condition &quot;patches != 0&quot;, the value of &quot;patches&quot; must be equal to 0.
>qemu-kvm-1.2.0/hw/kvmvapic.c:546: dead_error_condition: The condition &quot;patches != 0&quot; cannot be true.
>qemu-kvm-1.2.0/hw/kvmvapic.c:546: dead_error_line: Execution cannot reach this expression &quot;patches != 2&quot; inside statement &quot;if (patches != 0 &amp;&amp; patches...&quot;.
>
><a name='def599'/>Error: DEADCODE (CWE-561): <a href ='#def599'>[#def599]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:563: dead_error_condition: The switch value &quot;idx &amp; 3&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:573: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def600'/>Error: DEADCODE (CWE-561): <a href ='#def600'>[#def600]</a>
>qemu-kvm-1.2.0/monitor.c:3538: cond_const: Condition &quot;op != 37&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 37.
>qemu-kvm-1.2.0/monitor.c:3538: cond_const: Condition &quot;op != 42&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 42.
>qemu-kvm-1.2.0/monitor.c:3538: cond_const: Condition &quot;op != 47&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 47.
>qemu-kvm-1.2.0/monitor.c:3542: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[37,37], [42,42], [47,47]}.
>qemu-kvm-1.2.0/monitor.c:3542: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/monitor.c:3543: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def601'/>Error: DEADCODE (CWE-561): <a href ='#def601'>[#def601]</a>
>qemu-kvm-1.2.0/monitor.c:3569: cond_const: Condition &quot;op != 124&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 124.
>qemu-kvm-1.2.0/monitor.c:3569: cond_const: Condition &quot;op != 38&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 38.
>qemu-kvm-1.2.0/monitor.c:3569: cond_const: Condition &quot;op != 94&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 94.
>qemu-kvm-1.2.0/monitor.c:3573: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[38,38], [94,94], [124,124]}.
>qemu-kvm-1.2.0/monitor.c:3573: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/monitor.c:3574: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def602'/>Error: DEADCODE (CWE-561): <a href ='#def602'>[#def602]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:8385: equality_cond: Jumping to case &quot;0&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8386: equality_cond: Jumping to case &quot;1&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8400: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8389: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8403: equality_cond: Jumping to case &quot;12&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8404: equality_cond: Jumping to case &quot;13&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8407: equality_cond: Jumping to case &quot;14&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8387: equality_cond: Jumping to case &quot;2&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8388: equality_cond: Jumping to case &quot;3&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8392: equality_cond: Jumping to case &quot;4&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8393: equality_cond: Jumping to case &quot;5&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8394: equality_cond: Jumping to case &quot;6&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8395: equality_cond: Jumping to case &quot;7&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8398: equality_cond: Jumping to case &quot;8&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8399: equality_cond: Jumping to case &quot;9&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:8479: between: When switching on &quot;aregs&quot;, the value of &quot;aregs&quot; must be between 0 and 14.
>qemu-kvm-1.2.0/target-mips/translate.c:8479: dead_error_condition: The switch value &quot;aregs&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-mips/translate.c:8505: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def603'/>Error: DEADCODE (CWE-561): <a href ='#def603'>[#def603]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:2740: equality_cond: Jumping to case &quot;1342177280U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2772: equality_cond: Jumping to case &quot;134217728U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2742: equality_cond: Jumping to case &quot;1409286144U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2759: equality_cond: Jumping to case &quot;1476395008U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2757: equality_cond: Jumping to case &quot;1543503872U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2774: equality_cond: Jumping to case &quot;1946157056U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2776: equality_cond: Jumping to case &quot;1946157061U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2773: equality_cond: Jumping to case &quot;201326592U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2775: equality_cond: Jumping to case &quot;201326597U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2739: equality_cond: Jumping to case &quot;268435456U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2782: equality_cond: Jumping to case &quot;329U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2741: equality_cond: Jumping to case &quot;335544320U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2783: equality_cond: Jumping to case &quot;336U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2758: equality_cond: Jumping to case &quot;402653184U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2756: equality_cond: Jumping to case &quot;469762048U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2760: equality_cond: Jumping to case &quot;67108864U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2751: equality_cond: Jumping to case &quot;67174400U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2764: equality_cond: Jumping to case &quot;67239936U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2755: equality_cond: Jumping to case &quot;67305472U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2761: equality_cond: Jumping to case &quot;68157440U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2762: equality_cond: Jumping to case &quot;68157445U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2752: equality_cond: Jumping to case &quot;68222976U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2753: equality_cond: Jumping to case &quot;68222981U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2763: equality_cond: Jumping to case &quot;68288512U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2754: equality_cond: Jumping to case &quot;68354048U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2780: equality_cond: Jumping to case &quot;8U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2781: equality_cond: Jumping to case &quot;9U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2801: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[8,9], [329,329], [336,336], [67108864,67108864], [67174400,67174400], [67239936,67239936], [67305472,67305472], [68157440,68157440], [68157445,68157445], [68222976,68222976], [68222981,68222981], [68288512,68288512], [68354048,68354048], [134217728,134217728], [201326592,201326592], [201326597,201326597], [268435456,268435456], [335544320,335544320], [402653184,402653184], [469762048,469762048], [1342177280,1342177280], [1409286144,1409286144], [1476395008,1476395008], [1543503872,1543503872], [1946157056,1946157056], [1946157061,1946157061]}.
>qemu-kvm-1.2.0/target-mips/translate.c:2801: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-mips/translate.c:2887: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def604'/>Error: DEADCODE (CWE-561): <a href ='#def604'>[#def604]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:2740: equality_cond: Jumping to case &quot;1342177280U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2742: equality_cond: Jumping to case &quot;1409286144U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2759: equality_cond: Jumping to case &quot;1476395008U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2757: equality_cond: Jumping to case &quot;1543503872U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2739: equality_cond: Jumping to case &quot;268435456U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2741: equality_cond: Jumping to case &quot;335544320U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2758: equality_cond: Jumping to case &quot;402653184U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2756: equality_cond: Jumping to case &quot;469762048U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2760: equality_cond: Jumping to case &quot;67108864U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2751: equality_cond: Jumping to case &quot;67174400U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2764: equality_cond: Jumping to case &quot;67239936U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2755: equality_cond: Jumping to case &quot;67305472U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2761: equality_cond: Jumping to case &quot;68157440U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2762: equality_cond: Jumping to case &quot;68157445U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2752: equality_cond: Jumping to case &quot;68222976U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2753: equality_cond: Jumping to case &quot;68222981U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2763: equality_cond: Jumping to case &quot;68288512U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2754: equality_cond: Jumping to case &quot;68354048U&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:2893: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[67108864,67108864], [67174400,67174400], [67239936,67239936], [67305472,67305472], [68157440,68157440], [68157445,68157445], [68222976,68222976], [68222981,68222981], [68288512,68288512], [68354048,68354048], [268435456,268435456], [335544320,335544320], [402653184,402653184], [469762048,469762048], [1342177280,1342177280], [1409286144,1409286144], [1476395008,1476395008], [1543503872,1543503872]}.
>qemu-kvm-1.2.0/target-mips/translate.c:2893: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-mips/translate.c:2978: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def605'/>Error: DEADCODE (CWE-561): <a href ='#def605'>[#def605]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:3609: equality_cond: Jumping to case &quot;298&quot;.
>qemu-kvm-1.2.0/target-i386/translate.c:3608: equality_cond: Jumping to case &quot;42&quot;.
>qemu-kvm-1.2.0/target-i386/translate.c:3622: intervals: When switching on &quot;b &gt;&gt; 8&quot;, the value of &quot;b&quot; must be in one of the following intervals: {[42,42], [298,298]}.
>qemu-kvm-1.2.0/target-i386/translate.c:3622: dead_error_condition: The switch value &quot;b &gt;&gt; 8&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-i386/translate.c:3626: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def606'/>Error: DEADCODE (CWE-561): <a href ='#def606'>[#def606]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3337: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3336: equality_cond: Jumping to case &quot;8&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3343: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[8,8], [10,10]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3343: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3350: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def607'/>Error: DEADCODE (CWE-561): <a href ='#def607'>[#def607]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3358: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3360: equality_cond: Jumping to case &quot;25&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3369: equality_cond: Jumping to case &quot;25&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3359: equality_cond: Jumping to case &quot;27&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3363: equality_cond: Jumping to case &quot;27&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3357: equality_cond: Jumping to case &quot;9&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3382: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[9,9], [11,11], [25,25], [27,27]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3382: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3391: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def608'/>Error: DEADCODE (CWE-561): <a href ='#def608'>[#def608]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3521: equality_cond: Jumping to case &quot;128&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3522: equality_cond: Jumping to case &quot;129&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3523: equality_cond: Jumping to case &quot;130&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3526: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 128 and 130.
>qemu-kvm-1.2.0/target-s390x/translate.c:3526: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3536: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def609'/>Error: DEADCODE (CWE-561): <a href ='#def609'>[#def609]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3718: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3719: equality_cond: Jumping to case &quot;13&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3717: equality_cond: Jumping to case &quot;7&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3721: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[7,7], [11,11], [13,13]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3721: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3731: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def610'/>Error: DEADCODE (CWE-561): <a href ='#def610'>[#def610]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3780: equality_cond: Jumping to case &quot;10&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3779: equality_cond: Jumping to case &quot;4&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3784: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [10,10]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3784: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3793: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def611'/>Error: DEADCODE (CWE-561): <a href ='#def611'>[#def611]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:3802: equality_cond: Jumping to case &quot;11&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3801: equality_cond: Jumping to case &quot;5&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:3806: intervals: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[5,5], [11,11]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:3806: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:3815: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def612'/>Error: DEADCODE (CWE-561): <a href ='#def612'>[#def612]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def613'/>Error: DEADCODE (CWE-561): <a href ='#def613'>[#def613]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def614'/>Error: DEADCODE (CWE-561): <a href ='#def614'>[#def614]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:6578: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6593: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6608: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6623: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6976: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6992: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:7008: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:7024: assignment: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:6561: assignment: Assigning: &quot;optype&quot; = &quot;OTHEROP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:7746: intervals: When switching on &quot;optype&quot;, the value of &quot;optype&quot; must be in one of the following intervals: {[0,0], [2,2]}.
>qemu-kvm-1.2.0/target-mips/translate.c:7750: dead_error_condition: The switch value &quot;optype&quot; cannot be &quot;CMPOP&quot;.
>qemu-kvm-1.2.0/target-mips/translate.c:7750: dead_error_begin: Execution cannot reach this statement &quot;case CMPOP:&quot;.
>
><a name='def615'/>Error: DEADCODE (CWE-561): <a href ='#def615'>[#def615]</a>
>qemu-kvm-1.2.0/target-m68k/translate.c:587: dead_error_condition: The switch value &quot;(insn &gt;&gt; 3) &amp; 7&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-m68k/translate.c:677: dead_error_line: Execution cannot reach this statement &quot;return NULL_QREG;&quot;.
>
><a name='def616'/>Error: DEADCODE (CWE-561): <a href ='#def616'>[#def616]</a>
>qemu-kvm-1.2.0/target-m68k/translate.c:1142: assignment: Assigning: &quot;op&quot; = &quot;(insn &gt;&gt; 6) &amp; 3&quot;.
>qemu-kvm-1.2.0/target-m68k/translate.c:1173: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 1 and 3.
>qemu-kvm-1.2.0/target-m68k/translate.c:1151: cond_cannot_single: Condition &quot;op&quot;, taking true branch. Now the value of &quot;op&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-m68k/translate.c:1173: cannot_single: When switching on &quot;op&quot;, the value of &quot;op&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-m68k/translate.c:1173: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-m68k/translate.c:1183: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def617'/>Error: DEADCODE (CWE-561): <a href ='#def617'>[#def617]</a>
>qemu-kvm-1.2.0/target-m68k/translate.c:510: dead_error_condition: The switch value &quot;(insn &gt;&gt; 3) &amp; 7&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-m68k/translate.c:554: dead_error_line: Execution cannot reach this statement &quot;return NULL_QREG;&quot;.
>
><a name='def618'/>Error: DEADCODE (CWE-561): <a href ='#def618'>[#def618]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def619'/>Error: DEADCODE (CWE-561): <a href ='#def619'>[#def619]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def620'/>Error: DEADCODE (CWE-561): <a href ='#def620'>[#def620]</a>
>qemu-kvm-1.2.0/softmmu_template.h:143: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:144: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def621'/>Error: DEADCODE (CWE-561): <a href ='#def621'>[#def621]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def622'/>Error: DEADCODE (CWE-561): <a href ='#def622'>[#def622]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def623'/>Error: DEADCODE (CWE-561): <a href ='#def623'>[#def623]</a>
>qemu-kvm-1.2.0/softmmu_template.h:288: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:289: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def624'/>Error: DEADCODE (CWE-561): <a href ='#def624'>[#def624]</a>
>qemu-kvm-1.2.0/hw/vga.c:791: assignment: Assigning: &quot;memory_map_mode&quot; = &quot;(s-&gt;gr[6] &gt;&gt; 2) &amp; 3&quot;.
>qemu-kvm-1.2.0/hw/vga.c:793: between: When switching on &quot;memory_map_mode&quot;, the value of &quot;memory_map_mode&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/hw/vga.c:793: dead_error_condition: The switch value &quot;memory_map_mode&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/vga.c:806: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def625'/>Error: DEADCODE (CWE-561): <a href ='#def625'>[#def625]</a>
>qemu-kvm-1.2.0/hw/vga.c:851: assignment: Assigning: &quot;memory_map_mode&quot; = &quot;(s-&gt;gr[6] &gt;&gt; 2) &amp; 3&quot;.
>qemu-kvm-1.2.0/hw/vga.c:853: between: When switching on &quot;memory_map_mode&quot;, the value of &quot;memory_map_mode&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/hw/vga.c:853: dead_error_condition: The switch value &quot;memory_map_mode&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/vga.c:866: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def626'/>Error: DEADCODE (CWE-561): <a href ='#def626'>[#def626]</a>
>qemu-kvm-1.2.0/hw/vga.c:901: assignment: Assigning: &quot;write_mode&quot; = &quot;s-&gt;gr[5] &amp; 3&quot;.
>qemu-kvm-1.2.0/hw/vga.c:902: between: When switching on &quot;write_mode&quot;, the value of &quot;write_mode&quot; must be between 0 and 3.
>qemu-kvm-1.2.0/hw/vga.c:902: dead_error_condition: The switch value &quot;write_mode&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/vga.c:903: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def627'/>Error: DEADCODE (CWE-561): <a href ='#def627'>[#def627]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def628'/>Error: DEADCODE (CWE-561): <a href ='#def628'>[#def628]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def629'/>Error: DEADCODE (CWE-561): <a href ='#def629'>[#def629]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:8733: equality_cond: Jumping to case &quot;251&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8736: equality_cond: Jumping to case &quot;315&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8753: intervals: When switching on &quot;num&quot;, the value of &quot;num&quot; must be in one of the following intervals: {[251,251], [315,315]}.
>qemu-kvm-1.2.0/linux-user/syscall.c:8753: dead_error_condition: The switch value &quot;num&quot; cannot reach the default case.
>qemu-kvm-1.2.0/linux-user/syscall.c:8782: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def630'/>Error: DEADCODE (CWE-561): <a href ='#def630'>[#def630]</a>
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:613: assignment: Assigning: &quot;cert_count&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:616: incr: Incrementing &quot;cert_count&quot;. The value of &quot;cert_count&quot; is now 1.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:616: incr: Incrementing &quot;cert_count&quot;. The value of &quot;cert_count&quot; is now 2.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:619: at_least: At condition &quot;cert_count == 0&quot;, the value of &quot;cert_count&quot; must be at least 1.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:619: dead_error_condition: The condition &quot;cert_count == 0&quot; cannot be true.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:620: dead_error_begin: Execution cannot reach this statement &quot;PK11_DestroyGenericObjects(...&quot;.
>
><a name='def631'/>Error: DEADCODE (CWE-561): <a href ='#def631'>[#def631]</a>
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:452: dead_error_condition: The switch value &quot;(tlb-&gt;tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:453: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def632'/>Error: DEADCODE (CWE-561): <a href ='#def632'>[#def632]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4563: equality_cond: Jumping to case &quot;136&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4564: equality_cond: Jumping to case &quot;137&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4565: equality_cond: Jumping to case &quot;138&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4573: between: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be between 136 and 138.
>qemu-kvm-1.2.0/target-s390x/translate.c:4573: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4584: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def633'/>Error: DEADCODE (CWE-561): <a href ='#def633'>[#def633]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4666: equality_cond: Jumping to case &quot;148&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4667: equality_cond: Jumping to case &quot;150&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4668: equality_cond: Jumping to case &quot;151&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4673: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[148,148], [150,151]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:4673: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4683: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def634'/>Error: DEADCODE (CWE-561): <a href ='#def634'>[#def634]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4967: equality_cond: Jumping to case &quot;192&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4968: equality_cond: Jumping to case &quot;194&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4973: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[192,192], [194,194]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:4973: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4980: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def635'/>Error: DEADCODE (CWE-561): <a href ='#def635'>[#def635]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4984: equality_cond: Jumping to case &quot;210&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4985: equality_cond: Jumping to case &quot;212&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4986: equality_cond: Jumping to case &quot;213&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4987: equality_cond: Jumping to case &quot;214&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4988: equality_cond: Jumping to case &quot;215&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4989: equality_cond: Jumping to case &quot;220&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4990: equality_cond: Jumping to case &quot;243&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4999: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[210,210], [212,215], [220,220], [243,243]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:4999: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:5030: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def636'/>Error: DEADCODE (CWE-561): <a href ='#def636'>[#def636]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4238: equality_cond: Jumping to case &quot;74&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4239: equality_cond: Jumping to case &quot;75&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4240: equality_cond: Jumping to case &quot;76&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4250: between: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be between 74 and 76.
>qemu-kvm-1.2.0/target-s390x/translate.c:4250: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4262: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def637'/>Error: DEADCODE (CWE-561): <a href ='#def637'>[#def637]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4361: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4373: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4362: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4377: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4363: equality_cond: Jumping to case &quot;94&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4374: equality_cond: Jumping to case &quot;94&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4364: equality_cond: Jumping to case &quot;95&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4378: equality_cond: Jumping to case &quot;95&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4385: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[90,91], [94,95]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:4385: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4398: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def638'/>Error: DEADCODE (CWE-561): <a href ='#def638'>[#def638]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:4361: equality_cond: Jumping to case &quot;90&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4362: equality_cond: Jumping to case &quot;91&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4363: equality_cond: Jumping to case &quot;94&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4364: equality_cond: Jumping to case &quot;95&quot;.
>qemu-kvm-1.2.0/target-s390x/translate.c:4372: intervals: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[90,91], [94,95]}.
>qemu-kvm-1.2.0/target-s390x/translate.c:4372: dead_error_condition: The switch value &quot;opc&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-s390x/translate.c:4381: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def639'/>Error: DEADCODE (CWE-561): <a href ='#def639'>[#def639]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def640'/>Error: DEADCODE (CWE-561): <a href ='#def640'>[#def640]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def641'/>Error: DEADCODE (CWE-561): <a href ='#def641'>[#def641]</a>
>qemu-kvm-1.2.0/softmmu_template.h:288: dead_error_condition: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:289: dead_error_line: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.
>
><a name='def642'/>Error: DEADCODE (CWE-561): <a href ='#def642'>[#def642]</a>
>qemu-kvm-1.2.0/softmmu_template.h:170: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:171: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def643'/>Error: DEADCODE (CWE-561): <a href ='#def643'>[#def643]</a>
>qemu-kvm-1.2.0/softmmu_template.h:112: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:113: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def644'/>Error: DEADCODE (CWE-561): <a href ='#def644'>[#def644]</a>
>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:165: assignment: Assigning: &quot;op&quot; = &quot;(insn &gt;&gt; 7) &amp; 0xfU&quot;.
>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:170: between: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 0 and 15.
>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:170: dead_error_condition: The switch value &quot;op&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:304: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def645'/>Error: DEADCODE (CWE-561): <a href ='#def645'>[#def645]</a>
>qemu-kvm-1.2.0/hw/ide/cmd646.c:135: dead_error_condition: The switch value &quot;addr &amp; 3UL&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/ide/cmd646.c:152: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def646'/>Error: DEADCODE (CWE-561): <a href ='#def646'>[#def646]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:7977: dead_error_condition: The switch value &quot;(insn &gt;&gt; 25) &amp; 0xfU&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-arm/translate.c:8969: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def647'/>Error: DEADCODE (CWE-561): <a href ='#def647'>[#def647]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def648'/>Error: DEADCODE (CWE-561): <a href ='#def648'>[#def648]</a>
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:288: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.
>
><a name='def649'/>Error: DEADCODE (CWE-561): <a href ='#def649'>[#def649]</a>
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:288: cond_notnull: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: notnull: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: dead_error_condition: The condition &quot;obj&quot; must be true.
>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: dead_error_line: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_GuestIpAddressLi...&quot;.
>
><a name='def650'/>Error: DEADCODE (CWE-561): <a href ='#def650'>[#def650]</a>
>qemu-kvm-1.2.0/softmmu_template.h:313: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:314: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def651'/>Error: DEADCODE (CWE-561): <a href ='#def651'>[#def651]</a>
>qemu-kvm-1.2.0/softmmu_template.h:258: dead_error_condition: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.
>qemu-kvm-1.2.0/softmmu_template.h:259: dead_error_line: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.
>
><a name='def652'/>Error: DEADCODE (CWE-561): <a href ='#def652'>[#def652]</a>
>qemu-kvm-1.2.0/hw/esp-pci.c:108: dead_error_condition: The switch value &quot;val &amp; 3U&quot; cannot reach the default case.
>qemu-kvm-1.2.0/hw/esp-pci.c:121: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def653'/>Error: DEADCODE (CWE-561): <a href ='#def653'>[#def653]</a>
>qemu-kvm-1.2.0/arm-dis.c:3874: assignment: Assigning: &quot;is_data&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/arm-dis.c:4012: const: At condition &quot;is_data&quot;, the value of &quot;is_data&quot; must be equal to 0.
>qemu-kvm-1.2.0/arm-dis.c:4012: dead_error_condition: The condition &quot;is_data&quot; cannot be true.
>qemu-kvm-1.2.0/arm-dis.c:4014: dead_error_begin: Execution cannot reach this statement &quot;int i;&quot;.
>
><a name='def654'/>Error: DEADCODE (CWE-561): <a href ='#def654'>[#def654]</a>
>qemu-kvm-1.2.0/arm-dis.c:2320: assignment: Assigning: &quot;length&quot; = &quot;((given &gt;&gt; 8) &amp; 3L) + 1L&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2324: cond_const: Condition &quot;length &gt; 1&quot;, taking false branch. Now the value of &quot;length&quot; is equal to 1.
>qemu-kvm-1.2.0/arm-dis.c:2324: cond_between: Condition &quot;length &gt; 1&quot;, taking true branch. Now the value of &quot;length&quot; is between 2 and 4.
>qemu-kvm-1.2.0/arm-dis.c:2327: between: When switching on &quot;length&quot;, the value of &quot;length&quot; must be between 1 and 4.
>qemu-kvm-1.2.0/arm-dis.c:2327: dead_error_condition: The switch value &quot;length&quot; cannot reach the default case.
>qemu-kvm-1.2.0/arm-dis.c:2367: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def655'/>Error: DEADCODE (CWE-561): <a href ='#def655'>[#def655]</a>
>qemu-kvm-1.2.0/arm-dis.c:2466: assignment: Assigning: &quot;size&quot; = &quot;16&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2460: assignment: Assigning: &quot;size&quot; = &quot;32&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2473: assignment: Assigning: &quot;size&quot; = &quot;32&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2511: assignment: Assigning: &quot;size&quot; = &quot;32&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2493: assignment: Assigning: &quot;size&quot; = &quot;64&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2499: assignment: Assigning: &quot;size&quot; = &quot;8&quot;.
>qemu-kvm-1.2.0/arm-dis.c:2520: intervals: When switching on &quot;size&quot;, the value of &quot;size&quot; must be in one of the following intervals: {[8,8], [16,16], [32,32], [64,64]}.
>qemu-kvm-1.2.0/arm-dis.c:2520: dead_error_condition: The switch value &quot;size&quot; cannot reach the default case.
>qemu-kvm-1.2.0/arm-dis.c:2558: dead_error_begin: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def656'/>Error: DEADCODE (CWE-561): <a href ='#def656'>[#def656]</a>
>qemu-kvm-1.2.0/hw/mcf_uart.c:145: dead_error_condition: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;4&quot;.
>qemu-kvm-1.2.0/hw/mcf_uart.c:145: dead_error_begin: Execution cannot reach this statement &quot;case 4:&quot;.
>
><a name='def657'/>Error: DEADCODE (CWE-561): <a href ='#def657'>[#def657]</a>
>qemu-kvm-1.2.0/hw/mcf_uart.c:147: dead_error_condition: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;5&quot;.
>qemu-kvm-1.2.0/hw/mcf_uart.c:147: dead_error_begin: Execution cannot reach this statement &quot;case 5:&quot;.
>
><a name='def658'/>Error: DEADCODE (CWE-561): <a href ='#def658'>[#def658]</a>
>qemu-kvm-1.2.0/hw/mcf_uart.c:150: dead_error_condition: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;6&quot;.
>qemu-kvm-1.2.0/hw/mcf_uart.c:150: dead_error_line: Execution cannot reach this statement &quot;case 6:&quot;.
>
><a name='def659'/>Error: DEADCODE (CWE-561): <a href ='#def659'>[#def659]</a>
>qemu-kvm-1.2.0/hw/mcf_uart.c:151: dead_error_condition: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;7&quot;.
>qemu-kvm-1.2.0/hw/mcf_uart.c:151: dead_error_begin: Execution cannot reach this statement &quot;case 7:&quot;.
>
><a name='def660'/>Error: DEADCODE (CWE-561): <a href ='#def660'>[#def660]</a>
>qemu-kvm-1.2.0/target-i386/arch_dump.c:387: assignment: Assigning: &quot;lma&quot; = &quot;false&quot;.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:394: const: At condition &quot;lma&quot;, the value of &quot;lma&quot; must be equal to 0.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:394: dead_error_condition: The condition &quot;lma&quot; cannot be true.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:395: dead_error_line: Execution cannot reach this statement &quot;info-&gt;d_machine = 62;&quot;.
>
><a name='def661'/>Error: DEADCODE (CWE-561): <a href ='#def661'>[#def661]</a>
>qemu-kvm-1.2.0/target-i386/arch_dump.c:387: assignment: Assigning: &quot;lma&quot; = &quot;false&quot;.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:401: const: At condition &quot;lma&quot;, the value of &quot;lma&quot; must be equal to 0.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:401: dead_error_condition: The condition &quot;lma&quot; cannot be true.
>qemu-kvm-1.2.0/target-i386/arch_dump.c:402: dead_error_line: Execution cannot reach this statement &quot;info-&gt;d_class = 2;&quot;.
>
><a name='def662'/>Error: DEADCODE (CWE-561): <a href ='#def662'>[#def662]</a>
>qemu-kvm-1.2.0/sparc-dis.c:3053: dead_error_condition: The condition &quot;(unsigned int)((insn &gt;&gt; 14) &amp; 0x1fUL) &lt; 32U&quot; must be true.
>qemu-kvm-1.2.0/sparc-dis.c:3057: dead_error_line: Execution cannot reach this statement &quot;(*info-&gt;fprintf_func)(strea...&quot;.
>
><a name='def663'/>Error: DEADCODE (CWE-561): <a href ='#def663'>[#def663]</a>
>qemu-kvm-1.2.0/sparc-dis.c:3061: dead_error_condition: The condition &quot;(unsigned int)((insn &gt;&gt; 25) &amp; 0x1fUL) &lt; 32U&quot; must be true.
>qemu-kvm-1.2.0/sparc-dis.c:3065: dead_error_line: Execution cannot reach this statement &quot;(*info-&gt;fprintf_func)(strea...&quot;.
>
><a name='def664'/>Error: DEADCODE (CWE-561): <a href ='#def664'>[#def664]</a>
>qemu-kvm-1.2.0/target-arm/arm-semi.c:226: dead_error_condition: The condition &quot;({...})&quot; cannot be true.
>qemu-kvm-1.2.0/target-arm/arm-semi.c:228: dead_error_line: Execution cannot reach this statement &quot;return 4294967295U;&quot;.
>
><a name='def665'/>Error: DEADCODE (CWE-561): <a href ='#def665'>[#def665]</a>
>qemu-kvm-1.2.0/ui/curses.c:178: assignment: Assigning: &quot;nextchr&quot; = &quot;-1&quot;.
>qemu-kvm-1.2.0/ui/curses.c:215: assignment: Assigning: &quot;nextchr&quot; = &quot;-1&quot;.
>qemu-kvm-1.2.0/ui/curses.c:181: const: At condition &quot;nextchr == -1&quot;, the value of &quot;nextchr&quot; must be equal to -1.
>qemu-kvm-1.2.0/ui/curses.c:181: dead_error_condition: The condition &quot;nextchr == -1&quot; must be true.
>qemu-kvm-1.2.0/ui/curses.c:184: dead_error_begin: Execution cannot reach this statement &quot;chr = nextchr;&quot;.
>
><a name='def666'/>Error: DEADCODE (CWE-561): <a href ='#def666'>[#def666]</a>
>qemu-kvm-1.2.0/hw/ppce500_pci.c:120: dead_error_condition: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.
>qemu-kvm-1.2.0/hw/ppce500_pci.c:120: dead_error_begin: Execution cannot reach this statement &quot;case 16UL:&quot;.
>
><a name='def667'/>Error: DEADCODE (CWE-561): <a href ='#def667'>[#def667]</a>
>qemu-kvm-1.2.0/hw/ppce500_pci.c:142: dead_error_condition: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.
>qemu-kvm-1.2.0/hw/ppce500_pci.c:142: dead_error_begin: Execution cannot reach this statement &quot;case 16UL:&quot;.
>
><a name='def668'/>Error: DEADCODE (CWE-561): <a href ='#def668'>[#def668]</a>
>qemu-kvm-1.2.0/hw/ppce500_pci.c:191: dead_error_condition: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.
>qemu-kvm-1.2.0/hw/ppce500_pci.c:191: dead_error_begin: Execution cannot reach this statement &quot;case 16UL:&quot;.
>
><a name='def669'/>Error: DEADCODE (CWE-561): <a href ='#def669'>[#def669]</a>
>qemu-kvm-1.2.0/hw/ppce500_pci.c:213: dead_error_condition: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.
>qemu-kvm-1.2.0/hw/ppce500_pci.c:213: dead_error_begin: Execution cannot reach this statement &quot;case 16UL:&quot;.
>
><a name='def670'/>Error: DEADCODE (CWE-561): <a href ='#def670'>[#def670]</a>
>qemu-kvm-1.2.0/hw/ds1338.c:73: cond_at_most: Condition &quot;data &lt; 8&quot;, taking true branch. Now the value of &quot;data&quot; is at most 7.
>qemu-kvm-1.2.0/hw/ds1338.c:83: equality_cond: Jumping to case &quot;2&quot;.
>qemu-kvm-1.2.0/hw/ds1338.c:84: const: At condition &quot;data &amp; 0x40&quot;, the value of &quot;data&quot; must be equal to 2.
>qemu-kvm-1.2.0/hw/ds1338.c:84: dead_error_condition: The condition &quot;data &amp; 0x40&quot; cannot be true.
>qemu-kvm-1.2.0/hw/ds1338.c:85: dead_error_line: Execution cannot reach this statement &quot;if (data &amp; 0x20){
> data = ...&quot;.
>
><a name='def671'/>Error: DEADCODE (CWE-561): <a href ='#def671'>[#def671]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:253: cond_notnull: Condition &quot;reader != NULL&quot;, taking true branch. Now the value of &quot;reader&quot; is not NULL.
>qemu-kvm-1.2.0/libcacard/vscclient.c:255: notnull: At condition &quot;reader&quot;, the value of &quot;reader&quot; cannot be NULL.
>qemu-kvm-1.2.0/libcacard/vscclient.c:255: dead_error_condition: The condition &quot;reader&quot; must be true.
>qemu-kvm-1.2.0/libcacard/vscclient.c:255: dead_error_line: Execution cannot reach this expression &quot;&quot;invalid reader&quot;&quot; inside statement &quot;printf(&quot;insert %s, returned...&quot;.
>
><a name='def672'/>Error: DEADCODE (CWE-561): <a href ='#def672'>[#def672]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:266: cond_notnull: Condition &quot;reader != NULL&quot;, taking true branch. Now the value of &quot;reader&quot; is not NULL.
>qemu-kvm-1.2.0/libcacard/vscclient.c:268: notnull: At condition &quot;reader&quot;, the value of &quot;reader&quot; cannot be NULL.
>qemu-kvm-1.2.0/libcacard/vscclient.c:268: dead_error_condition: The condition &quot;reader&quot; must be true.
>qemu-kvm-1.2.0/libcacard/vscclient.c:268: dead_error_line: Execution cannot reach this expression &quot;&quot;invalid reader&quot;&quot; inside statement &quot;printf(&quot;remove %s, returned...&quot;.
>
><a name='def673'/>Error: DEADCODE (CWE-561): <a href ='#def673'>[#def673]</a>
>qemu-kvm-1.2.0/aes.c:740: cond_const: Condition &quot;bits != 256&quot;, taking false branch. Now the value of &quot;bits&quot; is equal to 256.
>qemu-kvm-1.2.0/aes.c:798: const: At condition &quot;bits == 256&quot;, the value of &quot;bits&quot; must be equal to 256.
>qemu-kvm-1.2.0/aes.c:798: dead_error_condition: The condition &quot;bits == 256&quot; must be true.
>qemu-kvm-1.2.0/aes.c:799: dead_error_condition: The condition &quot;1&quot; must be true.
>qemu-kvm-1.2.0/aes.c:826: dead_error_line: Execution cannot reach this statement &quot;return 0;&quot;.
>
><a name='def674'/>Error: DEADCODE (CWE-561): <a href ='#def674'>[#def674]</a>
>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: cond_at_least: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is at least 1.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:195: cond_at_least: Condition &quot;quot &gt; 65535U&quot;, taking true branch. Now the value of &quot;quot&quot; is at least 65536.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: cond_at_least: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is at least 65536.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:195: cond_at_most: Condition &quot;quot &gt; 65535U&quot;, taking false branch. Now the value of &quot;quot&quot; is at most 65535.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: cond_between: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is between 1 and 65535.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: at_least: At condition &quot;(int32_t)quot &lt; 0&quot;, the value of &quot;quot&quot; must be at least 1.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: cond_cannot_single: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: cannot_single: At condition &quot;(int32_t)quot &lt; 0&quot;, the value of &quot;quot&quot; cannot be equal to 0.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: dead_error_condition: The condition &quot;(int32_t)quot &lt; 0&quot; cannot be true.
>qemu-kvm-1.2.0/target-m68k/op_helper.c:200: dead_error_line: Execution cannot reach this statement &quot;flags |= 8U;&quot;.
>
><a name='def675'/>Error: DEADCODE (CWE-561): <a href ='#def675'>[#def675]</a>
>qemu-kvm-1.2.0/linux-user/flatload.c:616: assignment: Assigning: &quot;persistent&quot; = &quot;0U&quot;.
>qemu-kvm-1.2.0/linux-user/flatload.c:626: const: At condition &quot;persistent&quot;, the value of &quot;persistent&quot; must be equal to 0.
>qemu-kvm-1.2.0/linux-user/flatload.c:626: dead_error_condition: The condition &quot;persistent&quot; cannot be true.
>qemu-kvm-1.2.0/linux-user/flatload.c:627: dead_error_line: Execution cannot reach this statement &quot;continue;&quot;.
>
><a name='def676'/>Error: DEADCODE (CWE-561): <a href ='#def676'>[#def676]</a>
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:741: dead_error_condition: The switch value &quot;(env-&gt;dtlb[i].tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:742: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def677'/>Error: DEADCODE (CWE-561): <a href ='#def677'>[#def677]</a>
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:778: dead_error_condition: The switch value &quot;(env-&gt;itlb[i].tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.
>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:779: dead_error_line: Execution cannot reach this statement &quot;default:&quot;.
>
><a name='def678'/>Error: FORWARD_NULL (CWE-476): <a href ='#def678'>[#def678]</a>
>qemu-kvm-1.2.0/memory.c:626: assign_zero: Assigning: &quot;ioeventfds&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/memory.c:630: cond_true: Condition &quot;fr &lt; as-&gt;current_map.ranges + as-&gt;current_map.nr&quot;, taking true branch
>qemu-kvm-1.2.0/memory.c:631: cond_true: Condition &quot;i &lt; fr-&gt;mr-&gt;ioeventfd_nb&quot;, taking true branch
>qemu-kvm-1.2.0/memory.c:635: cond_false: Condition &quot;addrrange_intersects(fr-&gt;addr, tmp)&quot;, taking false branch
>qemu-kvm-1.2.0/memory.c:641: if_end: End of if statement
>qemu-kvm-1.2.0/memory.c:642: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/memory.c:631: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/memory.c:631: cond_false: Condition &quot;i &lt; fr-&gt;mr-&gt;ioeventfd_nb&quot;, taking false branch
>qemu-kvm-1.2.0/memory.c:642: loop_end: Reached end of loop
>qemu-kvm-1.2.0/memory.c:643: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/memory.c:630: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/memory.c:630: cond_false: Condition &quot;fr &lt; as-&gt;current_map.ranges + as-&gt;current_map.nr&quot;, taking false branch
>qemu-kvm-1.2.0/memory.c:643: loop_end: Reached end of loop
>qemu-kvm-1.2.0/memory.c:645: var_deref_model: Passing null pointer &quot;ioeventfds&quot; to function &quot;address_space_add_del_ioeventfds(AddressSpace *, MemoryRegionIoeventfd *, unsigned int, MemoryRegionIoeventfd *, unsigned int)&quot;, which dereferences it.
>qemu-kvm-1.2.0/memory.c:588:5: cond_true: Condition &quot;iold &lt; fds_old_nb&quot;, taking true branch
>qemu-kvm-1.2.0/memory.c:589:9: cond_true: Condition &quot;iold &lt; fds_old_nb&quot;, taking true branch
>qemu-kvm-1.2.0/memory.c:589:9: cond_false: Condition &quot;inew == fds_new_nb&quot;, taking false branch
>qemu-kvm-1.2.0/memory.c:589:9: deref_parm: Directly dereferencing parameter &quot;fds_new&quot;.
>
><a name='def679'/>Error: FORWARD_NULL (CWE-476): <a href ='#def679'>[#def679]</a>
>qemu-kvm-1.2.0/hw/scsi-bus.c:285: cond_false: Condition &quot;req-&gt;dev&quot;, taking false branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:287: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:285: var_compare_op: Comparing &quot;req-&gt;dev&quot; to null implies that &quot;req-&gt;dev&quot; might be null.
>qemu-kvm-1.2.0/hw/scsi-bus.c:287: cond_true: Condition &quot;req-&gt;bus-&gt;unit_attention.key == 6&quot;, taking true branch
>qemu-kvm-1.2.0/hw/scsi-bus.c:288: var_deref_model: Passing &quot;req&quot; to function &quot;scsi_req_build_sense(SCSIRequest *, SCSISense)&quot;, which dereferences null &quot;req-&gt;dev&quot;.
>qemu-kvm-1.2.0/hw/scsi-bus.c:664:5: deref_parm: Directly dereferencing parameter &quot;req-&gt;dev&quot;.
>
><a name='def680'/>Error: FORWARD_NULL (CWE-476): <a href ='#def680'>[#def680]</a>
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:464: assign_zero: Assigning: &quot;buf&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:465: cond_true: Condition &quot;virtqueue_pop(vq, &amp;elem)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:473: cond_false: Condition &quot;cur_len &gt; len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:478: if_end: End of if statement
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:479: var_deref_model: Passing null pointer &quot;buf&quot; to function &quot;iov_to_buf(struct iovec const *, unsigned int const, size_t, void *, size_t)&quot;, which dereferences it.
>qemu-kvm-1.2.0/iov.c:53:5: cond_true: Condition &quot;offset&quot;, taking true branch
>qemu-kvm-1.2.0/iov.c:53:5: cond_true: Condition &quot;i &lt; iov_cnt&quot;, taking true branch
>qemu-kvm-1.2.0/iov.c:54:9: cond_true: Condition &quot;offset &lt; (iov + i).iov_len&quot;, taking true branch
>qemu-kvm-1.2.0/iov.c:56:13: deref_parm_field_in_call: Function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; dereferences an offset off &quot;buf&quot;.
>
><a name='def681'/>Error: FORWARD_NULL (CWE-476): <a href ='#def681'>[#def681]</a>
>qemu-kvm-1.2.0/block/qcow2-refcount.c:420: assign_zero: Assigning: &quot;refcount_block&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:428: cond_false: Condition &quot;length &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:430: else_branch: Reached else branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:430: cond_false: Condition &quot;length == 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:432: if_end: End of if statement
>qemu-kvm-1.2.0/block/qcow2-refcount.c:434: cond_true: Condition &quot;addend &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:441: cond_true: Condition &quot;cluster_offset &lt;= last&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:450: cond_false: Condition &quot;table_index != old_table_index&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:463: if_end: End of if statement
>qemu-kvm-1.2.0/block/qcow2-refcount.c:472: var_deref_op: Dereferencing null pointer &quot;refcount_block&quot;.
>
><a name='def682'/>Error: FORWARD_NULL (CWE-476): <a href ='#def682'>[#def682]</a>
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1047: cond_true: Condition &quot;l1_size2 == 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1048: assign_zero: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1049: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1056: if_end: End of if statement
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1059: cond_true: Condition &quot;i &lt; l1_size&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:1060: var_deref_op: Dereferencing null pointer &quot;l1_table&quot;.
>
><a name='def683'/>Error: FORWARD_NULL (CWE-476): <a href ='#def683'>[#def683]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: assign_zero: Assigning: &quot;q&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: switch: Switch case value &quot;1009&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2259: switch_case: Reached case &quot;1009&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2260: var_deref_model: Passing null pointer &quot;q&quot; to function &quot;ehci_state_advqueue(EHCIQueue *)&quot;, which dereferences it.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:1963:5: deref_parm: Directly dereferencing parameter &quot;q&quot;.
>
><a name='def684'/>Error: FORWARD_NULL (CWE-476): <a href ='#def684'>[#def684]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: assign_zero: Assigning: &quot;q&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: switch: Switch case value &quot;1011&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2271: switch_case: Reached case &quot;1011&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2272: var_deref_model: Passing null pointer &quot;q&quot; to function &quot;ehci_state_execute(EHCIQueue *)&quot;, which dereferences it.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2100:19: deref_parm: Directly dereferencing parameter &quot;q&quot;.
>
><a name='def685'/>Error: FORWARD_NULL (CWE-476): <a href ='#def685'>[#def685]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: assign_zero: Assigning: &quot;q&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: switch: Switch case value &quot;1010&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2263: switch_case: Reached case &quot;1010&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2264: var_deref_model: Passing null pointer &quot;q&quot; to function &quot;ehci_state_fetchqtd(EHCIQueue *)&quot;, which dereferences it.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:1992:5: deref_parm: Directly dereferencing parameter &quot;q&quot;.
>
><a name='def686'/>Error: FORWARD_NULL (CWE-476): <a href ='#def686'>[#def686]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: assign_zero: Assigning: &quot;q&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: switch: Switch case value &quot;1013&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2267: switch_case: Reached case &quot;1013&quot;
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2268: var_deref_model: Passing null pointer &quot;q&quot; to function &quot;ehci_state_horizqh(EHCIQueue *)&quot;, which dereferences it.
>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2054:5: deref_parm: Directly dereferencing parameter &quot;q&quot;.
>
><a name='def687'/>Error: FORWARD_NULL (CWE-476): <a href ='#def687'>[#def687]</a>
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1740: cond_false: Condition &quot;class_id == 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1741: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: cond_true: Condition &quot;s&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_true: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_true: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1747: continue: Continuing loop
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: loop: Looping back
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: cond_true: Condition &quot;s&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_true: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_false: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_true: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_false: Condition &quot;f-&gt;addr != addr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: cond_true: Condition &quot;f-&gt;port != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: cond_true: Condition &quot;port == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: var_compare_op: Comparing &quot;port&quot; to null implies that &quot;port&quot; might be null.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1753: continue: Continuing loop
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: loop: Looping back
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: cond_true: Condition &quot;s&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_true: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_false: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_true: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_false: Condition &quot;f-&gt;addr != addr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: cond_false: Condition &quot;f-&gt;port != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1754: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: cond_true: Condition &quot;f-&gt;vendor_id &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: cond_true: Condition &quot;f-&gt;vendor_id != vendor_id&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1757: continue: Continuing loop
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: loop: Looping back
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: cond_true: Condition &quot;s&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: cond_false: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_true: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: cond_false: Condition &quot;f-&gt;addr != addr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: cond_false: Condition &quot;f-&gt;port != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1754: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: cond_true: Condition &quot;f-&gt;vendor_id &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: cond_false: Condition &quot;f-&gt;vendor_id != vendor_id&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1758: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1760: cond_true: Condition &quot;f-&gt;product_id &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1760: cond_false: Condition &quot;f-&gt;product_id != product_id&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1765: cond_false: Condition &quot;s-&gt;errcount &gt;= 3&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1767: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1770: cond_false: Condition &quot;s-&gt;fd != -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1772: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1775: var_deref_model: Passing null pointer &quot;port&quot; to function &quot;usb_host_open(USBHostDevice *, int, int, char const *, char const *, int)&quot;, which dereferences it.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1293:5: cond_false: Condition &quot;dev-&gt;fd != -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1295:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1298:5: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1300:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1305:5: deref_parm_in_call: Function &quot;strcpy(char * restrict, char const * restrict)&quot; dereferences &quot;port&quot;.
>
><a name='def688'/>Error: FORWARD_NULL (CWE-476): <a href ='#def688'>[#def688]</a>
>qemu-kvm-1.2.0/block/vvfat.c:1957: cond_true: Condition &quot;index &lt; s-&gt;mapping.next&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:1957: cond_false: Condition &quot;mapping = array_get(&amp;s-&gt;mapping, index)&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:1962: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:1957: var_compare_op: Comparing &quot;mapping&quot; to null implies that &quot;mapping&quot; might be null.
>qemu-kvm-1.2.0/block/vvfat.c:1963: cond_false: Condition &quot;index &gt;= s-&gt;mapping.next&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:1963: var_deref_op: Dereferencing null pointer &quot;mapping&quot;.
>
><a name='def689'/>Error: FORWARD_NULL (CWE-476): <a href ='#def689'>[#def689]</a>
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: cond_true: Condition &quot;*args == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1146: continue: Continuing loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: loop: Looping back
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: cond_true: Condition &quot;*args != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1143: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: cond_false: Condition &quot;*args == &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1147: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1150: cond_true: Condition &quot;__coverity_strncmp(args, &quot;soft=&quot;, 5) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1163: cond_false: Condition &quot;*args != &apos;(&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1165: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1171: cond_true: Condition &quot;type_params_length &lt; 99UL /* sizeof (type_str) - 1 */&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1178: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1180: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1182: cond_true: Condition &quot;opts-&gt;vreader_count &gt;= reader_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1186: cond_false: Condition &quot;vreaderOpt == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1188: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: cond_true: Condition &quot;i &lt; count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1205: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: cond_false: Condition &quot;i &lt; count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1205: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1206: cond_true: Condition &quot;*args == &apos;)&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1211: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1247: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: cond_true: Condition &quot;*args != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1143: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: cond_false: Condition &quot;*args == &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1147: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1150: cond_true: Condition &quot;__coverity_strncmp(args, &quot;soft=&quot;, 5) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1160: assign_zero: Assigning: &quot;vreaderOpt&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1163: cond_false: Condition &quot;*args != &apos;(&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1165: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1171: cond_true: Condition &quot;type_params_length &lt; 99UL /* sizeof (type_str) - 1 */&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: cond_false: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1178: cond_false: Condition &quot;*args == 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1180: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1182: cond_false: Condition &quot;opts-&gt;vreader_count &gt;= reader_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1189: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1191: alias_transfer: Assigning: &quot;vreaderOpt&quot; = &quot;vreaderOpt + opts-&gt;vreader_count&quot;.
>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1192: var_deref_op: Dereferencing null pointer &quot;vreaderOpt&quot;.
>
><a name='def690'/>Error: FORWARD_NULL (CWE-476): <a href ='#def690'>[#def690]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:405: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:407: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:416: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:418: switch: Switch case value &quot;128&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:444: switch_case: Reached case &quot;128&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:445: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def691'/>Error: FORWARD_NULL (CWE-476): <a href ='#def691'>[#def691]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:405: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:407: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:416: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:418: switch: Switch case value &quot;132&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:447: switch_case: Reached case &quot;132&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:448: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def692'/>Error: FORWARD_NULL (CWE-476): <a href ='#def692'>[#def692]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:405: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:407: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:416: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:418: switch: Switch case value &quot;144&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:454: switch_case: Reached case &quot;144&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:455: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def693'/>Error: FORWARD_NULL (CWE-476): <a href ='#def693'>[#def693]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:405: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:407: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:416: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:418: switch: Switch case value &quot;152&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:460: switch_case: Reached case &quot;152&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:461: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def694'/>Error: FORWARD_NULL (CWE-476): <a href ='#def694'>[#def694]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:405: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:407: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:416: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:418: switch: Switch case value &quot;156&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:463: switch_case: Reached case &quot;156&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:464: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def695'/>Error: FORWARD_NULL (CWE-476): <a href ='#def695'>[#def695]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:486: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:488: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:497: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:499: switch: Switch case value &quot;132&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:535: switch_case: Reached case &quot;132&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:536: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def696'/>Error: FORWARD_NULL (CWE-476): <a href ='#def696'>[#def696]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:486: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:488: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:497: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:499: switch: Switch case value &quot;136&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:541: switch_case: Reached case &quot;136&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:542: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def697'/>Error: FORWARD_NULL (CWE-476): <a href ='#def697'>[#def697]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:486: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:488: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:497: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:499: switch: Switch case value &quot;140&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:547: switch_case: Reached case &quot;140&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:548: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def698'/>Error: FORWARD_NULL (CWE-476): <a href ='#def698'>[#def698]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:486: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:488: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:497: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:499: switch: Switch case value &quot;144&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:551: switch_case: Reached case &quot;144&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:552: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def699'/>Error: FORWARD_NULL (CWE-476): <a href ='#def699'>[#def699]</a>
>qemu-kvm-1.2.0/hw/omap_intc.c:486: assign_zero: Assigning: &quot;bank&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/hw/omap_intc.c:488: cond_false: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_intc.c:497: if_end: End of if statement
>qemu-kvm-1.2.0/hw/omap_intc.c:499: switch: Switch case value &quot;148&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:557: switch_case: Reached case &quot;148&quot;
>qemu-kvm-1.2.0/hw/omap_intc.c:558: var_deref_op: Dereferencing null pointer &quot;bank&quot;.
>
><a name='def700'/>Error: FORWARD_NULL (CWE-476): <a href ='#def700'>[#def700]</a>
>qemu-kvm-1.2.0/hw/ivshmem.c:659: cond_true: Condition &quot;s-&gt;sizearg == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:660: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:663: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:669: cond_true: Condition &quot;ivshmem_has_feature(s, 0)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:669: cond_false: Condition &quot;!ivshmem_has_feature(s, 1)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ivshmem.c:673: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:676: cond_true: Condition &quot;s-&gt;role&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:677: cond_true: Condition &quot;__coverity_strncmp(s-&gt;role, &quot;peer&quot;, 5) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:679: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:684: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:685: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:687: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ivshmem.c:689: cond_true: Condition &quot;s-&gt;role_val == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:711: cond_true: Condition &quot;s-&gt;server_chr != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:711: cond_false: Condition &quot;__coverity_strncmp(s-&gt;server_chr-&gt;filename, &quot;unix:&quot;, 5) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ivshmem.c:741: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/ivshmem.c:745: cond_true: Condition &quot;s-&gt;shmobj == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ivshmem.c:745: var_compare_op: Comparing &quot;s-&gt;shmobj&quot; to null implies that &quot;s-&gt;shmobj&quot; might be null.
>qemu-kvm-1.2.0/hw/ivshmem.c:753: var_deref_model: Passing null pointer &quot;s-&gt;shmobj&quot; to function &quot;shm_open(char const *, int, mode_t)&quot;, which dereferences it.
>
><a name='def701'/>Error: FORWARD_NULL (CWE-476): <a href ='#def701'>[#def701]</a>
>qemu-kvm-1.2.0/i386-dis.c:3538: cond_true: Condition &quot;info-&gt;mach == 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3540: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3542: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3544: cond_true: Condition &quot;intel_syntax == -1 /* (char)-1 */&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3545: cond_false: Condition &quot;info-&gt;mach == 2&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3545: cond_true: Condition &quot;info-&gt;mach == 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3548: cond_false: Condition &quot;info-&gt;mach == 0&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3548: cond_false: Condition &quot;info-&gt;mach == 3&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3548: cond_false: Condition &quot;info-&gt;mach == 2&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3548: cond_true: Condition &quot;info-&gt;mach == 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3552: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3556: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3558: cond_true: Condition &quot;p != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3560: cond_true: Condition &quot;__coverity_strncmp(p, &quot;x86-64&quot;, 6) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3564: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3608: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3611: cond_false: Condition &quot;p != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3612: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3613: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/i386-dis.c:3558: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/i386-dis.c:3558: cond_false: Condition &quot;p != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3613: loop_end: Reached end of loop
>qemu-kvm-1.2.0/i386-dis.c:3615: cond_true: Condition &quot;intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3628: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3642: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3653: cond_true: Condition &quot;i &lt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3657: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/i386-dis.c:3653: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/i386-dis.c:3653: cond_true: Condition &quot;i &lt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3657: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/i386-dis.c:3653: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/i386-dis.c:3653: cond_false: Condition &quot;i &lt; 4&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3657: loop_end: Reached end of loop
>qemu-kvm-1.2.0/i386-dis.c:3664: cond_false: Condition &quot;_setjmp(priv.bailout) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3687: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3696: cond_true: Condition &quot;*codep == 98&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3698: cond_false: Condition &quot;prefixes &amp; 0x800&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3698: cond_true: Condition &quot;rex&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3698: cond_false: Condition &quot;rex_used&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3711: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3714: cond_false: Condition &quot;*codep == 15&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3748: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:3754: cond_false: Condition &quot;*codep == 144&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3759: cond_true: Condition &quot;!uses_REPZ_prefix&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3759: cond_true: Condition &quot;prefixes &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3764: cond_true: Condition &quot;!uses_REPNZ_prefix&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3764: cond_true: Condition &quot;prefixes &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3770: cond_true: Condition &quot;!uses_LOCK_prefix&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3770: cond_true: Condition &quot;prefixes &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3776: cond_true: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3779: cond_true: Condition &quot;dp-&gt;op[2].bytemode != 10&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3781: cond_false: Condition &quot;sizeflag &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3781: cond_true: Condition &quot;address_mode == mode_64bit&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3782: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3784: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3789: cond_true: Condition &quot;!uses_DATA_prefix&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3789: cond_true: Condition &quot;prefixes &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3792: cond_true: Condition &quot;dp-&gt;op[2].bytemode == 9&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3792: cond_true: Condition &quot;dp-&gt;op[0].bytemode == 2&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3792: cond_false: Condition &quot;!intel_syntax&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3801: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3804: cond_true: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3804: cond_true: Condition &quot;dp-&gt;op[0].bytemode == 5&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3810: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:3817: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:3819: cond_true: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3819: cond_false: Condition &quot;dp-&gt;op[0].bytemode == 1&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:3824: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:3826: cond_true: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:3826: var_compare_op: Comparing &quot;dp-&gt;name&quot; to null implies that &quot;dp-&gt;name&quot; might be null.
>qemu-kvm-1.2.0/i386-dis.c:3828: switch: Switch case default
>qemu-kvm-1.2.0/i386-dis.c:3861: switch_default: Reached default
>qemu-kvm-1.2.0/i386-dis.c:3863: break: Breaking from switch
>qemu-kvm-1.2.0/i386-dis.c:3864: switch_end: Reached end of switch
>qemu-kvm-1.2.0/i386-dis.c:3867: var_deref_model: Passing null pointer &quot;dp-&gt;name&quot; to function &quot;putop(char const *, int)&quot;, which dereferences it.
>qemu-kvm-1.2.0/i386-dis.c:4340:8: var_assign_parm: Assigning: &quot;p&quot; = &quot;template&quot;.
>qemu-kvm-1.2.0/i386-dis.c:4340:3: deref_var: Dereferencing &quot;p&quot; (which is a copy of &quot;template&quot;).
>
><a name='def702'/>Error: FORWARD_NULL (CWE-476): <a href ='#def702'>[#def702]</a>
>qemu-kvm-1.2.0/block/qcow2-refcount.c:738: cond_true: Condition &quot;l1_table_offset != s-&gt;l1_table_offset&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:739: cond_false: Condition &quot;l1_size2 != 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:741: else_branch: Reached else branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:742: assign_zero: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:745: cond_false: Condition &quot;bdrv_pread(bs-&gt;file, l1_table_offset, l1_table, l1_size2) != l1_size2&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:750: if_end: End of if statement
>qemu-kvm-1.2.0/block/qcow2-refcount.c:752: cond_true: Condition &quot;i &lt; l1_size&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:753: var_deref_model: Passing null pointer &quot;l1_table + i&quot; to function &quot;be64_to_cpus(uint64_t *)&quot;, which dereferences it.
>qemu-kvm-1.2.0/bswap.h:130:1: deref_parm: Directly dereferencing parameter &quot;p&quot;.
>
><a name='def703'/>Error: FORWARD_NULL (CWE-476): <a href ='#def703'>[#def703]</a>
>qemu-kvm-1.2.0/block/qcow2-refcount.c:738: cond_true: Condition &quot;l1_table_offset != s-&gt;l1_table_offset&quot;, taking true branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:739: cond_false: Condition &quot;l1_size2 != 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:741: else_branch: Reached else branch
>qemu-kvm-1.2.0/block/qcow2-refcount.c:742: assign_zero: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.
>qemu-kvm-1.2.0/block/qcow2-refcount.c:745: var_deref_model: Passing null pointer &quot;l1_table&quot; to function &quot;bdrv_pread(BlockDriverState *, int64_t, void *, int)&quot;, which dereferences it.
>qemu-kvm-1.2.0/block.c:1707:5: cond_true: Condition &quot;len &gt; count&quot;, taking true branch
>qemu-kvm-1.2.0/block.c:1710:5: cond_true: Condition &quot;len &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block.c:1711:9: cond_false: Condition &quot;(ret = bdrv_read(bs, sector_num, tmp_buf, 1)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:1712:13: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:1713:9: deref_parm_in_call: Function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; dereferences &quot;buf&quot;.
>
><a name='def704'/>Error: INFINITE_LOOP: <a href ='#def704'>[#def704]</a>
>qemu-kvm-1.2.0/block.c:3623: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block.c:3625: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block.c:3623: loop_condition: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def705'/>Error: INFINITE_LOOP: <a href ='#def705'>[#def705]</a>
>qemu-kvm-1.2.0/block.c:389: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block.c:391: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block.c:389: loop_condition: If &quot;cco.ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def706'/>Error: INFINITE_LOOP: <a href ='#def706'>[#def706]</a>
>qemu-kvm-1.2.0/block.c:1626: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block.c:1628: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block.c:1626: loop_condition: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def707'/>Error: INFINITE_LOOP: <a href ='#def707'>[#def707]</a>
>qemu-kvm-1.2.0/block.c:3684: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block.c:3686: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block.c:3684: loop_condition: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def708'/>Error: INFINITE_LOOP: <a href ='#def708'>[#def708]</a>
>qemu-kvm-1.2.0/qemu-io.c:298: loop_top: Top of the loop.
>qemu-kvm-1.2.0/qemu-io.c:300: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/qemu-io.c:298: loop_condition: If &quot;async_ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def709'/>Error: INFINITE_LOOP: <a href ='#def709'>[#def709]</a>
>qemu-kvm-1.2.0/qemu-io.c:312: loop_top: Top of the loop.
>qemu-kvm-1.2.0/qemu-io.c:314: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/qemu-io.c:312: loop_condition: If &quot;async_ret == 2147483647&quot; is initially true then it will remain true.
>
><a name='def710'/>Error: INFINITE_LOOP: <a href ='#def710'>[#def710]</a>
>qemu-kvm-1.2.0/block/qed-table.c:270: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:272: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:270: loop_condition: If &quot;ret == -115&quot; is initially true then it will remain true.
>
><a name='def711'/>Error: INFINITE_LOOP: <a href ='#def711'>[#def711]</a>
>qemu-kvm-1.2.0/block/qed-table.c:197: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:199: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:197: loop_condition: If &quot;ret == -115&quot; is initially true then it will remain true.
>
><a name='def712'/>Error: INFINITE_LOOP: <a href ='#def712'>[#def712]</a>
>qemu-kvm-1.2.0/block/qed-table.c:292: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:294: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:292: loop_condition: If &quot;ret == -115&quot; is initially true then it will remain true.
>
><a name='def713'/>Error: INFINITE_LOOP: <a href ='#def713'>[#def713]</a>
>qemu-kvm-1.2.0/block/qed-table.c:176: loop_top: Top of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:178: loop_bottom: Bottom of the loop.
>qemu-kvm-1.2.0/block/qed-table.c:176: loop_condition: If &quot;ret == -115&quot; is initially true then it will remain true.
>
><a name='def714'/>Error: MISSING_BREAK (CWE-484): <a href ='#def714'>[#def714]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1712: unterminated_case: This case (value 16) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/omap_dma.c:1714: fallthrough: The above case falls through to this one.
>
><a name='def715'/>Error: MISSING_BREAK (CWE-484): <a href ='#def715'>[#def715]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1710: unterminated_case: This case (value 20) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/omap_dma.c:1712: fallthrough: The above case falls through to this one.
>
><a name='def716'/>Error: MISSING_BREAK (CWE-484): <a href ='#def716'>[#def716]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1721: unterminated_case: This case (value 32) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/omap_dma.c:1723: fallthrough: The above case falls through to this one.
>
><a name='def717'/>Error: MISSING_BREAK (CWE-484): <a href ='#def717'>[#def717]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1719: unterminated_case: This case (value 36) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/omap_dma.c:1721: fallthrough: The above case falls through to this one.
>
><a name='def718'/>Error: MISSING_BREAK (CWE-484): <a href ='#def718'>[#def718]</a>
>qemu-kvm-1.2.0/target-sparc/translate.c:4067: unterminated_case: This case (value 46) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/target-sparc/translate.c:4073: fallthrough: The above case falls through to this one.
>
><a name='def719'/>Error: MISSING_BREAK (CWE-484): <a href ='#def719'>[#def719]</a>
>qemu-kvm-1.2.0/hw/omap1.c:634: unterminated_case: This case (value 44) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/omap1.c:636: fallthrough: The above case falls through to this one.
>
><a name='def720'/>Error: MISSING_BREAK (CWE-484): <a href ='#def720'>[#def720]</a>
>qemu-kvm-1.2.0/qemu-ga.c:571: unterminated_case: This case (value 2) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/qemu-ga.c:576: fallthrough: The above case falls through to this one.
>
><a name='def721'/>Error: MISSING_BREAK (CWE-484): <a href ='#def721'>[#def721]</a>
>qemu-kvm-1.2.0/hw/cirrus_vga.c:1308: unterminated_case: This case (value 7) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/cirrus_vga.c:1310: fallthrough: The above case falls through to this one.
>
><a name='def722'/>Error: MISSING_BREAK (CWE-484): <a href ='#def722'>[#def722]</a>
>qemu-kvm-1.2.0/hw/pflash_cfi02.c:145: unterminated_default: The default case is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/pflash_cfi02.c:150: fallthrough: The above case falls through to this one.
>
><a name='def723'/>Error: MISSING_BREAK (CWE-484): <a href ='#def723'>[#def723]</a>
>qemu-kvm-1.2.0/hw/stellaris.c:182: unterminated_case: This case (value 72) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/stellaris.c:185: fallthrough: The above case falls through to this one.
>
><a name='def724'/>Error: MISSING_BREAK (CWE-484): <a href ='#def724'>[#def724]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:4406: unterminated_case: This case (value 130) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/target-i386/translate.c:4409: fallthrough: The above case falls through to this one.
>
><a name='def725'/>Error: MISSING_BREAK (CWE-484): <a href ='#def725'>[#def725]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:7766: unterminated_case: This case (value 271) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/target-i386/translate.c:7769: fallthrough: The above case falls through to this one.
>
><a name='def726'/>Error: MISSING_BREAK (CWE-484): <a href ='#def726'>[#def726]</a>
>qemu-kvm-1.2.0/hw/pxa2xx.c:414: unterminated_case: This case (value 100) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/pxa2xx.c:418: fallthrough: The above case falls through to this one.
>
><a name='def727'/>Error: MISSING_BREAK (CWE-484): <a href ='#def727'>[#def727]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:3793: unterminated_case: This case (value 312) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/target-i386/translate.c:3796: fallthrough: The above case falls through to this one.
>
><a name='def728'/>Error: MISSING_BREAK (CWE-484): <a href ='#def728'>[#def728]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:12282: unterminated_case: This case (value 1155530752) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/target-mips/translate.c:12284: fallthrough: The above case falls through to this one.
>
><a name='def729'/>Error: MISSING_BREAK (CWE-484): <a href ='#def729'>[#def729]</a>
>qemu-kvm-1.2.0/hw/twl92230.c:282: unterminated_case: This case (value 17) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/twl92230.c:283: fallthrough: The above case falls through to this one.
>
><a name='def730'/>Error: MISSING_BREAK (CWE-484): <a href ='#def730'>[#def730]</a>
>qemu-kvm-1.2.0/hw/twl92230.c:388: unterminated_case: This case (value 56) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/twl92230.c:389: fallthrough: The above case falls through to this one.
>
><a name='def731'/>Error: MISSING_BREAK (CWE-484): <a href ='#def731'>[#def731]</a>
>qemu-kvm-1.2.0/hw/twl92230.c:489: unterminated_case: This case (value 19) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/twl92230.c:490: fallthrough: The above case falls through to this one.
>
><a name='def732'/>Error: MISSING_BREAK (CWE-484): <a href ='#def732'>[#def732]</a>
>qemu-kvm-1.2.0/hw/scsi-bus.c:873: unterminated_case: This case (value 10) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/scsi-bus.c:878: fallthrough: The above case falls through to this one.
>
><a name='def733'/>Error: MISSING_BREAK (CWE-484): <a href ='#def733'>[#def733]</a>
>qemu-kvm-1.2.0/hw/scsi-bus.c:887: unterminated_case: This case (value 15) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/scsi-bus.c:892: fallthrough: The above case falls through to this one.
>
><a name='def734'/>Error: MISSING_BREAK (CWE-484): <a href ='#def734'>[#def734]</a>
>qemu-kvm-1.2.0/hw/cadence_ttc.c:341: unterminated_case: This case (value 56) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/cadence_ttc.c:344: fallthrough: The above case falls through to this one.
>
><a name='def735'/>Error: MISSING_BREAK (CWE-484): <a href ='#def735'>[#def735]</a>
>qemu-kvm-1.2.0/hw/cadence_ttc.c:346: unterminated_case: This case (value 68) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/cadence_ttc.c:349: fallthrough: The above case falls through to this one.
>
><a name='def736'/>Error: MISSING_BREAK (CWE-484): <a href ='#def736'>[#def736]</a>
>qemu-kvm-1.2.0/m68k-dis.c:1627: unterminated_case: This case (value 88) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/m68k-dis.c:1629: fallthrough: The above case falls through to this one.
>
><a name='def737'/>Error: MISSING_BREAK (CWE-484): <a href ='#def737'>[#def737]</a>
>qemu-kvm-1.2.0/hw/hid.c:168: unterminated_case: This case (value 224) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/hid.c:173: fallthrough: The above case falls through to this one.
>
><a name='def738'/>Error: MISSING_BREAK (CWE-484): <a href ='#def738'>[#def738]</a>
>qemu-kvm-1.2.0/hw/hid.c:173: unterminated_case: This case (value 231) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/hid.c:178: fallthrough: The above case falls through to this one.
>
><a name='def739'/>Error: MISSING_BREAK (CWE-484): <a href ='#def739'>[#def739]</a>
>qemu-kvm-1.2.0/hw/jazz_led.c:164: unterminated_case: This case (value 16) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/jazz_led.c:167: fallthrough: The above case falls through to this one.
>
><a name='def740'/>Error: MISSING_BREAK (CWE-484): <a href ='#def740'>[#def740]</a>
>qemu-kvm-1.2.0/hw/sh_timer.c:73: unterminated_case: This case (value 3) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/sh_timer.c:76: fallthrough: The above case falls through to this one.
>
><a name='def741'/>Error: MISSING_BREAK (CWE-484): <a href ='#def741'>[#def741]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-ohci.c:1704: unterminated_case: This case (value 24) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/usb/hcd-ohci.c:1707: fallthrough: The above case falls through to this one.
>
><a name='def742'/>Error: MISSING_BREAK (CWE-484): <a href ='#def742'>[#def742]</a>
>qemu-kvm-1.2.0/hw/es1370.c:540: unterminated_case: This case (value 40) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/es1370.c:542: fallthrough: The above case falls through to this one.
>
><a name='def743'/>Error: MISSING_BREAK (CWE-484): <a href ='#def743'>[#def743]</a>
>qemu-kvm-1.2.0/hw/es1370.c:538: unterminated_case: This case (value 44) is not terminated by a &apos;break&apos; statement.
>qemu-kvm-1.2.0/hw/es1370.c:540: fallthrough: The above case falls through to this one.
>
><a name='def744'/>Error: MISSING_LOCK (CWE-366): <a href ='#def744'>[#def744]</a>
>qemu-kvm-1.2.0/hw/qxl.c:1113: missing_lock: Accessing &quot;d-&gt;current_async&quot; without holding lock &quot;QemuMutex.lock&quot;. Elsewhere, &quot;d-&gt;current_async&quot; is accessed with &quot;QemuMutex.lock&quot; held 4 out of 5 times.
>qemu-kvm-1.2.0/hw/qxl.c:834: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:836: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>qemu-kvm-1.2.0/hw/qxl.c:1500: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:1507: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>qemu-kvm-1.2.0/hw/qxl.c:1650: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:1651: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>
><a name='def745'/>Error: MISSING_LOCK (CWE-366): <a href ='#def745'>[#def745]</a>
>qemu-kvm-1.2.0/posix-aio-compat.c:436: missing_lock: Accessing &quot;aiocb-&gt;ret&quot; without holding lock &quot;lock&quot;. Elsewhere, &quot;aiocb-&gt;ret&quot; is accessed with &quot;lock&quot; held 3 out of 3 times.
>qemu-kvm-1.2.0/posix-aio-compat.c:376: example_lock: Locking &quot;lock&quot;.
>qemu-kvm-1.2.0/posix-aio-compat.c:377: example_access: &quot;qemu_paiocb.ret&quot; is accessed with lock &quot;lock&quot; held.
>qemu-kvm-1.2.0/posix-aio-compat.c:571: example_lock: Locking &quot;lock&quot;.
>qemu-kvm-1.2.0/posix-aio-compat.c:574: example_access: &quot;qemu_paiocb.ret&quot; is accessed with lock &quot;lock&quot; held.
>
><a name='def746'/>Error: MISSING_LOCK (CWE-366): <a href ='#def746'>[#def746]</a>
>qemu-kvm-1.2.0/hw/qxl.c:1923: missing_lock: Accessing &quot;qxl-&gt;current_async&quot; without holding lock &quot;QemuMutex.lock&quot;. Elsewhere, &quot;qxl-&gt;current_async&quot; is accessed with &quot;QemuMutex.lock&quot; held 4 out of 5 times.
>qemu-kvm-1.2.0/hw/qxl.c:834: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:836: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>qemu-kvm-1.2.0/hw/qxl.c:1500: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:1507: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>qemu-kvm-1.2.0/hw/qxl.c:1650: example_lock: Locking &quot;QemuMutex.lock&quot;.
>qemu-kvm-1.2.0/hw/qxl.c:1651: example_access: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.
>
><a name='def747'/>Error: MISSING_RETURN: <a href ='#def747'>[#def747]</a>
>/tmp/tmp1Mua9_.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def748'/>Error: MISSING_RETURN: <a href ='#def748'>[#def748]</a>
>/tmp/tmpmaaBfZ.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def749'/>Error: MISSING_RETURN: <a href ='#def749'>[#def749]</a>
>/tmp/tmpxPCDO7.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def750'/>Error: MISSING_RETURN: <a href ='#def750'>[#def750]</a>
>/tmp/tmp3md0Bm.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def751'/>Error: MISSING_RETURN: <a href ='#def751'>[#def751]</a>
>/tmp/tmpVT2CXq.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def752'/>Error: MISSING_RETURN: <a href ='#def752'>[#def752]</a>
>/tmp/tmpC9diCp.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def753'/>Error: MISSING_RETURN: <a href ='#def753'>[#def753]</a>
>/tmp/tmp73vcGp.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def754'/>Error: MISSING_RETURN: <a href ='#def754'>[#def754]</a>
>/tmp/tmpyrOepY.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def755'/>Error: MISSING_RETURN: <a href ='#def755'>[#def755]</a>
>/tmp/tmplmBPNf.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def756'/>Error: MISSING_RETURN: <a href ='#def756'>[#def756]</a>
>/tmp/tmpud3PK9.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def757'/>Error: MISSING_RETURN: <a href ='#def757'>[#def757]</a>
>/tmp/tmp6xy3SA.c:1: missing_return: Arriving at the end of a function without returning a value.
>
><a name='def758'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def758'>[#def758]</a>
>qemu-kvm-1.2.0/monitor.c:974: cond_true: Condition &quot;__coverity_strcmp(protocol, &quot;spice&quot;) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:975: negative_return_fn: Function &quot;monitor_get_fd(mon, fdname)&quot; returns a negative number.
>qemu-kvm-1.2.0/monitor.c:2391:5: cond_true: Condition &quot;monfd&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:2394:9: cond_true: Condition &quot;__coverity_strcmp(monfd-&gt;name, fdname) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:2395:13: continue: Continuing loop
>qemu-kvm-1.2.0/monitor.c:2391:5: cond_false: Condition &quot;monfd&quot;, taking false branch
>qemu-kvm-1.2.0/monitor.c:2408:5: return_negative_constant: Explicitly returning negative value &quot;-1&quot;.
>qemu-kvm-1.2.0/monitor.c:975: var_assign: Assigning: signed variable &quot;fd&quot; = &quot;monitor_get_fd(Monitor *, char const *)&quot;.
>qemu-kvm-1.2.0/monitor.c:978: cond_false: Condition &quot;!using_spice&quot;, taking false branch
>qemu-kvm-1.2.0/monitor.c:982: if_end: End of if statement
>qemu-kvm-1.2.0/monitor.c:983: cond_true: Condition &quot;qemu_spice_display_add_client(fd, skipauth, tls) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:984: negative_returns: &quot;fd&quot; is passed to a parameter that cannot be negative.
>
><a name='def759'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def759'>[#def759]</a>
>qemu-kvm-1.2.0/target-i386/translate.c:7902: cond_true: Condition &quot;flags &amp; (4UL /* 1 &lt;&lt; 2 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7903: cond_true: Condition &quot;dc-&gt;cpl == 3&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7904: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/translate.c:7906: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/translate.c:7917: cond_false: Condition &quot;dc-&gt;tf&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/translate.c:7917: cond_false: Condition &quot;env-&gt;singlestep_enabled&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/translate.c:7917: cond_false: Condition &quot;flags &amp; (8UL /* 1 &lt;&lt; 3 */)&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/translate.c:7917: cond_true: Condition &quot;flags &amp; (4UL /* 1 &lt;&lt; 2 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7947: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-i386/translate.c:7950: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7954: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7955: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7955: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7956: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7957: cond_true: Condition &quot;bp-&gt;pc == pc_ptr&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7957: cond_false: Condition &quot;bp-&gt;flags &amp; 0x20&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/translate.c:7960: break: Breaking from loop
>qemu-kvm-1.2.0/target-i386/translate.c:7962: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/translate.c:7964: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/translate.c:7966: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/translate.c:7970: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/translate.c:7971: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def760'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def760'>[#def760]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:10626: negative_returns: Passing negative constant &quot;-1&quot; to a parameter that cannot be negative.
>qemu-kvm-1.2.0/target-mips/translate.c:6564:5: switch: Switch case value &quot;OPC_ADD_S&quot;
>qemu-kvm-1.2.0/target-mips/translate.c:6565:10: switch_case: Reached case &quot;OPC_ADD_S&quot;
>qemu-kvm-1.2.0/target-mips/translate.c:6571:13: index: Function &quot;gen_load_fpr32(TCGv_i32, int)&quot; uses &quot;ft&quot; as an array index.
>qemu-kvm-1.2.0/target-mips/translate.c:666:5: index: Indexing &quot;NULL-&gt;active_fpu.fpr&quot; with &quot;reg&quot;.
>
><a name='def761'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def761'>[#def761]</a>
>qemu-kvm-1.2.0/hw/loader.c:577: cond_true: Condition &quot;rom-&gt;path == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:582: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:586: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:588: cond_true: Condition &quot;fw_dir&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:593: negative_return_fn: Function &quot;lseek(fd, 0L, 2)&quot; returns a negative number.
>qemu-kvm-1.2.0/hw/loader.c:593: var_assign: Assigning: unsigned variable &quot;rom-&gt;romsize&quot; = &quot;lseek(int, __off64_t, int)&quot;.
>qemu-kvm-1.2.0/hw/loader.c:596: negative_returns: &quot;rom-&gt;romsize&quot; is passed to a parameter that cannot be negative.
>
><a name='def762'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def762'>[#def762]</a>
>qemu-kvm-1.2.0/hw/loader.c:77: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:78: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:79: negative_return_fn: Function &quot;lseek(fd, 0L, 2)&quot; returns a negative number.
>qemu-kvm-1.2.0/hw/loader.c:79: var_assign: Assigning: signed variable &quot;size&quot; = &quot;lseek(int, __off64_t, int)&quot;.
>qemu-kvm-1.2.0/hw/loader.c:81: negative_returns: &quot;size&quot; is passed to a parameter that cannot be negative.
>
><a name='def763'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def763'>[#def763]</a>
>qemu-kvm-1.2.0/target-xtensa/translate.c:2569: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-xtensa/translate.c:2576: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2585: cond_true: Condition &quot;tb-&gt;flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2590: cond_true: Condition &quot;tb-&gt;flags &amp; 16&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2591: cond_true: Condition &quot;tb-&gt;flags &amp; 32&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2596: cond_true: Condition &quot;dc.icount&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2602: cond_true: Condition &quot;env-&gt;singlestep_enabled&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2602: cond_true: Condition &quot;env-&gt;exception_taken&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2611: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2613: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-xtensa/translate.c:2618: if_end: End of if statement
>qemu-kvm-1.2.0/target-xtensa/translate.c:2619: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def764'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def764'>[#def764]</a>
>qemu-kvm-1.2.0/hw/openpic.c:839: cond_false: Condition &quot;addr &amp; 15&quot;, taking false branch
>qemu-kvm-1.2.0/hw/openpic.c:840: if_end: End of if statement
>qemu-kvm-1.2.0/hw/openpic.c:843: switch: Switch case value &quot;176UL&quot;
>qemu-kvm-1.2.0/hw/openpic.c:866: switch_case: Reached case &quot;176UL&quot;
>qemu-kvm-1.2.0/hw/openpic.c:874: negative_return_fn: Function &quot;IRQ_get_next(opp, &amp;dst-&gt;raised)&quot; returns a negative number.
>qemu-kvm-1.2.0/hw/openpic.c:313:5: cond_true: Condition &quot;q-&gt;next == -1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/openpic.c:313:5: var_tested_neg: Variable &quot;q-&gt;next&quot; is negative.
>qemu-kvm-1.2.0/hw/openpic.c:318:5: return_negative_variable: Explicitly returning negative variable &quot;q-&gt;next&quot;.
>qemu-kvm-1.2.0/hw/openpic.c:874: var_assign: Assigning: signed variable &quot;n_IRQ&quot; = &quot;IRQ_get_next(openpic_t *, IRQ_queue_t *)&quot;.
>qemu-kvm-1.2.0/hw/openpic.c:875: negative_returns: Using variable &quot;n_IRQ&quot; as an index to array &quot;opp-&gt;src&quot;.
>
><a name='def765'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def765'>[#def765]</a>
>qemu-kvm-1.2.0/hw/pc.c:657: negative_return_fn: Function &quot;ftell(f)&quot; returns a negative number.
>qemu-kvm-1.2.0/hw/pc.c:657: var_assign: Assigning: signed variable &quot;where&quot; = &quot;ftell(FILE *)&quot;.
>qemu-kvm-1.2.0/hw/pc.c:660: negative_returns: &quot;where&quot; is passed to a parameter that cannot be negative.
>
><a name='def766'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def766'>[#def766]</a>
>qemu-kvm-1.2.0/target-ppc/translate.c:9615: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-ppc/translate.c:9627: cond_true: Condition &quot;env-&gt;hflags &amp; (1UL /* 1 &lt;&lt; 0 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9630: cond_true: Condition &quot;!!(env-&gt;flags &amp; POWERPC_FLAG_CFAR)&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9633: cond_true: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_SPE&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9633: cond_true: Condition &quot;(env-&gt;msr &gt;&gt; 25) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9634: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9636: if_end: End of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9637: cond_true: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_VRE&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9637: cond_true: Condition &quot;(env-&gt;msr &gt;&gt; 25) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9638: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9640: if_end: End of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9641: cond_true: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_SE&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9641: cond_true: Condition &quot;(env-&gt;msr &gt;&gt; 10) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9642: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9644: if_end: End of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9645: cond_true: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_BE&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9645: cond_true: Condition &quot;(env-&gt;msr &gt;&gt; 9) &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9647: cond_true: Condition &quot;!!env-&gt;singlestep_enabled&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9647: cond_true: Condition &quot;!!env-&gt;singlestep_enabled&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9655: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9660: cond_true: Condition &quot;ctx.exception == POWERPC_EXCP_NONE&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9660: cond_true: Condition &quot;gen_opc_ptr &lt; gen_opc_end&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9661: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9661: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9662: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9663: cond_true: Condition &quot;bp-&gt;pc == ctx.nip&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9665: break: Breaking from loop
>qemu-kvm-1.2.0/target-ppc/translate.c:9667: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-ppc/translate.c:9669: cond_true: Condition &quot;!!search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9669: cond_true: Condition &quot;!!search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9671: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-ppc/translate.c:9675: if_end: End of if statement
>qemu-kvm-1.2.0/target-ppc/translate.c:9676: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def767'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def767'>[#def767]</a>
>qemu-kvm-1.2.0/slirp/slirp.c:828: cond_true: Condition &quot;so-&gt;s == -1&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:828: var_tested_neg: Variable &quot;so-&gt;s&quot; tests negative.
>qemu-kvm-1.2.0/slirp/slirp.c:828: cond_false: Condition &quot;so-&gt;extra&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:831: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:833: negative_returns: &quot;so-&gt;s&quot; is passed to a parameter that cannot be negative.
>
><a name='def768'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def768'>[#def768]</a>
>qemu-kvm-1.2.0/hw/pcnet.c:1215: cond_false: Condition &quot;!!!(s-&gt;csr[0] &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1218: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_false: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1237: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1244: var_tested_neg: Assigning: &quot;s-&gt;xmit_pos&quot; = a negative value.
>qemu-kvm-1.2.0/hw/pcnet.c:1245: goto: Jumping to label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1275: label: Reached label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_false: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1237: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1246: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1247: cond_true: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: negative_returns: Using variable &quot;s-&gt;xmit_pos&quot; as an index to array &quot;s-&gt;buffer&quot;.
>
><a name='def769'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def769'>[#def769]</a>
>qemu-kvm-1.2.0/hw/pcnet.c:1215: cond_false: Condition &quot;!!!(s-&gt;csr[0] &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1218: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_true: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1234: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1235: cond_true: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1245: goto: Jumping to label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1275: label: Reached label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_true: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1234: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1235: cond_true: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1245: goto: Jumping to label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1275: label: Reached label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_true: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1234: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1235: cond_true: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1245: goto: Jumping to label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1275: label: Reached label &quot;txdone&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_true: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1234: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1235: cond_true: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1246: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1247: cond_true: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: cond_true: Condition &quot;!!(s-&gt;csr[3] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1252: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1273: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_false: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1237: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1246: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1247: cond_false: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1252: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/pcnet.c:1252: cond_true: Condition &quot;s-&gt;xmit_pos &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1254: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1254: cond_true: Condition &quot;!!(s-&gt;csr[3] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1260: cond_true: Condition &quot;!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1261: cond_false: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1263: cond_true: Condition &quot;add_crc&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1266: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1268: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1272: var_tested_neg: Assigning: &quot;s-&gt;xmit_pos&quot; = a negative value.
>qemu-kvm-1.2.0/hw/pcnet.c:1277: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1278: cond_true: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1281: cond_true: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1282: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1285: cond_true: Condition &quot;count--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1286: goto: Jumping to label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1222: label: Reached label &quot;txagain&quot;
>qemu-kvm-1.2.0/hw/pcnet.c:1223: cond_true: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1226: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1232: cond_false: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1237: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_true: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1238: cond_false: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pcnet.c:1246: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pcnet.c:1247: cond_true: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: cond_true: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pcnet.c:1249: negative_returns: Using variable &quot;s-&gt;xmit_pos&quot; as an index to array &quot;s-&gt;buffer&quot;.
>
><a name='def770'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def770'>[#def770]</a>
>qemu-kvm-1.2.0/target-alpha/translate.c:3370: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-alpha/translate.c:3395: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3400: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3400: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3401: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3402: cond_true: Condition &quot;bp-&gt;pc == ctx.pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3404: break: Breaking from loop
>qemu-kvm-1.2.0/target-alpha/translate.c:3406: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-alpha/translate.c:3408: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3410: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-alpha/translate.c:3414: if_end: End of if statement
>qemu-kvm-1.2.0/target-alpha/translate.c:3415: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def771'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def771'>[#def771]</a>
>qemu-kvm-1.2.0/target-lm32/translate.c:326: var_tested_neg: Assigning: &quot;rZ&quot; = a negative value.
>qemu-kvm-1.2.0/target-lm32/translate.c:328: cond_false: Condition &quot;dc-&gt;format == OP_FMT_RI&quot;, taking false branch
>qemu-kvm-1.2.0/target-lm32/translate.c:331: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-lm32/translate.c:332: negative_returns: Using variable &quot;rZ&quot; as an index to array &quot;cpu_R&quot;.
>
><a name='def772'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def772'>[#def772]</a>
>qemu-kvm-1.2.0/target-microblaze/translate.c:1747: cond_true: Condition &quot;!!(dc-&gt;tb_flags &amp; (524288U /* 1 &lt;&lt; 19 */))&quot;, taking true branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1748: cond_true: Condition &quot;dc-&gt;delayed_branch&quot;, taking true branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1757: cond_false: Condition &quot;pc_start &amp; 3&quot;, taking false branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1758: if_end: End of if statement
>qemu-kvm-1.2.0/target-microblaze/translate.c:1760: cond_true: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1768: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-microblaze/translate.c:1771: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1785: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1787: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-microblaze/translate.c:1791: if_end: End of if statement
>qemu-kvm-1.2.0/target-microblaze/translate.c:1792: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def773'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def773'>[#def773]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;46&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7675: switch_case: Reached case &quot;46&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7676: negative_return_fn: Function &quot;low2highgid(arg1)&quot; returns a negative number.
>qemu-kvm-1.2.0/linux-user/syscall.c:4604:5: cond_true: Condition &quot;(int16_t)gid == -1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:4605:9: return_negative_constant: Explicitly returning negative value &quot;-1&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:7676: negative_returns: &quot;low2highgid(arg1)&quot; is passed to a parameter that cannot be negative.
>
><a name='def774'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def774'>[#def774]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7672: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7673: negative_return_fn: Function &quot;low2highuid(arg1)&quot; returns a negative number.
>qemu-kvm-1.2.0/linux-user/syscall.c:4596:5: cond_true: Condition &quot;(int16_t)uid == -1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:4597:9: return_negative_constant: Explicitly returning negative value &quot;-1&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:7673: negative_returns: &quot;low2highuid(arg1)&quot; is passed to a parameter that cannot be negative.
>
><a name='def775'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def775'>[#def775]</a>
>qemu-kvm-1.2.0/target-s390x/translate.c:5123: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-s390x/translate.c:5130: cond_true: Condition &quot;!(tb-&gt;flags &amp; (1ULL /* 0x100000000ULL &gt;&gt; 32 */))&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5145: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5152: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5152: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5153: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5154: cond_true: Condition &quot;bp-&gt;pc == dc.pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5156: break: Breaking from loop
>qemu-kvm-1.2.0/target-s390x/translate.c:5158: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-s390x/translate.c:5160: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5162: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-s390x/translate.c:5167: if_end: End of if statement
>qemu-kvm-1.2.0/target-s390x/translate.c:5168: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def776'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def776'>[#def776]</a>
>qemu-kvm-1.2.0/slirp/socket.c:602: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:604: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:607: cond_false: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:610: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:616: cond_true: Condition &quot;flags &amp; 0x200&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:628: negative_return_fn: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:273:5: var_tested_neg: Variable &quot;ret&quot; is negative.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;*__errno_location() != 22&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_negative_variable: Explicitly returning negative variable &quot;ret&quot;.
>qemu-kvm-1.2.0/slirp/socket.c:628: var_assign: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/slirp/socket.c:628: cond_true: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:634: negative_returns: &quot;s&quot; is passed to a parameter that cannot be negative.
>
><a name='def777'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def777'>[#def777]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:664: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:667: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:671: cond_false: Condition &quot;path&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:673: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-sockets.c:675: cond_true: Condition &quot;tmpdir&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:684: negative_return_fn: Function &quot;mkstemp(un.sun_path)&quot; returns a negative number.
>qemu-kvm-1.2.0/qemu-sockets.c:684: var_assign: Assigning: signed variable &quot;fd&quot; = &quot;mkstemp(char *)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:684: negative_returns: &quot;fd&quot; is passed to a parameter that cannot be negative.
>
><a name='def778'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def778'>[#def778]</a>
>qemu-kvm-1.2.0/target-arm/translate.c:9708: cond_true: Condition &quot;((tb-&gt;flags &amp; (64UL /* 1 &lt;&lt; 6 */)) &gt;&gt; 6) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9722: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-arm/translate.c:9725: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9765: cond_true: Condition &quot;dc-&gt;condexec_mask&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9782: cond_true: Condition &quot;dc-&gt;pc &gt;= 4294967280U&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9782: cond_false: Condition &quot;arm_feature(env, ARM_FEATURE_M)&quot;, taking false branch
>qemu-kvm-1.2.0/target-arm/translate.c:9788: if_end: End of if statement
>qemu-kvm-1.2.0/target-arm/translate.c:9791: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9791: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9792: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9793: cond_false: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch
>qemu-kvm-1.2.0/target-arm/translate.c:9800: if_end: End of if statement
>qemu-kvm-1.2.0/target-arm/translate.c:9801: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-arm/translate.c:9792: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-arm/translate.c:9792: cond_false: Condition &quot;bp&quot;, taking false branch
>qemu-kvm-1.2.0/target-arm/translate.c:9801: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-arm/translate.c:9803: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-arm/translate.c:9805: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-arm/translate.c:9809: if_end: End of if statement
>qemu-kvm-1.2.0/target-arm/translate.c:9810: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def779'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def779'>[#def779]</a>
>qemu-kvm-1.2.0/target-m68k/translate.c:2989: cond_true: Condition &quot;(env-&gt;sr &amp; 8192) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:2992: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-m68k/translate.c:2995: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3002: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3002: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3003: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3004: cond_false: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3008: if_end: End of if statement
>qemu-kvm-1.2.0/target-m68k/translate.c:3009: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-m68k/translate.c:3003: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-m68k/translate.c:3003: cond_false: Condition &quot;bp&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3009: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-m68k/translate.c:3010: cond_false: Condition &quot;dc-&gt;is_jmp&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3011: if_end: End of if statement
>qemu-kvm-1.2.0/target-m68k/translate.c:3013: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3015: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/translate.c:3019: if_end: End of if statement
>qemu-kvm-1.2.0/target-m68k/translate.c:3020: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def780'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def780'>[#def780]</a>
>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: cond_false: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:408: cond_true: Condition &quot;(so = socreate(slirp)) == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/tcp_subr.c:410: negative_return_fn: Function &quot;accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; returns a negative number.
>qemu-kvm-1.2.0/slirp/tcp_subr.c:410: negative_returns: &quot;accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; is passed to a parameter that cannot be negative.
>
><a name='def781'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def781'>[#def781]</a>
>qemu-kvm-1.2.0/target-sh4/translate.c:1928: cond_true: Condition &quot;(env-&gt;sr &amp; (1073741824U /* 1 &lt;&lt; 30 */)) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1937: var_tested_neg: Assigning: &quot;ii&quot; = a negative value.
>qemu-kvm-1.2.0/target-sh4/translate.c:1940: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1943: cond_true: Condition &quot;ctx.bstate == BS_NONE&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1943: cond_true: Condition &quot;gen_opc_ptr &lt; gen_opc_end&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1944: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1944: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1945: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1946: cond_true: Condition &quot;ctx.pc == bp-&gt;pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1951: break: Breaking from loop
>qemu-kvm-1.2.0/target-sh4/translate.c:1953: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-sh4/translate.c:1955: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1957: cond_false: Condition &quot;ii &lt; i&quot;, taking false branch
>qemu-kvm-1.2.0/target-sh4/translate.c:1961: if_end: End of if statement
>qemu-kvm-1.2.0/target-sh4/translate.c:1962: negative_returns: Using variable &quot;ii&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def782'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def782'>[#def782]</a>
>qemu-kvm-1.2.0/linux-user/mmap.c:414: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:526: negative_return_fn: Function &quot;target_mprotect(start, len, prot)&quot; returns a negative number.
>qemu-kvm-1.2.0/linux-user/mmap.c:94:5: cond_true: Condition &quot;(start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:95:9: return_negative_constant: Explicitly returning negative value &quot;-22&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:526: var_assign: Assigning: unsigned variable &quot;ret&quot; = &quot;target_mprotect(abi_ulong, abi_ulong, int)&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:527: cond_true: Condition &quot;ret != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:528: var_assign: Assigning: unsigned variable &quot;start&quot; = &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:529: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:584: negative_returns: &quot;start&quot; is passed to a parameter that cannot be negative.
>qemu-kvm-1.2.0/exec.c:1076:5: parm_loop_bound: Using unsigned parameter &quot;start&quot; in a loop exit test.
>
><a name='def783'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def783'>[#def783]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:253: cond_true: Condition &quot;status &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:255: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:257: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:263: negative_return_fn: Function &quot;v9fs_marshal(iovec, 1, 0UL, 0, &quot;ddd&quot;, header.type, header.size, status)&quot; returns a negative number.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: cond_true: Condition &quot;fmt[i]&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: switch: Switch case value &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: switch_case: Reached case &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: cond_false: Condition &quot;copied &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:317:9: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:319:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: cond_true: Condition &quot;fmt[i]&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: switch: Switch case value &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: switch_case: Reached case &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: cond_false: Condition &quot;copied &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:317:9: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:319:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: cond_true: Condition &quot;fmt[i]&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: switch: Switch case value &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: switch_case: Reached case &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: cond_true: Condition &quot;copied &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: var_tested_neg: Variable &quot;copied&quot; is negative.
>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:316:13: return_negative_variable: Explicitly returning negative variable &quot;copied&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:263: var_assign: Assigning: signed variable &quot;msg_size&quot; = &quot;v9fs_marshal(struct iovec *, int, size_t, int, char const *, ...)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:265: negative_returns: &quot;msg_size&quot; is passed to a parameter that cannot be negative.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:159:5: cond_true: Condition &quot;size&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:160:9: neg_sink_parm_call: Passing &quot;size&quot; to &quot;write(int, void const *, size_t)&quot;, which cannot accept a negative number.
>
><a name='def784'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def784'>[#def784]</a>
>qemu-kvm-1.2.0/target-mips/translate.c:12428: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-mips/translate.c:12434: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12454: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12456: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/target-mips/translate.c:12456: if_end: End of if statement
>qemu-kvm-1.2.0/target-mips/translate.c:12458: cond_true: Condition &quot;ctx.bstate == BS_NONE&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12459: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12459: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12460: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12461: cond_false: Condition &quot;bp-&gt;pc == ctx.pc&quot;, taking false branch
>qemu-kvm-1.2.0/target-mips/translate.c:12469: if_end: End of if statement
>qemu-kvm-1.2.0/target-mips/translate.c:12470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-mips/translate.c:12460: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-mips/translate.c:12460: cond_false: Condition &quot;bp&quot;, taking false branch
>qemu-kvm-1.2.0/target-mips/translate.c:12470: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-mips/translate.c:12473: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-mips/translate.c:12475: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-mips/translate.c:12479: if_end: End of if statement
>qemu-kvm-1.2.0/target-mips/translate.c:12480: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def785'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def785'>[#def785]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1662: negative_returns: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_true: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: cond_false: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: neg_sink_parm_call: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.
>
><a name='def786'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def786'>[#def786]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1228: negative_returns: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_true: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: cond_false: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: neg_sink_parm_call: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.
>
><a name='def787'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def787'>[#def787]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:2026: negative_returns: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_true: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: cond_false: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: neg_sink_parm_call: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.
>
><a name='def788'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def788'>[#def788]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:3189: cond_true: Condition &quot;env-&gt;pregs[1] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3192: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3195: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3224: cond_true: Condition &quot;!!(tb-&gt;flags &amp; 7)&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3225: cond_true: Condition &quot;dc-&gt;delayed_branch&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3226: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3228: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3232: cond_true: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3256: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-cris/translate.c:3259: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3267: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3269: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:3273: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3274: cond_true: Condition &quot;dc-&gt;delayed_branch == 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3275: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def789'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def789'>[#def789]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:3189: cond_true: Condition &quot;env-&gt;pregs[1] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3192: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3195: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3224: cond_false: Condition &quot;!!(tb-&gt;flags &amp; 7)&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:3225: cond_false: Condition &quot;dc-&gt;delayed_branch&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:3228: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:3232: cond_true: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3256: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-cris/translate.c:3259: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3267: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:3269: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:3273: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:3274: cond_false: Condition &quot;dc-&gt;delayed_branch == 1&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:3277: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:3277: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def790'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def790'>[#def790]</a>
>qemu-kvm-1.2.0/target-unicore32/translate.c:1968: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-unicore32/translate.c:1971: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1985: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1985: cond_true: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: cond_true: Condition &quot;bp&quot;, taking true branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1987: cond_false: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1996: if_end: End of if statement
>qemu-kvm-1.2.0/target-unicore32/translate.c:1997: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: cond_false: Condition &quot;bp&quot;, taking false branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:1997: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-unicore32/translate.c:1999: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:2001: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-unicore32/translate.c:2006: if_end: End of if statement
>qemu-kvm-1.2.0/target-unicore32/translate.c:2007: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def791'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def791'>[#def791]</a>
>qemu-kvm-1.2.0/slirp/udp.c:361: cond_false: Condition &quot;!so&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/udp.c:363: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/udp.c:364: negative_return_fn: Function &quot;qemu_socket(2, 2, 0)&quot; returns a negative number.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:273:5: var_tested_neg: Variable &quot;ret&quot; is negative.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;*__errno_location() != 22&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_negative_variable: Explicitly returning negative variable &quot;ret&quot;.
>qemu-kvm-1.2.0/slirp/udp.c:364: var_assign: Assigning: signed variable &quot;so-&gt;s&quot; = &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/slirp/udp.c:372: negative_returns: &quot;so-&gt;s&quot; is passed to a parameter that cannot be negative.
>
><a name='def792'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def792'>[#def792]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: negative_return_fn: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:273:5: var_tested_neg: Variable &quot;ret&quot; is negative.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;*__errno_location() != 22&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_negative_variable: Explicitly returning negative variable &quot;ret&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:135: var_assign: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_true: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/misc.c:139: negative_returns: &quot;s&quot; is passed to a parameter that cannot be negative.
>
><a name='def793'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def793'>[#def793]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:146: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:152: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:162: negative_return_fn: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:273:5: var_tested_neg: Variable &quot;ret&quot; is negative.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;*__errno_location() != 22&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_negative_variable: Explicitly returning negative variable &quot;ret&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:162: var_assign: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:165: negative_returns: &quot;s&quot; is passed to a parameter that cannot be negative.
>
><a name='def794'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def794'>[#def794]</a>
>qemu-kvm-1.2.0/target-openrisc/translate.c:1685: cond_true: Condition &quot;!!(dc-&gt;tb_flags &amp; 1)&quot;, taking true branch
>qemu-kvm-1.2.0/target-openrisc/translate.c:1687: cond_true: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-openrisc/translate.c:1693: var_tested_neg: Assigning: &quot;k&quot; = a negative value.
>qemu-kvm-1.2.0/target-openrisc/translate.c:1697: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-openrisc/translate.c:1705: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-openrisc/translate.c:1707: cond_false: Condition &quot;k &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-openrisc/translate.c:1712: if_end: End of if statement
>qemu-kvm-1.2.0/target-openrisc/translate.c:1713: negative_returns: Using variable &quot;k&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def795'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def795'>[#def795]</a>
>qemu-kvm-1.2.0/linux-user/flatload.c:462: negative_returns: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_true: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: cond_false: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: neg_sink_parm_call: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.
>qemu-kvm-1.2.0/linux-user/flatload.c:496: negative_returns: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_true: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: cond_false: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: neg_sink_parm_call: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.
>
><a name='def796'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def796'>[#def796]</a>
>qemu-kvm-1.2.0/qemu-ga.c:507: cond_true: Condition &quot;s&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:507: cond_true: Condition &quot;parser&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:507: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:507: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:507: cond_true: Condition &quot;({...})&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:507: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:507: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:511: cond_false: Condition &quot;err&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:511: cond_false: Condition &quot;!obj&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:511: cond_false: Condition &quot;qobject_type(obj) != QTYPE_QDICT&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:522: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-ga.c:526: cond_false: Condition &quot;qdict&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:526: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-ga.c:526: cond_true: Condition &quot;({...})&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:526: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:526: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:529: cond_false: Condition &quot;qdict_haskey(qdict, &quot;execute&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:531: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-ga.c:532: cond_false: Condition &quot;!qdict_haskey(qdict, &quot;error&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:539: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:540: negative_return_fn: Function &quot;send_response(s, &amp;qdict-&gt;base)&quot; returns a negative number.
>qemu-kvm-1.2.0/qemu-ga.c:453:5: cond_true: Condition &quot;payload&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:453:5: cond_true: Condition &quot;s-&gt;channel&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:453:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:453:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:453:5: cond_true: Condition &quot;({...})&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:453:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:453:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:456:5: cond_false: Condition &quot;!payload_qstr&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:458:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:460:5: cond_true: Condition &quot;s-&gt;delimit_response&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:465:9: cond_true: Condition &quot;payload_qstr&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:466:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qemu-ga.c:468:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:473:5: cond_true: Condition &quot;response_qstr&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:474:5: cond_true: Condition &quot;status != G_IO_STATUS_NORMAL&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:475:9: return_negative_constant: Explicitly returning negative value &quot;-5&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:540: var_assign: Assigning: signed variable &quot;ret&quot; = &quot;send_response(GAState *, QObject *)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:541: cond_true: Condition &quot;ret&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:542: negative_returns: &quot;ret&quot; is passed to a parameter that cannot be negative.
>
><a name='def797'/>Error: NEGATIVE_RETURNS (CWE-394): <a href ='#def797'>[#def797]</a>
>qemu-kvm-1.2.0/target-lm32/translate.c:1028: cond_false: Condition &quot;pc_start &amp; 3&quot;, taking false branch
>qemu-kvm-1.2.0/target-lm32/translate.c:1030: if_end: End of if statement
>qemu-kvm-1.2.0/target-lm32/translate.c:1032: cond_true: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-lm32/translate.c:1038: var_tested_neg: Assigning: &quot;lj&quot; = a negative value.
>qemu-kvm-1.2.0/target-lm32/translate.c:1041: cond_true: Condition &quot;max_insns == 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-lm32/translate.c:1049: cond_true: Condition &quot;search_pc&quot;, taking true branch
>qemu-kvm-1.2.0/target-lm32/translate.c:1051: cond_false: Condition &quot;lj &lt; j&quot;, taking false branch
>qemu-kvm-1.2.0/target-lm32/translate.c:1056: if_end: End of if statement
>qemu-kvm-1.2.0/target-lm32/translate.c:1057: negative_returns: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.
>
><a name='def798'/>Error: NULL_RETURNS (CWE-476): <a href ='#def798'>[#def798]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_true: Condition &quot;*p&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:848: cond_true: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_true: Condition &quot;*p&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:848: cond_true: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_false: Condition &quot;*p&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/sheepdog.c:856: cond_true: Condition &quot;nr_sep &gt;= 2&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:858: returned_null: Function &quot;__coverity_strchr(char const *, int)&quot; returns null (checked 51 out of 53 times).
>qemu-kvm-1.2.0/arch_init.c:952: example_assign: Assigning: &quot;e&quot; = return value from &quot;__coverity_strchr(p, 44)&quot;.
>qemu-kvm-1.2.0/arch_init.c:953: example_checked: &quot;e&quot; has its value checked in &quot;e&quot;.
>qemu-kvm-1.2.0/block/blkdebug.c:281: example_assign: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.
>qemu-kvm-1.2.0/block/blkdebug.c:282: example_checked: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.
>qemu-kvm-1.2.0/block/blkverify.c:85: example_assign: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.
>qemu-kvm-1.2.0/block/blkverify.c:86: example_checked: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.
>qemu-kvm-1.2.0/block/rbd.c:214: example_assign: Assigning: &quot;end&quot; = return value from &quot;__coverity_strchr(p, 58)&quot;.
>qemu-kvm-1.2.0/block/rbd.c:216: example_checked: &quot;end&quot; has its value checked in &quot;end&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:871: example_assign: Assigning: &quot;p&quot; = return value from &quot;__coverity_strchr(vdi, 58)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:872: example_checked: &quot;p&quot; has its value checked in &quot;p&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:858: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;__coverity_strchr(char const *, int)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:859: dereference: Incrementing a pointer which might be null: &quot;p&quot;.
>
><a name='def799'/>Error: NULL_RETURNS (CWE-476): <a href ='#def799'>[#def799]</a>
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_true: Condition &quot;*p&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:848: cond_true: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_true: Condition &quot;*p&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:848: cond_true: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/sheepdog.c:847: cond_false: Condition &quot;*p&quot;, taking false branch
>qemu-kvm-1.2.0/block/sheepdog.c:852: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/sheepdog.c:856: cond_true: Condition &quot;nr_sep &gt;= 2&quot;, taking true branch
>qemu-kvm-1.2.0/block/sheepdog.c:862: returned_null: Function &quot;__coverity_strchr(char const *, int)&quot; returns null (checked 51 out of 53 times).
>qemu-kvm-1.2.0/arch_init.c:952: example_assign: Assigning: &quot;e&quot; = return value from &quot;__coverity_strchr(p, 44)&quot;.
>qemu-kvm-1.2.0/arch_init.c:953: example_checked: &quot;e&quot; has its value checked in &quot;e&quot;.
>qemu-kvm-1.2.0/block/blkdebug.c:281: example_assign: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.
>qemu-kvm-1.2.0/block/blkdebug.c:282: example_checked: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.
>qemu-kvm-1.2.0/block/blkverify.c:85: example_assign: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.
>qemu-kvm-1.2.0/block/blkverify.c:86: example_checked: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.
>qemu-kvm-1.2.0/block/rbd.c:214: example_assign: Assigning: &quot;end&quot; = return value from &quot;__coverity_strchr(p, 58)&quot;.
>qemu-kvm-1.2.0/block/rbd.c:216: example_checked: &quot;end&quot; has its value checked in &quot;end&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:871: example_assign: Assigning: &quot;p&quot; = return value from &quot;__coverity_strchr(vdi, 58)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:872: example_checked: &quot;p&quot; has its value checked in &quot;p&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:862: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;__coverity_strchr(char const *, int)&quot;.
>qemu-kvm-1.2.0/block/sheepdog.c:863: dereference: Incrementing a pointer which might be null: &quot;p&quot;.
>
><a name='def800'/>Error: NULL_RETURNS (CWE-476): <a href ='#def800'>[#def800]</a>
>qemu-kvm-1.2.0/net.c:853: cond_false: Condition &quot;!nc&quot;, taking false branch
>qemu-kvm-1.2.0/net.c:856: if_end: End of if statement
>qemu-kvm-1.2.0/net.c:859: returned_null: Function &quot;qemu_opts_find(QemuOptsList *, char const *)&quot; returns null (checked 9 out of 10 times).
>qemu-kvm-1.2.0/qemu-option.c:717:5: cond_true: Condition &quot;opts&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:718:9: cond_true: Condition &quot;!opts-&gt;id&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:719:13: cond_false: Condition &quot;!id&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-option.c:721:13: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-option.c:722:13: continue: Continuing loop
>qemu-kvm-1.2.0/qemu-option.c:728:5: loop: Looping back
>qemu-kvm-1.2.0/qemu-option.c:717:5: cond_false: Condition &quot;opts&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-option.c:728:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/qemu-option.c:729:5: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/device_tree.c:243: example_assign: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.
>qemu-kvm-1.2.0/device_tree.c:244: example_checked: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.
>qemu-kvm-1.2.0/exec.c:2482: example_assign: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.
>qemu-kvm-1.2.0/exec.c:2483: example_checked: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:354: example_assign: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.
>qemu-kvm-1.2.0/hw/arm_boot.c:355: example_checked: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.
>qemu-kvm-1.2.0/hw/microblaze_boot.c:111: example_assign: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.
>qemu-kvm-1.2.0/hw/microblaze_boot.c:112: example_checked: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.
>qemu-kvm-1.2.0/hw/ppc/e500.c:145: example_assign: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.
>qemu-kvm-1.2.0/hw/ppc/e500.c:146: example_checked: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.
>qemu-kvm-1.2.0/net.c:859: dereference: Dereferencing a pointer that might be null &quot;qemu_opts_find(qemu_find_opts_err(&quot;netdev&quot;, errp), id)&quot; when calling &quot;qemu_opts_del(QemuOpts *)&quot;.
>qemu-kvm-1.2.0/qemu-option.c:822:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:823:9: deref_parm: Directly dereferencing parameter &quot;opts&quot;.
>
><a name='def801'/>Error: NULL_RETURNS (CWE-476): <a href ='#def801'>[#def801]</a>
>qemu-kvm-1.2.0/hw/ide/ahci.c:594: cond_false: Condition &quot;!ad-&gt;res_fis&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ide/ahci.c:594: cond_false: Condition &quot;!(pr-&gt;cmd &amp; (16U /* 1 &lt;&lt; 4 */))&quot;, taking false branch
>qemu-kvm-1.2.0/hw/ide/ahci.c:596: if_end: End of if statement
>qemu-kvm-1.2.0/hw/ide/ahci.c:598: cond_true: Condition &quot;!cmd_fis&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ide/ahci.c:601: returned_null: Function &quot;dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot; returns null (checked 4 out of 5 times).
>qemu-kvm-1.2.0/dma.h:178:5: cond_false: Condition &quot;!dma_has_iommu(dma)&quot;, taking false branch
>qemu-kvm-1.2.0/dma.h:186:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/dma.h:187:9: null_return: Calling &quot;iommu_dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot; which might return null.
>qemu-kvm-1.2.0/dma-helpers.c:397:5: cond_false: Condition &quot;dma-&gt;map&quot;, taking false branch
>qemu-kvm-1.2.0/dma-helpers.c:399:5: if_end: End of if statement
>qemu-kvm-1.2.0/dma-helpers.c:403:5: cond_true: Condition &quot;err&quot;, taking true branch
>qemu-kvm-1.2.0/dma-helpers.c:404:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/dma.h:187:9: return_null_fn: Returning the return value of &quot;iommu_dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot;, which might be null.
>qemu-kvm-1.2.0/dma-helpers.c:158: example_assign: Assigning: &quot;mem&quot; = return value from &quot;dma_memory_map(dbs-&gt;sg-&gt;dma, cur_addr, &amp;cur_len, dbs-&gt;dir)&quot;.
>qemu-kvm-1.2.0/dma-helpers.c:159: example_checked: &quot;mem&quot; has its value checked in &quot;mem&quot;.
>qemu-kvm-1.2.0/hw/ide/ahci.c:661: example_checked: &quot;dma_memory_map(ad-&gt;hba-&gt;dma, prdt_addr, &amp;prdt_len, DMA_DIRECTION_TO_DEVICE)&quot; has its value checked in &quot;prdt = dma_memory_map(ad-&gt;hba-&gt;dma, prdt_addr, &amp;prdt_len, DMA_DIRECTION_TO_DEVICE)&quot;.
>qemu-kvm-1.2.0/hw/ide/ahci.c:840: example_assign: Assigning: &quot;cmd_fis&quot; = return value from &quot;dma_memory_map(s-&gt;dma, tbl_addr, &amp;cmd_len, DMA_DIRECTION_FROM_DEVICE)&quot;.
>qemu-kvm-1.2.0/hw/ide/ahci.c:843: example_checked: &quot;cmd_fis&quot; has its value checked in &quot;cmd_fis&quot;.
>qemu-kvm-1.2.0/hw/usb/libhw.c:37: example_assign: Assigning: &quot;mem&quot; = return value from &quot;dma_memory_map(sgl-&gt;dma, (sgl-&gt;sg + i).base, &amp;len, dir)&quot;.
>qemu-kvm-1.2.0/hw/usb/libhw.c:38: example_checked: &quot;mem&quot; has its value checked in &quot;mem&quot;.
>qemu-kvm-1.2.0/hw/ide/ahci.c:601: var_assigned: Assigning: &quot;cmd_fis&quot; = null return value from &quot;dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot;.
>qemu-kvm-1.2.0/hw/ide/ahci.c:609: cond_true: Condition &quot;ad-&gt;hba-&gt;control_regs.irqstatus&quot;, taking true branch
>qemu-kvm-1.2.0/hw/ide/ahci.c:613: dereference: Dereferencing a null pointer &quot;cmd_fis&quot;.
>
><a name='def802'/>Error: NULL_RETURNS (CWE-476): <a href ='#def802'>[#def802]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;273&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8547: switch_case: Reached case &quot;273&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8551: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8551: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8552: cond_false: Condition &quot;arg5 != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8558: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8558: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_send(mqd_t, char const *, size_t, unsigned int)&quot;.
>
><a name='def803'/>Error: NULL_RETURNS (CWE-476): <a href ='#def803'>[#def803]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;273&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8547: switch_case: Reached case &quot;273&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8551: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8551: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8552: cond_true: Condition &quot;arg5 != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8554: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_timedsend(mqd_t, char const *, size_t, unsigned int, struct timespec const *)&quot;.
>
><a name='def804'/>Error: NULL_RETURNS (CWE-476): <a href ='#def804'>[#def804]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;274&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8563: switch_case: Reached case &quot;274&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8568: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8568: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8569: cond_false: Condition &quot;arg5 != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8575: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8575: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_receive(mqd_t, char *, size_t, unsigned int *)&quot;.
>
><a name='def805'/>Error: NULL_RETURNS (CWE-476): <a href ='#def805'>[#def805]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;274&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8563: switch_case: Reached case &quot;274&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8568: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8568: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8569: cond_true: Condition &quot;arg5 != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8571: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_timedreceive(mqd_t, char * restrict, size_t, unsigned int * restrict, struct timespec const * restrict)&quot;.
>
><a name='def806'/>Error: NULL_RETURNS (CWE-476): <a href ='#def806'>[#def806]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;271&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8529: switch_case: Reached case &quot;271&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8533: returned_null: Function &quot;lock_user_string(abi_ulong)&quot; returns null (checked 8 out of 9 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: cond_false: Condition &quot;len &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: null_return: Calling &quot;lock_user(int, abi_ulong, long, int)&quot; which might return null.
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: return_null_fn: Returning the return value of &quot;lock_user(int, abi_ulong, long, int)&quot;, which might be null.
>qemu-kvm-1.2.0/linux-user/strace.c:627: example_checked: &quot;lock_user_string(addr)&quot; has its value checked in &quot;(s = lock_user_string(addr)) != NULL&quot;.
>qemu-kvm-1.2.0/linux-user/strace.c:236: example_checked: &quot;lock_user_string(arg1)&quot; has its value checked in &quot;s = lock_user_string(arg1)&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: example_checked: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:263: example_assign: Assigning: &quot;p&quot; = return value from &quot;lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:265: example_checked: &quot;p&quot; has its value checked in &quot;p&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:281: example_checked: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8533: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user_string(abi_ulong)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8534: cond_true: Condition &quot;arg4 != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8536: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_open(char const *, int, ...)&quot;.
>
><a name='def807'/>Error: NULL_RETURNS (CWE-476): <a href ='#def807'>[#def807]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;272&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8541: switch_case: Reached case &quot;272&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8542: returned_null: Function &quot;lock_user_string(abi_ulong)&quot; returns null (checked 8 out of 9 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: cond_false: Condition &quot;len &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: null_return: Calling &quot;lock_user(int, abi_ulong, long, int)&quot; which might return null.
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: return_null_fn: Returning the return value of &quot;lock_user(int, abi_ulong, long, int)&quot;, which might be null.
>qemu-kvm-1.2.0/linux-user/strace.c:627: example_checked: &quot;lock_user_string(addr)&quot; has its value checked in &quot;(s = lock_user_string(addr)) != NULL&quot;.
>qemu-kvm-1.2.0/linux-user/strace.c:236: example_checked: &quot;lock_user_string(arg1)&quot; has its value checked in &quot;s = lock_user_string(arg1)&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: example_checked: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:263: example_assign: Assigning: &quot;p&quot; = return value from &quot;lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:265: example_checked: &quot;p&quot; has its value checked in &quot;p&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:281: example_checked: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8542: var_assigned: Assigning: &quot;p&quot; = null return value from &quot;lock_user_string(abi_ulong)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:8543: dereference: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_unlink(char const *)&quot;.
>
><a name='def808'/>Error: NULL_RETURNS (CWE-476): <a href ='#def808'>[#def808]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3428: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3431: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3442: cond_false: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3445: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: var_assigned: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3450: switch: Switch case value &quot;3241737481U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3473: switch_case: Reached case &quot;3241737481U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3475: alias: Assigning: &quot;gspec&quot; = &quot;argptr&quot;. Both pointers are now null.
>qemu-kvm-1.2.0/linux-user/syscall.c:3481: cond_true: Condition &quot;i &lt; host_dm-&gt;target_count&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3486: dereference: Dereferencing a pointer that might be null &quot;gspec&quot; when calling &quot;thunk_convert(void *, void const *, argtype const *, int)&quot;.
>qemu-kvm-1.2.0/thunk.c:133:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/thunk.c:134:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/thunk.c:135:9: deref_parm: Directly dereferencing parameter &quot;src&quot;.
>
><a name='def809'/>Error: NULL_RETURNS (CWE-476): <a href ='#def809'>[#def809]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3428: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3431: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3442: cond_false: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3445: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: var_assigned: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3450: switch: Switch case value &quot;3241737486U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3469: switch_case: Reached case &quot;3241737486U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3471: dereference: Dereferencing a null pointer &quot;argptr&quot;.
>
><a name='def810'/>Error: NULL_RETURNS (CWE-476): <a href ='#def810'>[#def810]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3428: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3431: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3442: cond_false: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3445: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: var_assigned: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3450: switch: Switch case value &quot;3241737477U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3464: switch_case: Reached case &quot;3241737477U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3467: dereference: Dereferencing a pointer that might be null &quot;argptr&quot; when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def811'/>Error: NULL_RETURNS (CWE-476): <a href ='#def811'>[#def811]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3428: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3431: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3442: cond_false: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3445: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3449: var_assigned: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:3450: switch: Switch case value &quot;3241737486U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3469: switch_case: Reached case &quot;3241737486U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3470: dereference: Dereferencing a pointer that might be null &quot;argptr&quot; when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def812'/>Error: NULL_RETURNS (CWE-476): <a href ='#def812'>[#def812]</a>
>qemu-kvm-1.2.0/cris-dis.c:1934: cond_true: Condition &quot;*s == &apos;p&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1937: cond_true: Condition &quot;*s == &apos;m&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1942: cond_false: Condition &quot;*s == &apos;M&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1942: cond_false: Condition &quot;*s == &apos;z&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1953: cond_true: Condition &quot;opcodep-&gt;match != 3583U /* 255 + 13 * 256 */&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1958: cond_true: Condition &quot;opcodep-&gt;name[0] == &apos;j&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1960: cond_true: Condition &quot;__coverity_strncmp(opcodep-&gt;name, &quot;jsr&quot;, 3UL /* sizeof (&quot;jsr&quot;) - 1 */) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1962: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:1965: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;T&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:1976: switch_case: Reached case &quot;&apos;T&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:1978: break: Breaking from switch
>qemu-kvm-1.2.0/cris-dis.c:2521: switch_end: Reached end of switch
>qemu-kvm-1.2.0/cris-dis.c:2522: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1972: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;N&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2053: switch_case: Reached case &quot;&apos;N&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2059: cond_true: Condition &quot;insn &amp; 1024&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2059: cond_true: Condition &quot;(insn &amp; 15) == 15&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2059: cond_true: Condition &quot;prefix_opcodep == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2069: cond_false: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_FIX_32&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2071: else_branch: Reached else branch
>qemu-kvm-1.2.0/cris-dis.c:2071: cond_true: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_SPEC_REG&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2079: cond_true: Condition &quot;sregp == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2081: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2086: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2088: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2097: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2099: switch: Switch case default
>qemu-kvm-1.2.0/cris-dis.c:2119: switch_default: Reached default
>qemu-kvm-1.2.0/cris-dis.c:2125: cond_true: Condition &quot;*cs == &apos;z&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2125: cond_true: Condition &quot;insn &amp; 32&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2128: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2156: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2157: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2410: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2411: break: Breaking from switch
>qemu-kvm-1.2.0/cris-dis.c:2521: switch_end: Reached end of switch
>qemu-kvm-1.2.0/cris-dis.c:2522: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1972: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;N&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2053: switch_case: Reached case &quot;&apos;N&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2059: cond_true: Condition &quot;insn &amp; 1024&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2059: cond_false: Condition &quot;(insn &amp; 15) == 15&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2159: else_branch: Reached else branch
>qemu-kvm-1.2.0/cris-dis.c:2162: cond_true: Condition &quot;info-&gt;insn_type != dis_nonbranch&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2171: cond_false: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_FIX_32&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2173: else_branch: Reached else branch
>qemu-kvm-1.2.0/cris-dis.c:2173: cond_true: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_SPEC_REG&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2180: cond_true: Condition &quot;sregp == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2181: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2183: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2184: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2186: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2193: cond_false: Condition &quot;prefix_opcodep&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2400: else_branch: Reached else branch
>qemu-kvm-1.2.0/cris-dis.c:2406: cond_true: Condition &quot;insn &amp; 1024&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2411: break: Breaking from switch
>qemu-kvm-1.2.0/cris-dis.c:2521: switch_end: Reached end of switch
>qemu-kvm-1.2.0/cris-dis.c:2522: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1972: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2423: switch_case: Reached case &quot;&apos;b&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2427: cond_true: Condition &quot;where &gt; 32767&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2430: cond_true: Condition &quot;disdata-&gt;distype == cris_dis_v32&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2432: cond_true: Condition &quot;insn == 60927U /* (13 + 14 * 16) * 256 + 255 */&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2433: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2435: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2446: break: Breaking from switch
>qemu-kvm-1.2.0/cris-dis.c:2521: switch_end: Reached end of switch
>qemu-kvm-1.2.0/cris-dis.c:2522: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1972: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;o&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2456: switch_case: Reached case &quot;&apos;o&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2461: cond_true: Condition &quot;insn &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2464: cond_true: Condition &quot;opcodep-&gt;match == 57344U /* (0 + 14 * 16) * 256 + 0 */&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2465: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:2467: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2469: cond_true: Condition &quot;disdata-&gt;distype == cris_dis_v32&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/cris-dis.c:2521: switch_end: Reached end of switch
>qemu-kvm-1.2.0/cris-dis.c:2522: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1972: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;P&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2500: switch_case: Reached case &quot;&apos;P&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2503: returned_null: Function &quot;spec_reg_info(unsigned int, enum cris_disass_family)&quot; returns null (checked 5 out of 6 times).
>qemu-kvm-1.2.0/cris-dis.c:1335:3: cond_true: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1337:7: cond_true: Condition &quot;cris_spec_regs[i].number == sreg&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1339:4: cond_true: Condition &quot;distype == cris_dis_v32&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1340:6: switch: Switch case value &quot;cris_ver_warning&quot;
>qemu-kvm-1.2.0/cris-dis.c:1342:13: switch_case: Reached case &quot;cris_ver_warning&quot;
>qemu-kvm-1.2.0/cris-dis.c:1349:3: cond_false: Condition &quot;cris_spec_regs[i].warning == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1350:5: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1353:8: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:1355:6: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1357:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1335:3: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1335:3: cond_true: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1337:7: cond_true: Condition &quot;cris_spec_regs[i].number == sreg&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1339:4: cond_true: Condition &quot;distype == cris_dis_v32&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1340:6: switch: Switch case value &quot;cris_ver_warning&quot;
>qemu-kvm-1.2.0/cris-dis.c:1342:13: switch_case: Reached case &quot;cris_ver_warning&quot;
>qemu-kvm-1.2.0/cris-dis.c:1349:3: cond_false: Condition &quot;cris_spec_regs[i].warning == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1350:5: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1353:8: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:1355:6: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1357:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cris-dis.c:1335:3: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cris-dis.c:1335:3: cond_false: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1357:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cris-dis.c:1359:3: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/cris-dis.c:1850: example_assign: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, distype)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:1854: example_checked: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.
>qemu-kvm-1.2.0/cris-dis.c:1671: example_assign: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info(spec_reg, disdata-&gt;distype)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:1675: example_checked: &quot;sregp&quot; has its value checked in &quot;sregp&quot;.
>qemu-kvm-1.2.0/cris-dis.c:1700: example_assign: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:1714: example_checked: &quot;sregp&quot; has its value checked in &quot;sregp != NULL&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2074: example_assign: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2079: example_checked: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2176: example_assign: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2180: example_checked: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2503: var_assigned: Assigning: &quot;sregp&quot; = null return value from &quot;spec_reg_info(unsigned int, enum cris_disass_family)&quot;.
>qemu-kvm-1.2.0/cris-dis.c:2505: dereference: Dereferencing a null pointer &quot;sregp&quot;.
>
><a name='def813'/>Error: NULL_RETURNS (CWE-476): <a href ='#def813'>[#def813]</a>
>qemu-kvm-1.2.0/block/vpc.c:665: returned_null: Function &quot;get_option_parameter(QEMUOptionParameter *, char const *)&quot; returns null (checked 10 out of 11 times).
>qemu-kvm-1.2.0/qemu-option.c:162:5: cond_true: Condition &quot;list&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:162:5: cond_true: Condition &quot;list-&gt;name&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:163:9: cond_false: Condition &quot;!__coverity_strcmp(list-&gt;name, name)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-option.c:165:9: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-option.c:167:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qemu-option.c:162:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qemu-option.c:162:5: cond_true: Condition &quot;list&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-option.c:162:5: cond_false: Condition &quot;list-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-option.c:167:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/qemu-option.c:169:5: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/block/vpc.c:667: example_assign: Assigning: &quot;disk_type_param&quot; = return value from &quot;get_option_parameter(options, &quot;subformat&quot;)&quot;.
>qemu-kvm-1.2.0/block/vpc.c:668: example_checked: &quot;disk_type_param&quot; has its value checked in &quot;disk_type_param&quot;.
>qemu-kvm-1.2.0/block.c:3969: example_assign: Assigning: &quot;backing_file&quot; = return value from &quot;get_option_parameter(param, &quot;backing_file&quot;)&quot;.
>qemu-kvm-1.2.0/block.c:3970: example_checked: &quot;backing_file&quot; has its value checked in &quot;backing_file&quot;.
>qemu-kvm-1.2.0/qemu-img.c:827: example_assign: Assigning: &quot;out_baseimg_param&quot; = return value from &quot;get_option_parameter(param, &quot;backing_file&quot;)&quot;.
>qemu-kvm-1.2.0/qemu-img.c:828: example_checked: &quot;out_baseimg_param&quot; has its value checked in &quot;out_baseimg_param&quot;.
>qemu-kvm-1.2.0/qemu-option.c:393: example_checked: &quot;get_option_parameter(dest, list-&gt;name)&quot; has its value checked in &quot;get_option_parameter(dest, list-&gt;name) == NULL&quot;.
>qemu-kvm-1.2.0/qemu-option.c:267: example_assign: Assigning: &quot;list&quot; = return value from &quot;get_option_parameter(list, name)&quot;.
>qemu-kvm-1.2.0/qemu-option.c:268: example_checked: &quot;list&quot; has its value checked in &quot;list == NULL&quot;.
>qemu-kvm-1.2.0/block/vpc.c:665: dereference: Dereferencing a null pointer &quot;get_option_parameter(options, &quot;size&quot;)&quot;.
>
><a name='def814'/>Error: NULL_RETURNS (CWE-476): <a href ='#def814'>[#def814]</a>
>qemu-kvm-1.2.0/target-sparc/cpu.c:647: returned_null: Function &quot;strtok(char * restrict, char const * restrict)&quot; returns null (checked 9 out of 10 times).
>qemu-kvm-1.2.0/hw/acpi.c:118: example_assign: Assigning: &quot;f&quot; = return value from &quot;strtok(NULL, &quot;:&quot;)&quot;.
>qemu-kvm-1.2.0/hw/acpi.c:118: example_checked: &quot;f&quot; has its value checked in &quot;f&quot;.
>qemu-kvm-1.2.0/qemu-timer.c:190: example_assign: Assigning: &quot;name&quot; = return value from &quot;strtok(arg, &quot;,&quot;)&quot;.
>qemu-kvm-1.2.0/qemu-timer.c:191: example_checked: &quot;name&quot; has its value checked in &quot;name&quot;.
>qemu-kvm-1.2.0/target-i386/cpu.c:1020: example_assign: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.
>qemu-kvm-1.2.0/target-i386/cpu.c:911: example_checked: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:663: example_assign: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:664: example_checked: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:731: example_assign: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:664: example_checked: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:647: var_assigned: Assigning: &quot;name&quot; = null return value from &quot;strtok(char * restrict, char const * restrict)&quot;.
>qemu-kvm-1.2.0/target-sparc/cpu.c:653: cond_true: Condition &quot;i &lt; 22UL /* sizeof (sparc_defs) / sizeof (sparc_defs[0]) */&quot;, taking true branch
>qemu-kvm-1.2.0/target-sparc/cpu.c:654: dereference: Dereferencing a pointer that might be null &quot;name&quot; when calling &quot;strcasecmp(char const *, char const *)&quot;.
>
><a name='def815'/>Error: NULL_RETURNS (CWE-476): <a href ='#def815'>[#def815]</a>
>qemu-kvm-1.2.0/linux-user/flatload.c:102: returned_null: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_true: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: return_null: Explicitly returning null.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: example_checked: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: example_checked: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2416: example_checked: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2717: example_checked: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1784: example_assign: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:1785: example_checked: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.
>qemu-kvm-1.2.0/linux-user/flatload.c:102: var_assigned: Assigning: &quot;buf&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.
>qemu-kvm-1.2.0/linux-user/flatload.c:103: dereference: Dereferencing a pointer that might be null &quot;buf&quot; when calling &quot;pread(int, void *, size_t, __off64_t)&quot;.
>
><a name='def816'/>Error: OVERRUN: <a href ='#def816'>[#def816]</a>
>qemu-kvm-1.2.0/hw/bt-hci.c:1322: overrun-buffer-arg: Overrunning struct type evt_encrypt_change of 4 bytes by passing it to a function which accesses it at byte offset 4 using argument &quot;5&quot;.
>qemu-kvm-1.2.0/hw/bt-hci.c:461:5: cond_false: Condition &quot;!packet&quot;, taking false branch
>qemu-kvm-1.2.0/hw/bt-hci.c:462:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/bt-hci.c:464:5: cond_true: Condition &quot;len&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci.c:465:9: access_dbuff_in_call: Calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; indexes array &quot;params&quot; with index &quot;len&quot;.
>
><a name='def817'/>Error: OVERRUN: <a href ='#def817'>[#def817]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_false: Condition &quot;offset &lt; 512&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:254: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_at_least: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:254: cond_false: Condition &quot;offset &lt; 768&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:270: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:254: cond_at_least: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:270: cond_false: Condition &quot;offset &lt; 1024&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:282: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:270: cond_at_least: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:282: cond_false: Condition &quot;offset &lt; 2048&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:288: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:282: cond_at_least: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is at least 2048 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:288: cond_true: Condition &quot;offset &lt; 3072&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:288: cond_between: Checking &quot;offset &lt; 3072UL&quot; implies that the value of &quot;offset&quot; is between 2048 and 3071 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:290: cond_false: Condition &quot;s-&gt;num_cpu == 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:293: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:294: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:294: assignment: Assigning: &quot;irq&quot; = &quot;offset - 2048UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:295: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:297: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:298: cond_true: Condition &quot;irq &gt;= 29&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:298: cond_false: Condition &quot;irq &lt;= 31&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:300: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:301: overrun-local: Overrunning array &quot;s-&gt;irq_target&quot; of 1020 4-byte elements at element index 1055 (byte offset 4220) using index &quot;irq&quot; (which evaluates to 1055).
>
><a name='def818'/>Error: OVERRUN: <a href ='#def818'>[#def818]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_false: Condition &quot;offset &lt; 512&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:254: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_at_least: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:254: cond_false: Condition &quot;offset &lt; 768&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:270: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:254: cond_at_least: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:270: cond_false: Condition &quot;offset &lt; 1024&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:282: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:270: cond_at_least: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:282: cond_true: Condition &quot;offset &lt; 2048&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:282: cond_between: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is between 1024 and 2047 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:284: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:284: assignment: Assigning: &quot;irq&quot; = &quot;offset - 1024UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:285: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:286: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:287: cond_false: Condition &quot;irq &lt; 32&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:287: overrun-local: Overrunning array &quot;s-&gt;priority2&quot; of 988 4-byte elements at element index 1023 (byte offset 4092) using index &quot;irq - 32&quot; (which evaluates to 1023).
>
><a name='def819'/>Error: OVERRUN: <a href ='#def819'>[#def819]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:227: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_true: Condition &quot;offset &lt; 512&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:239: cond_between: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is between 256 and 511 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:241: cond_true: Condition &quot;offset &lt; 384&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:241: cond_between: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:242: assignment: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL&quot;. The value of &quot;irq&quot; is now between 0 and 1016 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:242: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:244: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:245: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:245: assignment: Assigning: &quot;irq&quot; += &quot;(s-&gt;revision == 4294967295U) ? 32 : 0&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:246: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:247: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:249: assignment: Assigning: &quot;i&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/arm_gic.c:249: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:250: overrun-local: Overrunning array &quot;s-&gt;irq_state&quot; of 1020 8-byte elements at element index 1048 (byte offset 8384) using index &quot;irq + i&quot; (which evaluates to 1048).
>
><a name='def820'/>Error: OVERRUN: <a href ='#def820'>[#def820]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_false: Condition &quot;offset &lt; 384&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:392: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_at_least: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is at least 384 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:392: cond_false: Condition &quot;offset &lt; 512&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:409: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:392: cond_at_least: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:409: cond_false: Condition &quot;offset &lt; 640&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:422: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:409: cond_at_least: Checking &quot;offset &lt; 640UL&quot; implies that the value of &quot;offset&quot; is at least 640 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:422: cond_false: Condition &quot;offset &lt; 768&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:435: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:422: cond_at_least: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:435: cond_false: Condition &quot;offset &lt; 1024&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:438: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:435: cond_at_least: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:438: cond_true: Condition &quot;offset &lt; 2048&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:438: cond_between: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is between 1024 and 2047 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:440: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:440: assignment: Assigning: &quot;irq&quot; = &quot;offset - 1024UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:441: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:442: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:443: cond_false: Condition &quot;irq &lt; 32&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:445: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:446: overrun-local: Overrunning array &quot;s-&gt;priority2&quot; of 988 4-byte elements at element index 1023 (byte offset 4092) using index &quot;irq - 32&quot; (which evaluates to 1023).
>
><a name='def821'/>Error: OVERRUN: <a href ='#def821'>[#def821]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_true: Condition &quot;offset &lt; 384&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_between: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:369: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:369: assignment: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:370: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:371: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:372: cond_false: Condition &quot;irq &lt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:373: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:374: assignment: Assigning: &quot;i&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/arm_gic.c:374: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:375: cond_true: Condition &quot;value &amp; (1 &lt;&lt; i)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:379: overrun-local: Overrunning array &quot;s-&gt;irq_state&quot; of 1020 8-byte elements at element index 1048 (byte offset 8384) using index &quot;irq + i&quot; (which evaluates to 1048).
>
><a name='def822'/>Error: OVERRUN: <a href ='#def822'>[#def822]</a>
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_false: Condition &quot;offset &lt; 256&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/arm_gic.c:356: cond_at_least: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_true: Condition &quot;offset &lt; 384&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:367: cond_between: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/arm_gic.c:369: cond_true: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:369: assignment: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).
>qemu-kvm-1.2.0/hw/arm_gic.c:370: cond_false: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:371: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:372: cond_false: Condition &quot;irq &lt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/hw/arm_gic.c:373: if_end: End of if statement
>qemu-kvm-1.2.0/hw/arm_gic.c:374: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:375: cond_true: Condition &quot;value &amp; (1 &lt;&lt; i)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/arm_gic.c:376: overrun-local: Overrunning array &quot;s-&gt;irq_target&quot; of 1020 4-byte elements at element index 1048 (byte offset 4192) using index &quot;irq&quot; (which evaluates to 1048).
>
><a name='def823'/>Error: OVERRUN: <a href ='#def823'>[#def823]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:195: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:195: cond_at_least: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/target-cris/translate.c:195: cond_true: Condition &quot;r &gt; 15&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:195: cond_at_least: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.
>qemu-kvm-1.2.0/target-cris/translate.c:197: cond_false: Condition &quot;r == 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:197: cond_false: Condition &quot;r == 4&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:197: cond_false: Condition &quot;r == 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:199: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:199: cond_false: Condition &quot;r == 1&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:202: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:202: overrun-local: Overrunning array &quot;cpu_PR&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).
>
><a name='def824'/>Error: OVERRUN: <a href ='#def824'>[#def824]</a>
>qemu-kvm-1.2.0/monitor.c:272: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:274: cond_false: Condition &quot;c == 0&quot;, taking false branch
>qemu-kvm-1.2.0/monitor.c:275: if_end: End of if statement
>qemu-kvm-1.2.0/monitor.c:276: cond_true: Condition &quot;c == 10&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:279: cond_true: Condition &quot;mon-&gt;outbuf_index &gt;= 1023UL /* sizeof (mon-&gt;outbuf) - 1 */&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:279: cond_at_least: Checking &quot;mon-&gt;outbuf_index &gt;= 1023UL&quot; implies that the value of &quot;mon-&gt;outbuf_index&quot; is at least 1023 on the true branch.
>qemu-kvm-1.2.0/monitor.c:282: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/monitor.c:272: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/monitor.c:272: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:274: cond_false: Condition &quot;c == 0&quot;, taking false branch
>qemu-kvm-1.2.0/monitor.c:275: if_end: End of if statement
>qemu-kvm-1.2.0/monitor.c:276: cond_true: Condition &quot;c == 10&quot;, taking true branch
>qemu-kvm-1.2.0/monitor.c:277: incr: Incrementing &quot;mon-&gt;outbuf_index&quot;. The value of &quot;mon-&gt;outbuf_index&quot; is now at least 1024.
>qemu-kvm-1.2.0/monitor.c:278: overrun-local: Overrunning array &quot;mon-&gt;outbuf&quot; of 1024 bytes at byte offset 1024 using index &quot;mon-&gt;outbuf_index++&quot; (which evaluates to 1024).
>
><a name='def825'/>Error: OVERRUN: <a href ='#def825'>[#def825]</a>
>qemu-kvm-1.2.0/hw/vt82c686.c:56: cond_false: Condition &quot;addr == 1008&quot;, taking false branch
>qemu-kvm-1.2.0/hw/vt82c686.c:58: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/vt82c686.c:60: switch: Switch case value &quot;255&quot;
>qemu-kvm-1.2.0/hw/vt82c686.c:69: switch_case: Reached case &quot;255&quot;
>qemu-kvm-1.2.0/hw/vt82c686.c:69: equality_cond: Jumping to case &quot;255&quot;.
>qemu-kvm-1.2.0/hw/vt82c686.c:71: break: Breaking from switch
>qemu-kvm-1.2.0/hw/vt82c686.c:92: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/vt82c686.c:93: overrun-local: Overrunning array &quot;superio_conf-&gt;config&quot; of 255 bytes at byte offset 255 using index &quot;superio_conf-&gt;index&quot; (which evaluates to 255).
>
><a name='def826'/>Error: OVERRUN: <a href ='#def826'>[#def826]</a>
>qemu-kvm-1.2.0/hw/omap_gpmc.c:242: cond_true: Condition &quot;bytes &gt; s-&gt;prefetch.count&quot;, taking true branch
>qemu-kvm-1.2.0/hw/omap_gpmc.c:251: cond_false: Condition &quot;fptr &lt; 64 - bytes&quot;, taking false branch
>qemu-kvm-1.2.0/hw/omap_gpmc.c:254: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/omap_gpmc.c:255: cond_true: Condition &quot;fptr &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/hw/omap_gpmc.c:255: cond_at_most: Checking &quot;fptr &lt; 64&quot; implies that the value of &quot;fptr&quot; may be up to 63 on the true branch.
>qemu-kvm-1.2.0/hw/omap_gpmc.c:256: cond_true: Condition &quot;is16bit&quot;, taking true branch
>qemu-kvm-1.2.0/hw/omap_gpmc.c:258: incr: Incrementing &quot;fptr&quot;. The value of &quot;fptr&quot; may now be up to 64.
>qemu-kvm-1.2.0/hw/omap_gpmc.c:259: overrun-local: Overrunning array &quot;s-&gt;prefetch.fifo&quot; of 64 bytes at byte offset 64 using index &quot;fptr++&quot; (which evaluates to 64).
>
><a name='def827'/>Error: OVERRUN: <a href ='#def827'>[#def827]</a>
>qemu-kvm-1.2.0/hw/wm8750.c:674: cond_true: Condition &quot;s-&gt;idx_in &gt;= 4096UL /* sizeof (s-&gt;data_in) */&quot;, taking true branch
>qemu-kvm-1.2.0/hw/wm8750.c:674: cond_at_least: Checking &quot;s-&gt;idx_in &gt;= 4096UL&quot; implies that the value of &quot;s-&gt;idx_in&quot; is at least 4096 on the true branch.
>qemu-kvm-1.2.0/hw/wm8750.c:677: alias: Assigning: &quot;data&quot; = &quot;&amp;s-&gt;data_in[s-&gt;idx_in]&quot;. &quot;data&quot; may now point to element 1024 (and beyond) of &quot;s-&gt;data_in&quot; (which consists of 1024 4-byte elements).
>qemu-kvm-1.2.0/hw/wm8750.c:680: overrun-local: Overrunning array of 1024 4-byte elements at element index 1024 (byte offset 4096) by dereferencing pointer &quot;data&quot;.
>
><a name='def828'/>Error: OVERRUN: <a href ='#def828'>[#def828]</a>
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1157: cond_false: Condition &quot;ptr &amp; 15&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1159: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1178: cond_true: Condition &quot;env-&gt;cr[4] &amp; (512U /* 1 &lt;&lt; 9 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1182: cond_true: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1183: assignment: Assigning: &quot;nb_xmm_regs&quot; = &quot;16&quot;.
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1184: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1186: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1189: cond_true: Condition &quot;!(env-&gt;efer &amp; (16384UL /* 1 &lt;&lt; 14 */))&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: cond_true: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1196: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: cond_true: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: cond_at_most: Checking &quot;i &lt; nb_xmm_regs&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1193: overrun-local: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).
>
><a name='def829'/>Error: OVERRUN: <a href ='#def829'>[#def829]</a>
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1095: cond_false: Condition &quot;ptr &amp; 15&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1097: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1127: cond_true: Condition &quot;env-&gt;cr[4] &amp; (512U /* 1 &lt;&lt; 9 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1131: cond_true: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1132: assignment: Assigning: &quot;nb_xmm_regs&quot; = &quot;16&quot;.
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1133: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1135: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1138: cond_true: Condition &quot;!(env-&gt;efer &amp; (16384UL /* 1 &lt;&lt; 14 */))&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: cond_true: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1145: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: cond_true: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: cond_at_most: Checking &quot;i &lt; nb_xmm_regs&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.
>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1142: overrun-local: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).
>
><a name='def830'/>Error: OVERRUN: <a href ='#def830'>[#def830]</a>
>qemu-kvm-1.2.0/hw/musicpal.c:274: switch: Switch case value &quot;1256UL&quot;
>qemu-kvm-1.2.0/hw/musicpal.c:303: switch_case: Reached case &quot;1256UL&quot;
>qemu-kvm-1.2.0/hw/musicpal.c:303: equality_cond: Jumping to case &quot;1256UL&quot;.
>qemu-kvm-1.2.0/hw/musicpal.c:304: overrun-local: Overrunning array &quot;s-&gt;tx_queue&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;(offset - 1248UL) / 4UL&quot; (which evaluates to 2).
>
><a name='def831'/>Error: OVERRUN: <a href ='#def831'>[#def831]</a>
>qemu-kvm-1.2.0/hw/musicpal.c:316: switch: Switch case value &quot;1256UL&quot;
>qemu-kvm-1.2.0/hw/musicpal.c:357: switch_case: Reached case &quot;1256UL&quot;
>qemu-kvm-1.2.0/hw/musicpal.c:357: equality_cond: Jumping to case &quot;1256UL&quot;.
>qemu-kvm-1.2.0/hw/musicpal.c:358: overrun-local: Overrunning array &quot;s-&gt;tx_queue&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;(offset - 1248UL) / 4UL&quot; (which evaluates to 2).
>
><a name='def832'/>Error: OVERRUN: <a href ='#def832'>[#def832]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:206: cond_false: Condition &quot;shift &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:208: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/ops_sse.h:206: cond_at_most: Checking &quot;shift &gt; 16&quot; implies that the value of &quot;shift&quot; may be up to 16 on the false branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:209: assignment: Assigning: &quot;i&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:209: cond_true: Condition &quot;i &lt; 16 - shift&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:210: overrun-local: Overrunning array &quot;d-&gt;_b&quot; of 16 bytes at byte offset 16 using index &quot;i + shift&quot; (which evaluates to 16).
>
><a name='def833'/>Error: OVERRUN: <a href ='#def833'>[#def833]</a>
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:298: assignment: Assigning: &quot;quality&quot; = &quot;vs-&gt;tight.quality&quot;.
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:300: cond_false: Condition &quot;!vs-&gt;vd-&gt;lossy&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:302: if_end: End of if statement
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: cond_false: Condition &quot;ds_get_bytes_per_pixel(vs-&gt;ds) == 1&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: cond_false: Condition &quot;vs-&gt;clientds.pf.bytes_per_pixel == 1&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: cond_false: Condition &quot;w &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: cond_false: Condition &quot;h &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:308: if_end: End of if statement
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:310: cond_false: Condition &quot;vs-&gt;tight.quality != 255 /* (uint8_t)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:314: else_branch: Reached else branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:315: cond_false: Condition &quot;w * h &lt; tight_conf[compression].gradient_min_rect_size&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:317: if_end: End of if statement
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:320: cond_true: Condition &quot;vs-&gt;clientds.pf.bytes_per_pixel == 4&quot;, taking true branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:321: cond_false: Condition &quot;vs-&gt;tight.pixel24&quot;, taking false branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:327: else_branch: Reached else branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:330: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:332: if_end: End of if statement
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:333: cond_true: Condition &quot;quality != -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:334: overrun-local: Overrunning array &quot;tight_conf&quot; of 10 56-byte elements at element index 255 (byte offset 14280) using index &quot;quality&quot; (which evaluates to 255).
>
><a name='def834'/>Error: OVERRUN: <a href ='#def834'>[#def834]</a>
>qemu-kvm-1.2.0/hw/e1000.c:526: cond_false: Condition &quot;dtype == 536870912&quot;, taking false branch
>qemu-kvm-1.2.0/hw/e1000.c:546: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/e1000.c:546: cond_true: Condition &quot;dtype == (537919488U /* 0x20000000 | 0x100000 */)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:548: cond_true: Condition &quot;tp-&gt;size == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:548: cond_const: Checking &quot;tp-&gt;size == 0&quot; implies that the value of &quot;tp-&gt;size&quot; is 0 on the true branch.
>qemu-kvm-1.2.0/hw/e1000.c:551: cond_true: Condition &quot;txd_lower &amp; 67108864&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:552: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/e1000.c:555: if_end: End of if statement
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;vlan_enabled(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;is_vlan_txd(txd_lower)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;tp-&gt;cptse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:567: cond_true: Condition &quot;tp-&gt;tse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:567: cond_true: Condition &quot;tp-&gt;cptse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:572: cond_true: Condition &quot;tp-&gt;size + bytes &gt; msh&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:575: cond_true: Condition &quot;65536UL /* sizeof (tp-&gt;data) */ - tp-&gt;size &lt; bytes&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:575: cond_at_least: Checking &quot;65536UL - tp-&gt;size &lt; bytes&quot; implies that the value of &quot;bytes&quot; is at least 65537 on the true branch.
>qemu-kvm-1.2.0/hw/e1000.c:575: assignment: Assigning: &quot;bytes&quot; = &quot;(65536UL - tp-&gt;size &lt; bytes) ? 65536UL - tp-&gt;size : bytes&quot;. The value of &quot;bytes&quot; is now 65536.
>qemu-kvm-1.2.0/hw/e1000.c:577: assignment: Assigning: &quot;sz&quot; = &quot;tp-&gt;size + bytes&quot;. The value of &quot;sz&quot; is now 65536.
>qemu-kvm-1.2.0/hw/e1000.c:577: cond_false: Condition &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/e1000.c:578: if_end: End of if statement
>qemu-kvm-1.2.0/hw/e1000.c:577: cond_at_least: Checking &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot; implies that the value of &quot;hdr&quot; is at least 65537 on the false branch.
>qemu-kvm-1.2.0/hw/e1000.c:581: cond_true: Condition &quot;sz == msh&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:583: overrun-buffer-arg: Overrunning array &quot;tp-&gt;data&quot; of 65536 bytes by passing it to a function which accesses it at byte offset 65536 using argument &quot;hdr&quot; (which evaluates to 65537).
>
><a name='def835'/>Error: OVERRUN: <a href ='#def835'>[#def835]</a>
>qemu-kvm-1.2.0/hw/e1000.c:526: cond_false: Condition &quot;dtype == 536870912&quot;, taking false branch
>qemu-kvm-1.2.0/hw/e1000.c:546: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/e1000.c:546: cond_true: Condition &quot;dtype == (537919488U /* 0x20000000 | 0x100000 */)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:548: cond_true: Condition &quot;tp-&gt;size == 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:548: cond_const: Checking &quot;tp-&gt;size == 0&quot; implies that the value of &quot;tp-&gt;size&quot; is 0 on the true branch.
>qemu-kvm-1.2.0/hw/e1000.c:551: cond_true: Condition &quot;txd_lower &amp; 67108864&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:552: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/e1000.c:555: if_end: End of if statement
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;vlan_enabled(s)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;is_vlan_txd(txd_lower)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:557: cond_true: Condition &quot;tp-&gt;cptse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:567: cond_true: Condition &quot;tp-&gt;tse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:567: cond_true: Condition &quot;tp-&gt;cptse&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:572: cond_true: Condition &quot;tp-&gt;size + bytes &gt; msh&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:575: cond_true: Condition &quot;65536UL /* sizeof (tp-&gt;data) */ - tp-&gt;size &lt; bytes&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:577: cond_true: Condition &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:577: cond_true: Condition &quot;tp-&gt;size &lt; hdr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/e1000.c:577: cond_between: Checking &quot;tp-&gt;size &lt; hdr&quot; implies that the value of &quot;hdr&quot; is between 1 and 65536 (inclusive) on the true branch.
>qemu-kvm-1.2.0/hw/e1000.c:578: overrun-buffer-arg: Overrunning array &quot;tp-&gt;header&quot; of 256 bytes by passing it to a function which accesses it at byte offset 65535 using argument &quot;hdr&quot; (which evaluates to 65536).
>
><a name='def836'/>Error: OVERRUN: <a href ='#def836'>[#def836]</a>
>qemu-kvm-1.2.0/hw/eepro100.c:756: assignment: Assigning: &quot;size&quot; = &quot;0&quot;.
>qemu-kvm-1.2.0/hw/eepro100.c:758: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:762: cond_false: Condition &quot;tcb_bytes &gt; 2600&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:765: if_end: End of if statement
>qemu-kvm-1.2.0/hw/eepro100.c:766: cond_false: Condition &quot;tcb_bytes &gt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:766: cond_true: Condition &quot;tbd_array != 4294967295U&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:769: if_end: End of if statement
>qemu-kvm-1.2.0/hw/eepro100.c:770: cond_true: Condition &quot;tcb_bytes &lt;= 2600UL /* sizeof (buf) */&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:771: cond_false: Condition &quot;size &lt; tcb_bytes&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:784: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/eepro100.c:785: cond_false: Condition &quot;tbd_array == 4294967295U&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:787: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/eepro100.c:790: cond_true: Condition &quot;s-&gt;has_extended_tcb_support&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:790: cond_true: Condition &quot;!(s-&gt;configuration[6] &amp; (16 /* 1 &lt;&lt; 4 */))&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:792: cond_true: Condition &quot;tbd_count &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:800: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:803: cond_false: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:803: cond_at_least: Checking &quot;tx_buffer_size &lt; 2600UL - size&quot; implies that the value of &quot;tx_buffer_size&quot; is at least 2600 on the false branch.
>qemu-kvm-1.2.0/hw/eepro100.c:803: assignment: Assigning: &quot;tx_buffer_size&quot; = &quot;(tx_buffer_size &lt; 2600UL - size) ? tx_buffer_size : (2600UL - size)&quot;. The value of &quot;tx_buffer_size&quot; is now 2600.
>qemu-kvm-1.2.0/hw/eepro100.c:806: assignment: Assigning: &quot;size&quot; += &quot;tx_buffer_size&quot;. The value of &quot;size&quot; is now 2600.
>qemu-kvm-1.2.0/hw/eepro100.c:807: cond_true: Condition &quot;tx_buffer_el &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:808: break: Breaking from loop
>qemu-kvm-1.2.0/hw/eepro100.c:810: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/eepro100.c:813: cond_true: Condition &quot;tbd_count &lt; s-&gt;tx.tbd_count&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:818: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:821: cond_false: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:821: cond_at_least: Checking &quot;tx_buffer_size &lt; 2600UL - size&quot; implies that the value of &quot;tx_buffer_size&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/hw/eepro100.c:821: assignment: Assigning: &quot;tx_buffer_size&quot; = &quot;(tx_buffer_size &lt; 2600UL - size) ? tx_buffer_size : (2600UL - size)&quot;. The value of &quot;tx_buffer_size&quot; is now 0.
>qemu-kvm-1.2.0/hw/eepro100.c:824: assignment: Assigning: &quot;size&quot; += &quot;tx_buffer_size&quot;. The value of &quot;size&quot; is now 2600.
>qemu-kvm-1.2.0/hw/eepro100.c:825: cond_false: Condition &quot;tx_buffer_el &amp; 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/eepro100.c:827: if_end: End of if statement
>qemu-kvm-1.2.0/hw/eepro100.c:828: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/eepro100.c:813: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/eepro100.c:813: cond_true: Condition &quot;tbd_count &lt; s-&gt;tx.tbd_count&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:818: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:821: cond_true: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking true branch
>qemu-kvm-1.2.0/hw/eepro100.c:822: overrun-local: Overrunning array of 2600 bytes at byte offset 2600 by dereferencing pointer &quot;&amp;buf[size]&quot;.
>qemu-kvm-1.2.0/hw/pci.h:605:5: deref_parm_in_call: Function &quot;pci_dma_rw(PCIDevice *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.
>qemu-kvm-1.2.0/hw/pci.h:598:5: deref_parm_in_call: Function &quot;dma_memory_rw(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.
>qemu-kvm-1.2.0/dma.h:150:5: deref_parm_in_call: Function &quot;dma_memory_rw_relaxed(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.
>qemu-kvm-1.2.0/dma.h:121:5: cond_false: Condition &quot;!dma_has_iommu(dma)&quot;, taking false branch
>qemu-kvm-1.2.0/dma.h:126:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/dma.h:127:9: deref_parm_in_call: Function &quot;iommu_dma_memory_rw(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.
>qemu-kvm-1.2.0/dma-helpers.c:318:5: cond_true: Condition &quot;len&quot;, taking true branch
>qemu-kvm-1.2.0/dma-helpers.c:320:9: cond_true: Condition &quot;err&quot;, taking true branch
>qemu-kvm-1.2.0/dma-helpers.c:326:6: deref_parm_in_call: Function &quot;memset(void *, int, size_t)&quot; dereferences &quot;buf&quot;.
>
><a name='def837'/>Error: OVERRUN: <a href ='#def837'>[#def837]</a>
>qemu-kvm-1.2.0/hw/ppc405_uc.c:203: switch: Switch case value &quot;162&quot;
>qemu-kvm-1.2.0/hw/ppc405_uc.c:208: switch_case: Reached case &quot;162&quot;
>qemu-kvm-1.2.0/hw/ppc405_uc.c:208: equality_cond: Jumping to case &quot;162&quot;.
>qemu-kvm-1.2.0/hw/ppc405_uc.c:209: overrun-local: Overrunning array &quot;pob-&gt;besr&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;dcrn - 160&quot; (which evaluates to 2).
>
><a name='def838'/>Error: OVERRUN: <a href ='#def838'>[#def838]</a>
>qemu-kvm-1.2.0/hw/ppc405_uc.c:225: switch: Switch case value &quot;162&quot;
>qemu-kvm-1.2.0/hw/ppc405_uc.c:230: switch_case: Reached case &quot;162&quot;
>qemu-kvm-1.2.0/hw/ppc405_uc.c:230: equality_cond: Jumping to case &quot;162&quot;.
>qemu-kvm-1.2.0/hw/ppc405_uc.c:232: overrun-local: Overrunning array &quot;pob-&gt;besr&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;dcrn - 160&quot; (which evaluates to 2).
>
><a name='def839'/>Error: OVERRUN: <a href ='#def839'>[#def839]</a>
>qemu-kvm-1.2.0/target-s390x/helper.c:543: cond_false: Condition &quot;!(env-&gt;psw.mask &amp; 0x100000000000000ULL)&quot;, taking false branch
>qemu-kvm-1.2.0/target-s390x/helper.c:545: if_end: End of if statement
>qemu-kvm-1.2.0/target-s390x/helper.c:547: cond_false: Condition &quot;env-&gt;ext_index &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-s390x/helper.c:547: cond_at_least: Checking &quot;env-&gt;ext_index &lt; 0&quot; implies that the value of &quot;env-&gt;ext_index&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/target-s390x/helper.c:547: cond_false: Condition &quot;env-&gt;ext_index &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/target-s390x/helper.c:549: if_end: End of if statement
>qemu-kvm-1.2.0/target-s390x/helper.c:547: cond_between: Checking &quot;env-&gt;ext_index &gt; 16&quot; implies that the value of &quot;env-&gt;ext_index&quot; is between 0 and 16 (inclusive) on the false branch.
>qemu-kvm-1.2.0/target-s390x/helper.c:551: alias: Assigning: &quot;q&quot; = &quot;&amp;env-&gt;ext_queue[env-&gt;ext_index]&quot;. &quot;q&quot; may now point between elements 0 and 16 (inclusive) of &quot;env-&gt;ext_queue&quot; (which consists of 16 12-byte elements).
>qemu-kvm-1.2.0/target-s390x/helper.c:554: overrun-local: Overrunning array of 16 12-byte elements at element index 16 (byte offset 192) by dereferencing pointer &quot;q&quot;.
>
><a name='def840'/>Error: OVERRUN: <a href ='#def840'>[#def840]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:206: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:206: cond_at_least: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/target-cris/translate.c:206: cond_true: Condition &quot;r &gt; 15&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:206: cond_at_least: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.
>qemu-kvm-1.2.0/target-cris/translate.c:208: cond_false: Condition &quot;r == 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:208: cond_false: Condition &quot;r == 4&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:208: cond_false: Condition &quot;r == 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:210: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:210: cond_false: Condition &quot;r == 3&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:212: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:213: cond_false: Condition &quot;r == 2&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:214: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:215: cond_true: Condition &quot;dc-&gt;tb_flags &amp; 512&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:215: cond_false: Condition &quot;r == 15&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:217: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-cris/translate.c:217: cond_false: Condition &quot;r == 13&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:218: if_end: End of if statement
>qemu-kvm-1.2.0/target-cris/translate.c:219: overrun-local: Overrunning array &quot;cpu_PR&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).
>
><a name='def841'/>Error: OVERRUN: <a href ='#def841'>[#def841]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:169: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:169: cond_at_least: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/target-cris/translate.c:169: cond_true: Condition &quot;r &gt; 15&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:169: cond_at_least: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.
>qemu-kvm-1.2.0/target-cris/translate.c:171: overrun-local: Overrunning array &quot;cpu_R&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).
>
><a name='def842'/>Error: OVERRUN: <a href ='#def842'>[#def842]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;2&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2028: switch_case: Reached case &quot;2&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2029: cond_true: Condition &quot;valids &gt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: cond_true: Condition &quot;valids &gt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: cond_true: Condition &quot;valids &lt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_true: Condition &quot;valids &lt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_between: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 12 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2033: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 12) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def843'/>Error: OVERRUN: <a href ='#def843'>[#def843]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;2&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2028: switch_case: Reached case &quot;2&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2029: cond_true: Condition &quot;valids &gt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: cond_true: Condition &quot;valids &gt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: cond_true: Condition &quot;valids &lt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_true: Condition &quot;valids &lt; validd&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: cond_between: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 12 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2034: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 12) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def844'/>Error: OVERRUN: <a href ='#def844'>[#def844]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2009: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: cond_true: Condition &quot;j &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2013: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2013: cond_between: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 14 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2014: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def845'/>Error: OVERRUN: <a href ='#def845'>[#def845]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2037: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2038: cond_true: Condition &quot;j &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: cond_false: Condition &quot;upper - j &lt; validd&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: cond_between: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 14 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2042: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def846'/>Error: OVERRUN: <a href ='#def846'>[#def846]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2009: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: cond_true: Condition &quot;j &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: cond_between: Checking &quot;j &gt;= 0&quot; implies that the value of &quot;j&quot; is between 0 and 14 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2012: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;j&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def847'/>Error: OVERRUN: <a href ='#def847'>[#def847]</a>
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;valids &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: cond_true: Condition &quot;validd &lt; upper&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2018: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2019: cond_true: Condition &quot;j &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2019: cond_between: Checking &quot;j &gt;= 0&quot; implies that the value of &quot;j&quot; is between 0 and 14 (inclusive) on the true branch.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:2021: overrun-call: Overrunning callee&apos;s array of size 8 by passing argument &quot;j&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: index_parm: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.
>
><a name='def848'/>Error: OVERRUN: <a href ='#def848'>[#def848]</a>
>qemu-kvm-1.2.0/block/vvfat.c:442: cond_true: Condition &quot;i &lt; number_of_entries&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:447: cond_true: Condition &quot;i == 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:448: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:442: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:442: cond_false: Condition &quot;i &lt; number_of_entries&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:448: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:449: cond_true: Condition &quot;i &lt; 26 * number_of_entries&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:451: cond_true: Condition &quot;offset &lt; 10&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:451: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:453: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:456: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:449: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:449: cond_true: Condition &quot;i &lt; 26 * number_of_entries&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:451: cond_true: Condition &quot;offset &lt; 10&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:451: cond_between: Checking &quot;offset &lt; 10&quot; implies that the value of &quot;offset&quot; is between 0 and 9 (inclusive) on the true branch.
>qemu-kvm-1.2.0/block/vvfat.c:451: assignment: Assigning: &quot;offset&quot; = &quot;1 + offset&quot;. The value of &quot;offset&quot; is now between 1 and 10 (inclusive).
>qemu-kvm-1.2.0/block/vvfat.c:451: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:453: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:455: overrun-local: Overrunning array &quot;entry-&gt;name&quot; of 8 bytes at byte offset 10 using index &quot;offset&quot; (which evaluates to 10).
>
><a name='def849'/>Error: OVERRUN: <a href ='#def849'>[#def849]</a>
>qemu-kvm-1.2.0/block/vvfat.c:620: cond_true: Condition &quot;is_dot&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:622: overrun-buffer-arg: Overrunning array &quot;entry-&gt;name&quot; of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument &quot;11UL&quot;.
>
><a name='def850'/>Error: OVERRUN: <a href ='#def850'>[#def850]</a>
>qemu-kvm-1.2.0/block/vvfat.c:620: cond_false: Condition &quot;is_dot&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:625: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:630: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:630: cond_false: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:630: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:631: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:632: cond_true: Condition &quot;j &gt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:632: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:634: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:640: cond_true: Condition &quot;j &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_true: Condition &quot;i &lt; 3&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_true: Condition &quot;filename[j + 1 + i]&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:642: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:641: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_true: Condition &quot;i &lt; 3&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_true: Condition &quot;filename[j + 1 + i]&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:642: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:641: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_true: Condition &quot;i &lt; 3&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:641: cond_false: Condition &quot;filename[j + 1 + i]&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:642: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:645: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i == 10&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_false: Condition &quot;entry-&gt;name[i] == 32&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:647: cond_true: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:649: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:651: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:652: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:645: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:645: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_false: Condition &quot;i == 10&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i == 7&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_true: Condition &quot;i &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_false: Condition &quot;entry-&gt;name[i] == 32&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:646: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:647: cond_true: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:649: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:651: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:652: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:645: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:645: cond_true: Condition &quot;i &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_false: Condition &quot;i == 10&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:646: cond_false: Condition &quot;i == 7&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:646: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:647: cond_true: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:649: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/block/vvfat.c:651: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:652: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:645: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:645: cond_false: Condition &quot;i &gt;= 0&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:652: loop_end: Reached end of loop
>qemu-kvm-1.2.0/block/vvfat.c:655: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:659: cond_true: Condition &quot;entry1 &lt; entry&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:660: cond_false: Condition &quot;!is_long_name(entry1)&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:661: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:661: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:659: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:659: cond_true: Condition &quot;entry1 &lt; entry&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:660: cond_false: Condition &quot;!is_long_name(entry1)&quot;, taking false branch
>qemu-kvm-1.2.0/block/vvfat.c:661: if_end: End of if statement
>qemu-kvm-1.2.0/block/vvfat.c:661: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/block/vvfat.c:659: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/block/vvfat.c:659: cond_true: Condition &quot;entry1 &lt; entry&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:660: cond_true: Condition &quot;!is_long_name(entry1)&quot;, taking true branch
>qemu-kvm-1.2.0/block/vvfat.c:660: overrun-buffer-arg: Overrunning array &quot;entry1-&gt;name&quot; of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument &quot;11UL&quot;.
>
><a name='def851'/>Error: OVERRUN: <a href ='#def851'>[#def851]</a>
>qemu-kvm-1.2.0/readline.c:218: cond_false: Condition &quot;cmdline[0] == 0&quot;, taking false branch
>qemu-kvm-1.2.0/readline.c:219: if_end: End of if statement
>qemu-kvm-1.2.0/readline.c:221: cond_true: Condition &quot;rs-&gt;hist_entry != -1&quot;, taking true branch
>qemu-kvm-1.2.0/readline.c:225: cond_false: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/readline.c:227: if_end: End of if statement
>qemu-kvm-1.2.0/readline.c:230: cond_true: Condition &quot;idx &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/readline.c:232: cond_false: Condition &quot;hist_entry == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/readline.c:233: if_end: End of if statement
>qemu-kvm-1.2.0/readline.c:234: cond_false: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/readline.c:246: if_end: End of if statement
>qemu-kvm-1.2.0/readline.c:247: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/readline.c:230: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/readline.c:230: cond_true: Condition &quot;idx &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/readline.c:230: cond_at_most: Checking &quot;idx &lt; 64&quot; implies that the value of &quot;idx&quot; may be up to 63 on the true branch.
>qemu-kvm-1.2.0/readline.c:232: cond_false: Condition &quot;hist_entry == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/readline.c:233: if_end: End of if statement
>qemu-kvm-1.2.0/readline.c:234: cond_true: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/readline.c:238: overrun-local: Overrunning array of 512 bytes at byte offset 512 by dereferencing pointer &quot;&amp;rs-&gt;history[idx + 1]&quot;.
>
><a name='def852'/>Error: OVERRUN: <a href ='#def852'>[#def852]</a>
>qemu-kvm-1.2.0/savevm.c:558: cond_true: Condition &quot;!f-&gt;last_error&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:558: cond_true: Condition &quot;f-&gt;is_write == 0&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:558: cond_false: Condition &quot;f-&gt;buf_index &gt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/savevm.c:562: if_end: End of if statement
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;!f-&gt;last_error&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;size &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:566: cond_true: Condition &quot;l &gt; size&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:573: cond_true: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:575: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/savevm.c:564: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;!f-&gt;last_error&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;size &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:566: cond_true: Condition &quot;l &gt; size&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:573: cond_false: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking false branch
>qemu-kvm-1.2.0/savevm.c:574: if_end: End of if statement
>qemu-kvm-1.2.0/savevm.c:575: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/savevm.c:564: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;!f-&gt;last_error&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;size &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:566: cond_true: Condition &quot;l &gt; size&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:573: cond_true: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:573: cond_at_least: Checking &quot;f-&gt;buf_index &gt;= 32768&quot; implies that the value of &quot;f-&gt;buf_index&quot; is at least 32768 on the true branch.
>qemu-kvm-1.2.0/savevm.c:575: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/savevm.c:564: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;!f-&gt;last_error&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:564: cond_true: Condition &quot;size &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:566: cond_true: Condition &quot;l &gt; size&quot;, taking true branch
>qemu-kvm-1.2.0/savevm.c:568: overrun-local: Overrunning array of 32768 bytes at byte offset 32768 by dereferencing pointer &quot;&amp;f-&gt;buf[f-&gt;buf_index]&quot;.
>
><a name='def853'/>Error: OVERRUN: <a href ='#def853'>[#def853]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3428: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3431: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3442: cond_false: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3445: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3450: switch: Switch case value &quot;3241737481U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3473: switch_case: Reached case &quot;3241737481U&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:3478: overrun-buffer-val: Overrunning array &quot;arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.
>qemu-kvm-1.2.0/thunk.h:88:5: switch: Switch case value &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:133:10: switch_case: Reached case &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:135:9: index_const: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.
>qemu-kvm-1.2.0/thunk.c:309:5: deref_parm_in_call: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.
>qemu-kvm-1.2.0/thunk.h:87:5: deref_parm: Directly dereferencing parameter &quot;type_ptr&quot;.
>
><a name='def854'/>Error: OVERRUN: <a href ='#def854'>[#def854]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3251: overrun-buffer-val: Overrunning array &quot;extent_arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.
>qemu-kvm-1.2.0/thunk.h:88:5: switch: Switch case value &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:133:10: switch_case: Reached case &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:135:9: index_const: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.
>qemu-kvm-1.2.0/thunk.c:309:5: deref_parm_in_call: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.
>qemu-kvm-1.2.0/thunk.h:87:5: deref_parm: Directly dereferencing parameter &quot;type_ptr&quot;.
>
><a name='def855'/>Error: OVERRUN: <a href ='#def855'>[#def855]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:3337: cond_true: Condition &quot;arg_type[0] == TYPE_PTR&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3338: cond_true: Condition &quot;ie-&gt;access == (3 /* 1 | 2 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3344: cond_false: Condition &quot;!argptr&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:3345: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:3353: overrun-buffer-val: Overrunning array &quot;ifreq_arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.
>qemu-kvm-1.2.0/thunk.h:88:5: switch: Switch case value &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:133:10: switch_case: Reached case &quot;10&quot;
>qemu-kvm-1.2.0/thunk.h:135:9: index_const: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.
>qemu-kvm-1.2.0/thunk.c:309:5: deref_parm_in_call: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.
>qemu-kvm-1.2.0/thunk.h:87:5: deref_parm: Directly dereferencing parameter &quot;type_ptr&quot;.
>
><a name='def856'/>Error: OVERRUN: <a href ='#def856'>[#def856]</a>
>qemu-kvm-1.2.0/softmmu_header.h:93: return_constant: Function call &quot;cpu_mmu_index(env)&quot; returns 4.
>qemu-kvm-1.2.0/softmmu_header.h:93: assignment: Assigning: &quot;mmu_idx&quot; = &quot;cpu_mmu_index(env)&quot;. The value of &quot;mmu_idx&quot; is now 4.
>qemu-kvm-1.2.0/softmmu_header.h:94: cond_true: Condition &quot;!!(env-&gt;tlb_table[mmu_idx][page_index].addr_code != (addr &amp; (18446744073709543427UL /* ~((1 &lt;&lt; 13) - 1) | 4 - 1 */)))&quot;, taking true branch
>qemu-kvm-1.2.0/softmmu_header.h:94: cond_true: Condition &quot;!!(env-&gt;tlb_table[mmu_idx][page_index].addr_code != (addr &amp; (18446744073709543427UL /* ~((1 &lt;&lt; 13) - 1) | 4 - 1 */)))&quot;, taking true branch
>qemu-kvm-1.2.0/softmmu_header.h:96: overrun-call: Overrunning callee&apos;s array of size 2 by passing argument &quot;mmu_idx&quot; (which evaluates to 4) in call to &quot;helper_ldl_cmmu(struct CPUARMState *, target_ulong, int)&quot;.
>qemu-kvm-1.2.0/softmmu_template.h:108:5: index_parm: Indexing &quot;env-&gt;tlb_table&quot; with &quot;mmu_idx&quot;.
>
><a name='def857'/>Error: OVERRUN: <a href ='#def857'>[#def857]</a>
>qemu-kvm-1.2.0/slirp/socket.c:298: cond_true: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:299: assignment: Assigning: &quot;so-&gt;so_urgc&quot; = &quot;2048&quot;.
>qemu-kvm-1.2.0/slirp/socket.c:301: cond_false: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:307: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/socket.c:314: cond_false: Condition &quot;len &gt; so-&gt;so_urgc&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/socket.c:314: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/socket.c:314: cond_at_most: Checking &quot;len &gt; so-&gt;so_urgc&quot; implies that the value of &quot;len&quot; may be up to 2048 on the false branch.
>qemu-kvm-1.2.0/slirp/socket.c:317: cond_true: Condition &quot;so-&gt;so_urgc&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:319: cond_true: Condition &quot;n &gt; so-&gt;so_urgc&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/socket.c:320: overrun-local: Overrunning array of 2048 bytes at byte offset 2048 by dereferencing pointer &quot;&amp;buff[len]&quot;.
>
><a name='def858'/>Error: OVERRUN: <a href ='#def858'>[#def858]</a>
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:303: cond_false: Condition &quot;!s-&gt;enable&quot;, taking false branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:304: if_end: End of if statement
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: cond_true: Condition &quot;s-&gt;in_len &gt;= 2&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: cond_true: Condition &quot;plen &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: cond_true: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_hdr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: cond_true: Condition &quot;plen &lt; s-&gt;in_hdr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: cond_true: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:322: assignment: Assigning: &quot;s-&gt;in_data&quot; = &quot;2147483647&quot;.
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:324: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:325: if_end: End of if statement
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:326: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: cond_true: Condition &quot;s-&gt;in_len &gt;= 2&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: cond_true: Condition &quot;plen &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: cond_true: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_hdr&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: cond_false: Condition &quot;plen &lt; s-&gt;in_hdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:314: if_end: End of if statement
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: cond_true: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot;, taking true branch
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: cond_at_least: Checking &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot; implies that the value of &quot;s-&gt;in_len&quot; is at least 2147483647 on the true branch.
>qemu-kvm-1.2.0/hw/bt-hci-csr.c:319: overrun-local: Overrunning array of 4096 bytes at byte offset 2147483647 by dereferencing pointer &quot;&amp;s-&gt;inpkt[s-&gt;in_len]&quot;.
>
><a name='def859'/>Error: OVERRUN: <a href ='#def859'>[#def859]</a>
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 0x800&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 0x80&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 0x40&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 0x10&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:221: cond_true: Condition &quot;eflags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:247: cond_true: Condition &quot;i &lt; 6&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:250: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:247: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:247: cond_true: Condition &quot;i &lt; 6&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:250: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:247: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:247: cond_false: Condition &quot;i &lt; 6&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:250: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/helper.c:281: cond_true: Condition &quot;i &lt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:283: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:281: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:281: cond_true: Condition &quot;i &lt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:283: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:281: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:281: cond_false: Condition &quot;i &lt; 4&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:283: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/helper.c:287: cond_true: Condition &quot;flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:288: cond_true: Condition &quot;(unsigned int)env-&gt;cc_op &lt; CC_OP_NB&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:289: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:291: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:306: cond_true: Condition &quot;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:309: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:310: cond_true: Condition &quot;!env-&gt;fptags[i]&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:311: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:309: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:309: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:310: cond_true: Condition &quot;!env-&gt;fptags[i]&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:311: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:309: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:309: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:311: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/helper.c:318: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:323: cond_false: Condition &quot;(i &amp; 1) == 1&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:326: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-i386/helper.c:327: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:318: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:318: cond_true: Condition &quot;i &lt; 8&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:323: cond_true: Condition &quot;(i &amp; 1) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:324: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:326: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:327: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:318: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:318: cond_false: Condition &quot;i &lt; 8&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:327: loop_end: Reached end of loop
>qemu-kvm-1.2.0/target-i386/helper.c:328: cond_true: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:329: assignment: Assigning: &quot;nb&quot; = &quot;16&quot;.
>qemu-kvm-1.2.0/target-i386/helper.c:329: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:331: if_end: End of if statement
>qemu-kvm-1.2.0/target-i386/helper.c:332: cond_true: Condition &quot;i &lt; nb&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:339: cond_false: Condition &quot;(i &amp; 1) == 1&quot;, taking false branch
>qemu-kvm-1.2.0/target-i386/helper.c:342: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-i386/helper.c:343: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/target-i386/helper.c:332: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/target-i386/helper.c:332: cond_true: Condition &quot;i &lt; nb&quot;, taking true branch
>qemu-kvm-1.2.0/target-i386/helper.c:332: cond_at_most: Checking &quot;i &lt; nb&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.
>qemu-kvm-1.2.0/target-i386/helper.c:333: overrun-local: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).
>
><a name='def860'/>Error: OVERRUN: <a href ='#def860'>[#def860]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:221: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:224: else_branch: Reached else branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:229: alias: Assigning: &quot;cmsg&quot; = &quot;&amp;msg_control.cmsg&quot;. &quot;cmsg&quot; now points to element 0 of &quot;msg_control.cmsg&quot; (which consists of 1 16-byte elements).
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:233: overrun-buffer-arg: Overrunning struct type cmsghdr of 0 bytes by passing it to a function which accesses it at byte offset 3 using argument &quot;4UL&quot;.
>
><a name='def861'/>Error: OVERRUN: <a href ='#def861'>[#def861]</a>
>qemu-kvm-1.2.0/target-cris/translate.c:175: cond_false: Condition &quot;r &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/target-cris/translate.c:175: cond_at_least: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.
>qemu-kvm-1.2.0/target-cris/translate.c:175: cond_true: Condition &quot;r &gt; 15&quot;, taking true branch
>qemu-kvm-1.2.0/target-cris/translate.c:175: cond_at_least: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.
>qemu-kvm-1.2.0/target-cris/translate.c:177: overrun-local: Overrunning array &quot;cpu_R&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).
>
><a name='def862'/>Error: OVERRUN: <a href ='#def862'>[#def862]</a>
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: cond_true: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking true branch
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: cond_true: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking true branch
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: cond_at_most: Checking &quot;i &lt; 512U&quot; implies that the value of &quot;i&quot; may be up to 511 on the true branch.
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:421: illegal_address: &quot;&amp;s-&gt;output_irq[i]&quot; evaluates to an address that is at byte offset 4088 of an array of 512 bytes.
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: cond_false: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: loop_end: Reached end of loop
>
><a name='def863'/>Error: OVERRUN: <a href ='#def863'>[#def863]</a>
>qemu-kvm-1.2.0/ui/curses.c:166: cond_true: Condition &quot;invalidate&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:179: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:181: cond_true: Condition &quot;nextchr == -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:182: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/ui/curses.c:186: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:188: cond_false: Condition &quot;chr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:189: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:193: cond_false: Condition &quot;chr == 410&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:201: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:208: cond_true: Condition &quot;keycode == 1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:211: cond_true: Condition &quot;nextchr != -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:217: cond_true: Condition &quot;keycode != -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:221: cond_true: Condition &quot;keycode &gt;= (1026 /* 2 | 0x400 */)&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:221: cond_true: Condition &quot;keycode &lt; 1035 /* (2 | 0x400) + 9 */&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:228: continue: Continuing loop
>qemu-kvm-1.2.0/ui/curses.c:296: loop: Looping back
>qemu-kvm-1.2.0/ui/curses.c:179: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:181: cond_true: Condition &quot;nextchr == -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:182: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/ui/curses.c:186: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:188: cond_false: Condition &quot;chr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:189: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:193: cond_false: Condition &quot;chr == 410&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:201: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:208: cond_true: Condition &quot;keycode == 1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:211: cond_true: Condition &quot;nextchr != -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:217: cond_true: Condition &quot;keycode != -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:221: cond_true: Condition &quot;keycode &gt;= (1026 /* 2 | 0x400 */)&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:221: cond_false: Condition &quot;keycode &lt; 1035 /* (2 | 0x400) + 9 */&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:229: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:234: cond_true: Condition &quot;kbd_layout&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:236: cond_false: Condition &quot;chr &lt; 511&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:237: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:236: cond_at_least: Checking &quot;chr &lt; 511&quot; implies that the value of &quot;chr&quot; is at least 511 on the false branch.
>qemu-kvm-1.2.0/ui/curses.c:239: cond_true: Condition &quot;keysym == -1&quot;, taking true branch
>qemu-kvm-1.2.0/ui/curses.c:240: cond_false: Condition &quot;chr &lt; 32&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:246: else_branch: Reached else branch
>qemu-kvm-1.2.0/ui/curses.c:250: cond_false: Condition &quot;keycode == 0&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:251: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:257: cond_false: Condition &quot;keycode == -1&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:258: if_end: End of if statement
>qemu-kvm-1.2.0/ui/curses.c:260: cond_false: Condition &quot;is_graphic_console()&quot;, taking false branch
>qemu-kvm-1.2.0/ui/curses.c:289: else_branch: Reached else branch
>qemu-kvm-1.2.0/ui/curses.c:290: overrun-local: Overrunning array &quot;curses2qemu&quot; of 511 4-byte elements at element index 511 (byte offset 2044) using index &quot;chr&quot; (which evaluates to 511).
>
><a name='def864'/>Error: OVERRUN: <a href ='#def864'>[#def864]</a>
>qemu-kvm-1.2.0/slirp/ip_input.c:251: cond_true: Condition &quot;fp == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_input.c:254: cond_false: Condition &quot;t == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:256: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_input.c:262: alias: Assigning: &quot;fp-&gt;frag_link.next&quot; = &quot;&amp;fp-&gt;frag_link&quot;. &quot;fp-&gt;frag_link.next&quot; now points to byte 0 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).
>qemu-kvm-1.2.0/slirp/ip_input.c:266: goto: Jumping to label &quot;insert&quot;
>qemu-kvm-1.2.0/slirp/ip_input.c:312: label: Reached label &quot;insert&quot;
>qemu-kvm-1.2.0/slirp/ip_input.c:319: cond_true: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_input.c:321: cond_false: Condition &quot;q-&gt;ipf_ip.ip_off != next&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:322: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_input.c:324: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/slirp/ip_input.c:319: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/slirp/ip_input.c:319: cond_false: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:324: loop_end: Reached end of loop
>qemu-kvm-1.2.0/slirp/ip_input.c:325: cond_false: Condition &quot;((struct ipasfrag *)q-&gt;ipf_link.prev)-&gt;ipf_ip.ip_tos &amp; 1&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:326: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_input.c:335: cond_false: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:339: loop_end: Reached end of loop
>qemu-kvm-1.2.0/slirp/ip_input.c:347: alias: Assigning: &quot;q&quot; = &quot;fp-&gt;frag_link.next&quot;. &quot;q&quot; now points to byte 0 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).
>qemu-kvm-1.2.0/slirp/ip_input.c:356: cond_false: Condition &quot;m-&gt;m_hdr.mh_flags &amp; 1&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_input.c:359: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_input.c:361: alias: Assigning: &quot;ip&quot; = &quot;(char *)q + 16UL&quot;. &quot;ip&quot; now points to byte 16 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).
>qemu-kvm-1.2.0/slirp/ip_input.c:362: overrun-local: Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer &quot;ip&quot;.
>
><a name='def865'/>Error: OVERRUN: <a href ='#def865'>[#def865]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: switch: Switch case value &quot;1568UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:292: switch_case: Reached case &quot;1568UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:292: equality_cond: Jumping to case &quot;1568UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:293: cond_false: Condition &quot;offset == 1540&quot;, taking false branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:295: if_end: End of if statement
>qemu-kvm-1.2.0/hw/zynq_slcr.c:296: overrun-local: Overrunning array &quot;(*s).ddr&quot; of 8 4-byte elements at element index 8 (byte offset 32) using index &quot;(offset - 1536UL) / 4UL&quot; (which evaluates to 8).
>
><a name='def866'/>Error: OVERRUN: <a href ='#def866'>[#def866]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: switch: Switch case value &quot;2064UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:299: switch_case: Reached case &quot;2064UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:299: equality_cond: Jumping to case &quot;2064UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:300: overrun-local: Overrunning array &quot;(*s).mio_func&quot; of 4 4-byte elements at element index 4 (byte offset 16) using index &quot;(offset - 2048UL) / 4UL&quot; (which evaluates to 4).
>
><a name='def867'/>Error: OVERRUN: <a href ='#def867'>[#def867]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: switch: Switch case value &quot;468UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:268: switch_case: Reached case &quot;468UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:268: equality_cond: Jumping to case &quot;468UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:269: overrun-local: Overrunning array &quot;(*s).misc&quot; of 9 4-byte elements at element index 9 (byte offset 36) using index &quot;(offset - 432UL) / 4UL&quot; (which evaluates to 9).
>
><a name='def868'/>Error: OVERRUN: <a href ='#def868'>[#def868]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: switch: Switch case value &quot;600UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:270: switch_case: Reached case &quot;600UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:270: equality_cond: Jumping to case &quot;600UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:271: overrun-local: Overrunning array &quot;(*s).reset&quot; of 22 4-byte elements at element index 22 (byte offset 88) using index &quot;(offset - 512UL) / 4UL&quot; (which evaluates to 22).
>
><a name='def869'/>Error: OVERRUN: <a href ='#def869'>[#def869]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: switch: Switch case default
>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: switch_default: Reached end of switch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: cond_true: Condition &quot;!(*s).lockval&quot;, taking true branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: switch: Switch case value &quot;1568UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:427: switch_case: Reached case &quot;1568UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:427: equality_cond: Jumping to case &quot;1568UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:428: cond_false: Condition &quot;offset == 1540&quot;, taking false branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:430: if_end: End of if statement
>qemu-kvm-1.2.0/hw/zynq_slcr.c:431: overrun-local: Overrunning array &quot;(*s).ddr&quot; of 8 4-byte elements at element index 8 (byte offset 32) using index &quot;(offset - 1536UL) / 4UL&quot; (which evaluates to 8).
>
><a name='def870'/>Error: OVERRUN: <a href ='#def870'>[#def870]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: switch: Switch case default
>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: switch_default: Reached end of switch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: cond_true: Condition &quot;!(*s).lockval&quot;, taking true branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: switch: Switch case value &quot;2064UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:436: switch_case: Reached case &quot;2064UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:436: equality_cond: Jumping to case &quot;2064UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:437: overrun-local: Overrunning array &quot;(*s).mio_func&quot; of 4 4-byte elements at element index 4 (byte offset 16) using index &quot;(offset - 2048UL) / 4UL&quot; (which evaluates to 4).
>
><a name='def871'/>Error: OVERRUN: <a href ='#def871'>[#def871]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: switch: Switch case default
>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: switch_default: Reached end of switch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: cond_true: Condition &quot;!(*s).lockval&quot;, taking true branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: switch: Switch case value &quot;468UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:391: switch_case: Reached case &quot;468UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:391: equality_cond: Jumping to case &quot;468UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:392: overrun-local: Overrunning array &quot;(*s).misc&quot; of 9 4-byte elements at element index 9 (byte offset 36) using index &quot;(offset - 432UL) / 4UL&quot; (which evaluates to 9).
>
><a name='def872'/>Error: OVERRUN: <a href ='#def872'>[#def872]</a>
>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: switch: Switch case default
>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: switch_default: Reached end of switch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: cond_true: Condition &quot;!(*s).lockval&quot;, taking true branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: switch: Switch case value &quot;600UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:394: switch_case: Reached case &quot;600UL&quot;
>qemu-kvm-1.2.0/hw/zynq_slcr.c:394: equality_cond: Jumping to case &quot;600UL&quot;.
>qemu-kvm-1.2.0/hw/zynq_slcr.c:395: cond_false: Condition &quot;offset == 592&quot;, taking false branch
>qemu-kvm-1.2.0/hw/zynq_slcr.c:397: if_end: End of if statement
>qemu-kvm-1.2.0/hw/zynq_slcr.c:398: overrun-local: Overrunning array &quot;(*s).reset&quot; of 22 4-byte elements at element index 22 (byte offset 88) using index &quot;(offset - 512UL) / 4UL&quot; (which evaluates to 22).
>
><a name='def873'/>Error: OVERRUN: <a href ='#def873'>[#def873]</a>
>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: cond_true: Condition &quot;type != 3&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: cond_false: Condition &quot;type != 11&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:261: cond_false: Condition &quot;!msrc&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:261: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:270: cond_false: Condition &quot;ip-&gt;ip_off &amp; 0x1fff&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:270: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:273: cond_false: Condition &quot;(ip-&gt;ip_src.s_addr &amp; __bswap_32(268435455U /* ~(0xf &lt;&lt; 28) */)) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:275: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:279: cond_true: Condition &quot;ip-&gt;ip_p == IPPROTO_ICMP&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: cond_false: Condition &quot;icp-&gt;icmp_type &gt; 18&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: cond_false: Condition &quot;icmp_flush[icp-&gt;icmp_type]&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:290: cond_false: Condition &quot;!m&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:292: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/ip_icmp.c:296: cond_true: Condition &quot;new_m_size &gt; m-&gt;m_hdr.mh_size&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:311: cond_false: Condition &quot;minsize&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:312: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:312: cond_true: Condition &quot;s_ip_len &gt; 548U /* 576 - 28 */&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/ip_icmp.c:313: assignment: Assigning: &quot;s_ip_len&quot; = &quot;548U&quot;.
>qemu-kvm-1.2.0/slirp/ip_icmp.c:324: overrun-buffer-arg: Overrunning struct type ip of 20 bytes by passing it to a function which accesses it at byte offset 547 using argument &quot;s_ip_len&quot; (which evaluates to 548).
>
><a name='def874'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def874'>[#def874]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1103: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1103: var_assign: Assigning: &quot;sockfd&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1104: cond_false: Condition &quot;sockfd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1107: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1111: noescape: Resource &quot;sockfd&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1111: cond_true: Condition &quot;connect(sockfd, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;helper}), size) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1113: leaked_handle: Handle variable &quot;sockfd&quot; going out of scope leaks the handle.
>
><a name='def875'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def875'>[#def875]</a>
>qemu-kvm-1.2.0/qemu-ga.c:245: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:245: var_assign: Assigning: &quot;pidfd&quot; = handle returned from &quot;open(pidfile, 65, 384)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:246: cond_false: Condition &quot;pidfd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:246: cond_false: Condition &quot;lockf(pidfd, 2, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:252: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:254: noescape: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;ftruncate(int, __off64_t)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:254: cond_false: Condition &quot;ftruncate(pidfd, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:254: noescape: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;lseek(int, __off64_t, int)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:254: cond_true: Condition &quot;lseek(pidfd, 0, 0)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-ga.c:256: goto: Jumping to label &quot;fail&quot;
>qemu-kvm-1.2.0/qemu-ga.c:266: label: Reached label &quot;fail&quot;
>qemu-kvm-1.2.0/qemu-ga.c:268: leaked_handle: Handle variable &quot;pidfd&quot; going out of scope leaks the handle.
>
><a name='def876'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def876'>[#def876]</a>
>qemu-kvm-1.2.0/qemu-ga.c:245: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:245: var_assign: Assigning: &quot;pidfd&quot; = handle returned from &quot;open(pidfile, 65, 384)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:246: cond_false: Condition &quot;pidfd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:246: cond_false: Condition &quot;lockf(pidfd, 2, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:252: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:254: noescape: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;ftruncate(int, __off64_t)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:254: cond_false: Condition &quot;ftruncate(pidfd, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:254: noescape: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;lseek(int, __off64_t, int)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:254: cond_false: Condition &quot;lseek(pidfd, 0, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:257: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:259: noescape: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;write(int, void const *, size_t)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:259: cond_false: Condition &quot;write(pidfd, pidstr, strlen(pidstr)) != strlen(pidstr)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:262: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:264: leaked_handle: Handle variable &quot;pidfd&quot; going out of scope leaks the handle.
>
><a name='def877'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def877'>[#def877]</a>
>qemu-kvm-1.2.0/qemu-ga.c:131: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:131: var_assign: Assigning: &quot;nullfd&quot; = handle returned from &quot;open(&quot;/dev/null&quot;, 2)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:132: cond_false: Condition &quot;nullfd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:134: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:136: noescape: Resource &quot;nullfd&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.
>qemu-kvm-1.2.0/qemu-ga.c:138: cond_false: Condition &quot;nullfd != fd&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-ga.c:140: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-ga.c:141: leaked_handle: Handle variable &quot;nullfd&quot; going out of scope leaks the handle.
>
><a name='def878'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def878'>[#def878]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:2600: switch: Switch case value &quot;13&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:2607: switch_case: Reached case &quot;13&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:2609: alloc_arg: &quot;target_to_host_semarray(int, unsigned short **, abi_ulong)&quot; allocates memory that is stored into &quot;array&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2539:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:2540:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:2544:5: alloc_fn: Storage is returned from allocation function &quot;malloc(size_t)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2544:5: var_assign: Assigning: &quot;*host_array&quot; = &quot;malloc(nsems * 2UL)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:2547:5: cond_true: Condition &quot;!array&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:2610: cond_true: Condition &quot;err&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:2611: leaked_storage: Variable &quot;array&quot; going out of scope leaks the storage it points to.
>
><a name='def879'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def879'>[#def879]</a>
>qemu-kvm-1.2.0/os-posix.c:346: open_fn: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:161:5: cond_false: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:189:5: if_end: End of if statement
>qemu-kvm-1.2.0/osdep.c:192:5: cond_true: Condition &quot;flags &amp; 0x40&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:201:5: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:201:5: var_assign: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.
>qemu-kvm-1.2.0/osdep.c:209:5: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/os-posix.c:346: var_assign: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(filename, 66, 384)&quot;.
>qemu-kvm-1.2.0/os-posix.c:347: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/os-posix.c:349: if_end: End of if statement
>qemu-kvm-1.2.0/os-posix.c:350: cond_false: Condition &quot;lockf(fd, 2, 0) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/os-posix.c:353: if_end: End of if statement
>qemu-kvm-1.2.0/os-posix.c:355: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;write(int, void const *, size_t)&quot;.
>qemu-kvm-1.2.0/os-posix.c:355: cond_false: Condition &quot;write(fd, buffer, len) != len&quot;, taking false branch
>qemu-kvm-1.2.0/os-posix.c:358: if_end: End of if statement
>qemu-kvm-1.2.0/os-posix.c:361: leaked_handle: Handle variable &quot;fd&quot; going out of scope leaks the handle.
>
><a name='def880'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def880'>[#def880]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: cond_true: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:717: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def881'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def881'>[#def881]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: cond_false: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: cond_true: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:721: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def882'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def882'>[#def882]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: cond_false: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: cond_false: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: cond_true: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:725: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def883'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def883'>[#def883]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: cond_false: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: cond_false: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: cond_false: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:726: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:728: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:729: cond_true: Condition &quot;client &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:731: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def884'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def884'>[#def884]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: cond_false: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: cond_false: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: cond_false: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:726: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:728: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:729: cond_false: Condition &quot;client &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:732: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:733: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def885'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def885'>[#def885]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_true: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1628: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_true: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1713: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1714: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1715: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1724: cond_false: Condition &quot;error == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1726: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1732: cond_true: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1737: cond_true: Condition &quot;elf_prot &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1738: cond_true: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1741: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1745: cond_true: Condition &quot;elf_prot &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1746: cond_true: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1749: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1752: cond_true: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1783: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1784: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_true: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1713: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1714: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1715: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1724: cond_false: Condition &quot;error == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1726: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1732: cond_true: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1737: cond_true: Condition &quot;elf_prot &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1738: cond_true: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1741: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1745: cond_true: Condition &quot;elf_prot &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1746: cond_true: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1749: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1752: cond_true: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1783: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1784: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1763: alloc_fn: Storage is returned from allocation function &quot;malloc(size_t)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1763: var_assign: Assigning: &quot;interp_name&quot; = storage returned from &quot;malloc(eppnt-&gt;p_filesz)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1764: cond_false: Condition &quot;!interp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1766: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1768: cond_true: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1769: noescape: Resource &quot;interp_name&quot; is not freed or pointed-to in function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1771: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1777: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1778: cond_true: Condition &quot;interp_name[eppnt-&gt;p_filesz - 1] != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1780: goto: Jumping to label &quot;exit_errmsg&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1780: leaked_storage: Variable &quot;interp_name&quot; going out of scope leaks the storage it points to.
>
><a name='def886'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def886'>[#def886]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_true: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1628: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_true: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1713: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1714: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1715: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1724: cond_false: Condition &quot;error == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1726: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1732: cond_true: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1737: cond_true: Condition &quot;elf_prot &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1738: cond_true: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1741: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1745: cond_true: Condition &quot;elf_prot &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1746: cond_true: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1749: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1752: cond_true: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1783: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1784: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_true: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1713: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1714: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1715: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1724: cond_false: Condition &quot;error == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1726: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1732: cond_true: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1737: cond_true: Condition &quot;elf_prot &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1738: cond_true: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1741: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1745: cond_true: Condition &quot;elf_prot &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1746: cond_true: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1749: cond_true: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1752: cond_true: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1783: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1784: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1763: alloc_fn: Storage is returned from allocation function &quot;malloc(size_t)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1763: var_assign: Assigning: &quot;interp_name&quot; = storage returned from &quot;malloc(eppnt-&gt;p_filesz)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1764: cond_false: Condition &quot;!interp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1766: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1768: cond_false: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1771: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1772: noescape: Resource &quot;interp_name&quot; is not freed or pointed-to in function &quot;pread(int, void *, size_t, __off64_t)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1774: cond_true: Condition &quot;retval != eppnt-&gt;p_filesz&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1775: goto: Jumping to label &quot;exit_perror&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1775: leaked_storage: Variable &quot;interp_name&quot; going out of scope leaks the storage it points to.
>
><a name='def887'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def887'>[#def887]</a>
>qemu-kvm-1.2.0/qga/channel-posix.c:128: switch: Switch case value &quot;GA_CHANNEL_VIRTIO_SERIAL&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:129: switch_case: Reached case &quot;GA_CHANNEL_VIRTIO_SERIAL&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:130: open_fn: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:161:5: cond_false: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:189:5: if_end: End of if statement
>qemu-kvm-1.2.0/osdep.c:192:5: cond_true: Condition &quot;flags &amp; 0x40&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:201:5: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:201:5: var_assign: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.
>qemu-kvm-1.2.0/osdep.c:209:5: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:130: var_assign: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(path, 10242)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:135: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:138: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:147: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: noescape: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:148: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:151: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:152: break: Breaking from switch
>qemu-kvm-1.2.0/qga/channel-posix.c:152: leaked_handle: Handle variable &quot;fd&quot; going out of scope leaks the handle.
>
><a name='def888'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def888'>[#def888]</a>
>qemu-kvm-1.2.0/qga/channel-posix.c:128: switch: Switch case value &quot;GA_CHANNEL_ISA_SERIAL&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:154: switch_case: Reached case &quot;GA_CHANNEL_ISA_SERIAL&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:156: open_fn: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:161:5: cond_false: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:189:5: if_end: End of if statement
>qemu-kvm-1.2.0/osdep.c:192:5: cond_true: Condition &quot;flags &amp; 0x40&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:201:5: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/osdep.c:201:5: var_assign: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.
>qemu-kvm-1.2.0/osdep.c:209:5: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:156: var_assign: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(path, 2306)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:157: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:160: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:161: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcgetattr(int, struct termios *)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:175: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcflush(int, int)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:176: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcsetattr(int, int, struct termios const *)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:177: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: noescape: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:178: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:180: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:181: break: Breaking from switch
>qemu-kvm-1.2.0/qga/channel-posix.c:181: leaked_handle: Handle variable &quot;fd&quot; going out of scope leaks the handle.
>
><a name='def889'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def889'>[#def889]</a>
>qemu-kvm-1.2.0/qga/channel-posix.c:128: switch: Switch case value &quot;GA_CHANNEL_UNIX_LISTEN&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:183: switch_case: Reached case &quot;GA_CHANNEL_UNIX_LISTEN&quot;
>qemu-kvm-1.2.0/qga/channel-posix.c:184: open_fn: Returning handle opened by function &quot;unix_listen(char const *, char *, int)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:744:5: cond_false: Condition &quot;optstr&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:752:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-sockets.c:756:5: open_fn: Returning handle opened by function &quot;unix_listen_opts(QemuOpts *)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:663:5: open_fn: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: var_assign: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;ret != -1&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:663:5: var_assign: Assigning: &quot;sock&quot; = &quot;qemu_socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:664:5: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:667:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:671:5: cond_false: Condition &quot;path&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:673:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-sockets.c:675:9: cond_true: Condition &quot;tmpdir&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:689:5: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:689:5: cond_false: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;un}), 110U /* sizeof (un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:692:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:693:5: cond_false: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:696:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:698:5: return_handle: Returning opened handle &quot;sock&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:756:5: var_assign: Assigning: &quot;sock&quot; = &quot;unix_listen_opts(opts)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:758:5: cond_true: Condition &quot;sock != -1&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:758:5: cond_true: Condition &quot;ostr&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:759:9: cond_false: Condition &quot;optstr&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:761:5: return_handle: Returning opened handle &quot;sock&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:184: var_assign: Assigning: &quot;fd&quot; = handle returned from &quot;unix_listen(path, NULL, strlen(path))&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:185: cond_false: Condition &quot;fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:188: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:189: noescape: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_listen_add(GAChannel *, int, bool)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:55:53: noescape: &quot;ga_channel_listen_add(GAChannel *, int, bool)&quot; does not free or save its handle parameter &quot;listen_fd&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:190: break: Breaking from switch
>qemu-kvm-1.2.0/qga/channel-posix.c:190: leaked_handle: Handle variable &quot;fd&quot; going out of scope leaks the handle.
>
><a name='def890'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def890'>[#def890]</a>
>qemu-kvm-1.2.0/qga/channel-posix.c:31: cond_true: Condition &quot;channel != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: cond_true: Condition &quot;({...})&quot;, taking true branch
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:31: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:33: open_fn: Returning handle opened by function &quot;qemu_accept(int, struct sockaddr *, socklen_t *)&quot;.
>qemu-kvm-1.2.0/osdep.c:294:5: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:294:5: cond_false: Condition &quot;*__errno_location() != 38&quot;, taking false branch
>qemu-kvm-1.2.0/osdep.c:296:5: if_end: End of if statement
>qemu-kvm-1.2.0/osdep.c:298:5: open_fn: Returning handle opened by function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.
>qemu-kvm-1.2.0/osdep.c:298:5: var_assign: Assigning: &quot;ret&quot; = &quot;accept(s, __SOCKADDR_ARG({ .__sockaddr__ = addr}), addrlen)&quot;.
>qemu-kvm-1.2.0/osdep.c:299:5: cond_true: Condition &quot;ret &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:300:9: noescape: Resource &quot;ret&quot; is not freed or pointed-to in function &quot;qemu_set_cloexec(int)&quot;.
>qemu-kvm-1.2.0/oslib-posix.c:157:27: noescape: &quot;qemu_set_cloexec(int)&quot; does not free or save its handle parameter &quot;fd&quot;.
>qemu-kvm-1.2.0/osdep.c:303:5: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:33: var_assign: Assigning: &quot;client_fd&quot; = handle returned from &quot;qemu_accept(g_io_channel_unix_get_fd(channel), (struct sockaddr *)&amp;addr, &amp;addrlen)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:35: cond_false: Condition &quot;client_fd == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:38: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:39: noescape: Resource &quot;client_fd&quot; is not freed or pointed-to in function &quot;fcntl(int, int, ...)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:40: noescape: Resource &quot;client_fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: noescape: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.
>qemu-kvm-1.2.0/qga/channel-posix.c:41: cond_false: Condition &quot;ret&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:44: if_end: End of if statement
>qemu-kvm-1.2.0/qga/channel-posix.c:49: cond_false: Condition &quot;!accepted&quot;, taking false branch
>qemu-kvm-1.2.0/qga/channel-posix.c:49: leaked_handle: Handle variable &quot;client_fd&quot; going out of scope leaks the handle.
>
><a name='def891'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def891'>[#def891]</a>
>qemu-kvm-1.2.0/qemu-nbd.c:220: open_fn: Returning handle opened by function &quot;unix_socket_outgoing(char const *)&quot;.
>qemu-kvm-1.2.0/nbd.c:192:5: open_fn: Returning handle opened by function &quot;unix_connect(char const *)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:771:5: open_fn: Returning handle opened by function &quot;unix_connect_opts(QemuOpts *)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:711:5: cond_false: Condition &quot;NULL == path&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:714:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:716:5: open_fn: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: var_assign: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;ret != -1&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:716:5: var_assign: Assigning: &quot;sock&quot; = &quot;qemu_socket(1, 1, 0)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:717:5: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:720:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:725:5: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:725:5: cond_false: Condition &quot;connect(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;un}), 110U /* sizeof (un) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:729:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:731:5: return_handle: Returning opened handle &quot;sock&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:771:5: var_assign: Assigning: &quot;sock&quot; = &quot;unix_connect_opts(opts)&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:773:5: return_handle: Returning opened handle &quot;sock&quot;.
>qemu-kvm-1.2.0/nbd.c:192:5: return_handle_fn: Directly returning handle opened by &quot;unix_connect(char const *)&quot;.
>qemu-kvm-1.2.0/qemu-nbd.c:220: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;unix_socket_outgoing(sockpath)&quot;.
>qemu-kvm-1.2.0/qemu-nbd.c:221: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-nbd.c:223: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-nbd.c:225: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;nbd_receive_negotiate(int, char const *, uint32_t *, off_t *, size_t *)&quot;.
>qemu-kvm-1.2.0/nbd.c:246:31: noescape: &quot;nbd_receive_negotiate(int, char const *, uint32_t *, off_t *, size_t *)&quot; does not free or save its handle parameter &quot;csock&quot;.
>qemu-kvm-1.2.0/qemu-nbd.c:227: cond_true: Condition &quot;ret &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-nbd.c:228: goto: Jumping to label &quot;out&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:262: label: Reached label &quot;out&quot;
>qemu-kvm-1.2.0/qemu-nbd.c:264: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def892'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def892'>[#def892]</a>
>qemu-kvm-1.2.0/slirp/misc.c:128: cond_false: Condition &quot;do_pty == 2&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:130: else_branch: Reached else branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:135: cond_false: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/misc.c:146: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:152: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/slirp/misc.c:162: open_fn: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/osdep.c:272:5: var_assign: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.
>qemu-kvm-1.2.0/osdep.c:273:5: cond_true: Condition &quot;ret != -1&quot;, taking true branch
>qemu-kvm-1.2.0/osdep.c:274:9: return_handle: Returning opened handle &quot;ret&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:162: var_assign: Assigning: &quot;s&quot; = handle returned from &quot;qemu_socket(2, 1, 0)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:165: noescape: Resource &quot;s&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:166: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/misc.c:168: noescape: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:169: noescape: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:170: noescape: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.
>qemu-kvm-1.2.0/slirp/misc.c:171: overwrite_var: Overwriting handle &quot;s&quot; in &quot;s = getdtablesize() - 1&quot; leaks the handle.
>
><a name='def893'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def893'>[#def893]</a>
>qemu-kvm-1.2.0/qga/commands-posix.c:785: cond_false: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:790: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:792: cond_true: Condition &quot;ifa&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:806: cond_true: Condition &quot;!info&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:811: cond_true: Condition &quot;!cur_item&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:813: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:816: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:823: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:828: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:832: cond_false: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:839: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:843: cond_false: Condition &quot;asprintf(&amp;info-&gt;value-&gt;hardware_address, &quot;%02x:%02x:%02x:%02x:%02x:%02x&quot;, (int)mac_addr[0], (int)mac_addr[1], (int)mac_addr[2], (int)mac_addr[3], (int)mac_addr[4], (int)mac_addr[5]) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:852: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:858: cond_true: Condition &quot;ifa-&gt;ifa_addr&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:858: cond_true: Condition &quot;ifa-&gt;ifa_addr-&gt;sa_family == 2&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:864: cond_false: Condition &quot;!inet_ntop(2, p, addr4, 16U /* sizeof (addr4) */)&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:869: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:874: cond_true: Condition &quot;ifa-&gt;ifa_netmask&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:880: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:906: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:908: cond_false: Condition &quot;!address_item&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:910: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:914: cond_true: Condition &quot;*address_list&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:914: cond_true: Condition &quot;(*address_list)-&gt;next&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:916: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/qga/commands-posix.c:914: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qga/commands-posix.c:914: cond_true: Condition &quot;*address_list&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:914: cond_false: Condition &quot;(*address_list)-&gt;next&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:916: loop_end: Reached end of loop
>qemu-kvm-1.2.0/qga/commands-posix.c:918: cond_false: Condition &quot;!*address_list&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:920: else_branch: Reached else branch
>qemu-kvm-1.2.0/qga/commands-posix.c:792: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/qga/commands-posix.c:792: cond_true: Condition &quot;ifa&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:806: cond_false: Condition &quot;!info&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:817: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:822: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:822: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(2, 1, 0)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:823: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:828: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:832: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;ioctl(int, unsigned long, ...)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:832: cond_true: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:838: goto: Jumping to label &quot;error&quot;
>qemu-kvm-1.2.0/qga/commands-posix.c:838: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def894'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def894'>[#def894]</a>
>qemu-kvm-1.2.0/qga/commands-posix.c:785: cond_false: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:790: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:792: cond_true: Condition &quot;ifa&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:806: cond_true: Condition &quot;!info&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:811: cond_true: Condition &quot;!cur_item&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:813: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:816: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:819: cond_true: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:822: open_fn: Returning handle opened by function &quot;socket(int, int, int)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:822: var_assign: Assigning: &quot;sock&quot; = handle returned from &quot;socket(2, 1, 0)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:823: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:828: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:832: noescape: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;ioctl(int, unsigned long, ...)&quot;.
>qemu-kvm-1.2.0/qga/commands-posix.c:832: cond_false: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/qga/commands-posix.c:839: if_end: End of if statement
>qemu-kvm-1.2.0/qga/commands-posix.c:843: cond_true: Condition &quot;asprintf(&amp;info-&gt;value-&gt;hardware_address, &quot;%02x:%02x:%02x:%02x:%02x:%02x&quot;, (int)mac_addr[0], (int)mac_addr[1], (int)mac_addr[2], (int)mac_addr[3], (int)mac_addr[4], (int)mac_addr[5]) == -1&quot;, taking true branch
>qemu-kvm-1.2.0/qga/commands-posix.c:851: goto: Jumping to label &quot;error&quot;
>qemu-kvm-1.2.0/qga/commands-posix.c:851: leaked_handle: Handle variable &quot;sock&quot; going out of scope leaks the handle.
>
><a name='def895'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def895'>[#def895]</a>
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:173: switch: Switch case value &quot;2&quot;
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:177: switch_case: Reached case &quot;2&quot;
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:178: cond_false: Condition &quot;use_gdb_syscalls()&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:182: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: cond_false: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: cond_false: Condition &quot;!(p = lock_user_string(({...})))&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:186: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: cond_false: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: cond_false: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: var_assign: Assigning: &quot;result&quot; = handle returned from &quot;open(p, translate_openflags(({...})), ({...}))&quot;.
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:188: cond_false: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:188: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:191: break: Breaking from switch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:404: switch_end: Reached end of switch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:406: cond_false: Condition &quot;__hptr = lock_user(1, __gaddr, 4L /* sizeof (uint32_t) */, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:406: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:407: cond_false: Condition &quot;__hptr = lock_user(1, __gaddr, 4L /* sizeof (uint32_t) */, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:407: else_branch: Reached else branch
>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:408: leaked_handle: Handle variable &quot;result&quot; going out of scope leaks the handle.
>
><a name='def896'/>Error: RESOURCE_LEAK (CWE-404): <a href ='#def896'>[#def896]</a>
>qemu-kvm-1.2.0/linux-user/m68k-sim.c:104: switch: Switch case value &quot;5&quot;
>qemu-kvm-1.2.0/linux-user/m68k-sim.c:113: switch_case: Reached case &quot;5&quot;
>qemu-kvm-1.2.0/linux-user/m68k-sim.c:114: open_fn: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.
>qemu-kvm-1.2.0/linux-user/m68k-sim.c:114: leaked_handle: Ignoring handle opened by &quot;open((char *)(unsigned long)tswap32(args[0]), translate_openflags(tswap32(args[1])), tswap32(args[2]))&quot; leaks it.
>
><a name='def897'/>Error: REVERSE_INULL (CWE-476): <a href ='#def897'>[#def897]</a>
>qemu-kvm-1.2.0/hw/spapr_pci.c:68: deref_ptr: Directly dereferencing pointer &quot;phb&quot;.
>qemu-kvm-1.2.0/hw/spapr_pci.c:72: check_after_deref: Null-checking &quot;phb&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def898'/>Error: REVERSE_INULL (CWE-476): <a href ='#def898'>[#def898]</a>
>qemu-kvm-1.2.0/gdbstub.c:2722: deref_ptr_in_call: Dereferencing pointer &quot;s-&gt;chr&quot;.
>qemu-kvm-1.2.0/gdbstub.c:482:5: deref_parm_in_call: Function &quot;put_packet_binary(GDBState *, char const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.
>qemu-kvm-1.2.0/gdbstub.c:446:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/gdbstub.c:452:9: cond_true: Condition &quot;i &lt; len&quot;, taking true branch
>qemu-kvm-1.2.0/gdbstub.c:454:9: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/gdbstub.c:452:9: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/gdbstub.c:452:9: cond_true: Condition &quot;i &lt; len&quot;, taking true branch
>qemu-kvm-1.2.0/gdbstub.c:454:9: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/gdbstub.c:452:9: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/gdbstub.c:452:9: cond_false: Condition &quot;i &lt; len&quot;, taking false branch
>qemu-kvm-1.2.0/gdbstub.c:454:9: loop_end: Reached end of loop
>qemu-kvm-1.2.0/gdbstub.c:460:9: deref_parm_in_call: Function &quot;put_buffer(GDBState *, uint8_t const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.
>qemu-kvm-1.2.0/gdbstub.c:393:5: deref_parm_in_call: Function &quot;qemu_chr_fe_write(CharDriverState *, uint8_t const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:160:5: deref_parm: Directly dereferencing parameter &quot;s&quot;.
>qemu-kvm-1.2.0/gdbstub.c:2725: check_after_deref: Null-checking &quot;s-&gt;chr&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def899'/>Error: REVERSE_INULL (CWE-476): <a href ='#def899'>[#def899]</a>
>qemu-kvm-1.2.0/hw/exynos4210_fimd.c:1252: deref_ptr: Directly dereferencing pointer &quot;s&quot;.
>qemu-kvm-1.2.0/hw/exynos4210_fimd.c:1256: check_after_deref: Null-checking &quot;s&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def900'/>Error: REVERSE_INULL (CWE-476): <a href ='#def900'>[#def900]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:446: deref_ptr: Directly dereferencing pointer &quot;peer&quot;.
>qemu-kvm-1.2.0/qemu-sockets.c:508: check_after_deref: Null-checking &quot;peer&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def901'/>Error: REVERSE_INULL (CWE-476): <a href ='#def901'>[#def901]</a>
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: deref_ptr_in_call: Dereferencing pointer &quot;s-&gt;req&quot;.
>qemu-kvm-1.2.0/hw/scsi-bus.c:692:5: deref_parm: Directly dereferencing parameter &quot;req&quot;.
>qemu-kvm-1.2.0/hw/usb/dev-storage.c:433: check_after_deref: Null-checking &quot;s-&gt;req&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def902'/>Error: REVERSE_INULL (CWE-476): <a href ='#def902'>[#def902]</a>
>qemu-kvm-1.2.0/migration.c:286: deref_ptr_in_call: Dereferencing pointer &quot;s-&gt;file&quot;.
>qemu-kvm-1.2.0/savevm.c:551:5: deref_parm: Directly dereferencing parameter &quot;f&quot;.
>qemu-kvm-1.2.0/migration.c:287: check_after_deref: Null-checking &quot;s-&gt;file&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def903'/>Error: REVERSE_INULL (CWE-476): <a href ='#def903'>[#def903]</a>
>qemu-kvm-1.2.0/ui/keymaps.c:131: deref_ptr_in_call: Dereferencing pointer &quot;rest&quot;.
>qemu-kvm-1.2.0/ui/keymaps.c:133: check_after_deref: Null-checking &quot;rest&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
>
><a name='def904'/>Error: SECURE_TEMP (CWE-377): <a href ='#def904'>[#def904]</a>
>qemu-kvm-1.2.0/block.c:430: cond_true: Condition &quot;!tmpdir&quot;, taking true branch
>qemu-kvm-1.2.0/block.c:432: cond_false: Condition &quot;snprintf(filename, size, &quot;%s/vl.XXXXXX&quot;, tmpdir) &gt;= size&quot;, taking false branch
>qemu-kvm-1.2.0/block.c:434: if_end: End of if statement
>qemu-kvm-1.2.0/block.c:435: secure_temp: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.
>
><a name='def905'/>Error: SECURE_TEMP (CWE-377): <a href ='#def905'>[#def905]</a>
>qemu-kvm-1.2.0/exec.c:2375: cond_false: Condition &quot;!hpagesize&quot;, taking false branch
>qemu-kvm-1.2.0/exec.c:2377: if_end: End of if statement
>qemu-kvm-1.2.0/exec.c:2379: cond_false: Condition &quot;memory &lt; hpagesize&quot;, taking false branch
>qemu-kvm-1.2.0/exec.c:2381: if_end: End of if statement
>qemu-kvm-1.2.0/exec.c:2383: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/exec.c:2386: if_end: End of if statement
>qemu-kvm-1.2.0/exec.c:2388: cond_false: Condition &quot;asprintf(&amp;filename, &quot;%s/qemu_back_mem.XXXXXX&quot;, path) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/exec.c:2390: if_end: End of if statement
>qemu-kvm-1.2.0/exec.c:2392: secure_temp: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.
>
><a name='def906'/>Error: SECURE_TEMP (CWE-377): <a href ='#def906'>[#def906]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5052: cond_true: Condition &quot;fake_open-&gt;filename&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5053: cond_true: Condition &quot;!__coverity_strncmp(pathname, fake_open-&gt;filename, strlen(fake_open-&gt;filename))&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5055: break: Breaking from loop
>qemu-kvm-1.2.0/linux-user/syscall.c:5057: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/syscall.c:5059: cond_true: Condition &quot;fake_open-&gt;filename&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5066: cond_true: Condition &quot;!tmpdir&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5069: secure_temp: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.
>
><a name='def907'/>Error: SECURE_TEMP (CWE-377): <a href ='#def907'>[#def907]</a>
>qemu-kvm-1.2.0/qemu-sockets.c:664: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:667: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-sockets.c:671: cond_true: Condition &quot;path&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:671: cond_false: Condition &quot;strlen(path)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-sockets.c:673: else_branch: Reached else branch
>qemu-kvm-1.2.0/qemu-sockets.c:675: cond_true: Condition &quot;tmpdir&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-sockets.c:684: secure_temp: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.
>
><a name='def908'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def908'>[#def908]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1267: sign_extension: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def909'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def909'>[#def909]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1277: sign_extension: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def910'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def910'>[#def910]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1287: sign_extension: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def911'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def911'>[#def911]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1297: sign_extension: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def912'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def912'>[#def912]</a>
>qemu-kvm-1.2.0/hw/omap_dma.c:1045: sign_extension: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def913'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def913'>[#def913]</a>
>qemu-kvm-1.2.0/hw/omap1.c:2704: sign_extension: Suspicious implicit sign extension: &quot;from_bcd(value)&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;from_bcd(value) * 31536000&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed). If &quot;from_bcd(value) * 31536000&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def914'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def914'>[#def914]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:204: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def915'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def915'>[#def915]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:223: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def916'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def916'>[#def916]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:243: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[23]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[23]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def917'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def917'>[#def917]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:381: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[11]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[11] &lt;&lt; 16) | s-&gt;regs[10]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[11] &lt;&lt; 16) | s-&gt;regs[10]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def918'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def918'>[#def918]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:355: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def919'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def919'>[#def919]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:390: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def920'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def920'>[#def920]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:424: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def921'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def921'>[#def921]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:431: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def922'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def922'>[#def922]</a>
>qemu-kvm-1.2.0/hw/megasas.c:391: sign_extension: Suspicious implicit sign extension: &quot;id&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;id &lt;&lt; 24&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;id &lt;&lt; 24&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def923'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def923'>[#def923]</a>
>qemu-kvm-1.2.0/hw/fdc.c:136: sign_extension: Suspicious implicit sign extension: &quot;parse-&gt;last_sect&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(parse-&gt;max_head + 1) * parse-&gt;max_track * parse-&gt;last_sect&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(parse-&gt;max_head + 1) * parse-&gt;max_track * parse-&gt;last_sect&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def924'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def924'>[#def924]</a>
>qemu-kvm-1.2.0/cris-dis.c:2114: sign_extension: Suspicious implicit sign extension: &quot;buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed). If &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def925'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def925'>[#def925]</a>
>qemu-kvm-1.2.0/cris-dis.c:2331: sign_extension: Suspicious implicit sign extension: &quot;prefix_buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed). If &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def926'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def926'>[#def926]</a>
>qemu-kvm-1.2.0/cris-dis.c:2025: sign_extension: Suspicious implicit sign extension: &quot;buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def927'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def927'>[#def927]</a>
>qemu-kvm-1.2.0/cris-dis.c:2217: sign_extension: Suspicious implicit sign extension: &quot;prefix_buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def928'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def928'>[#def928]</a>
>qemu-kvm-1.2.0/m68k-dis.c:4693: sign_extension: Suspicious implicit sign extension: &quot;data[cur_byte]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;data[cur_byte] &lt;&lt; cur_bitshift&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;data[cur_byte] &lt;&lt; cur_bitshift&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def929'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def929'>[#def929]</a>
>qemu-kvm-1.2.0/hw/lan9118.c:1159: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;write_word_h&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;s-&gt;write_word_l + (s-&gt;write_word_h &lt;&lt; 16)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;s-&gt;write_word_l + (s-&gt;write_word_h &lt;&lt; 16)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def930'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def930'>[#def930]</a>
>qemu-kvm-1.2.0/hw/qxl-render.c:199: sign_extension: Suspicious implicit sign extension: &quot;cursor-&gt;header.height&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def931'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def931'>[#def931]</a>
>qemu-kvm-1.2.0/hw/qxl-render.c:199: sign_extension: Suspicious implicit sign extension: &quot;cursor-&gt;header.width&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def932'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def932'>[#def932]</a>
>qemu-kvm-1.2.0/hw/mcf_fec.c:235: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(s-&gt;conf.macaddr.a[0] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[1] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 8) | s-&gt;conf.macaddr.a[3]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;conf.macaddr.a[0] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[1] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 8) | s-&gt;conf.macaddr.a[3]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def933'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def933'>[#def933]</a>
>qemu-kvm-1.2.0/hw/mcf_fec.c:239: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[4]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(s-&gt;conf.macaddr.a[4] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[5] &lt;&lt; 16) | 0x8808&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;conf.macaddr.a[4] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[5] &lt;&lt; 16) | 0x8808&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def934'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def934'>[#def934]</a>
>qemu-kvm-1.2.0/hw/stellaris_enet.c:173: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;s-&gt;conf.macaddr.a[0] | (s-&gt;conf.macaddr.a[1] &lt;&lt; 8) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[3] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;s-&gt;conf.macaddr.a[0] | (s-&gt;conf.macaddr.a[1] &lt;&lt; 8) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[3] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def935'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def935'>[#def935]</a>
>qemu-kvm-1.2.0/arm-dis.c:4041: sign_extension: Suspicious implicit sign extension: &quot;b[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;b[3] | (b[2] &lt;&lt; 8) | (b[1] &lt;&lt; 16) | (b[0] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed). If &quot;b[3] | (b[2] &lt;&lt; 8) | (b[1] &lt;&lt; 16) | (b[0] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def936'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def936'>[#def936]</a>
>qemu-kvm-1.2.0/arm-dis.c:4039: sign_extension: Suspicious implicit sign extension: &quot;b[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;b[0] | (b[1] &lt;&lt; 8) | (b[2] &lt;&lt; 16) | (b[3] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed). If &quot;b[0] | (b[1] &lt;&lt; 8) | (b[2] &lt;&lt; 16) | (b[3] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def937'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def937'>[#def937]</a>
>qemu-kvm-1.2.0/microblaze-dis.c:773: sign_extension: Suspicious implicit sign extension: &quot;ibytes[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(ibytes[0] &lt;&lt; 24) | (ibytes[1] &lt;&lt; 16) | (ibytes[2] &lt;&lt; 8) | ibytes[3]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(ibytes[0] &lt;&lt; 24) | (ibytes[1] &lt;&lt; 16) | (ibytes[2] &lt;&lt; 8) | ibytes[3]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def938'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def938'>[#def938]</a>
>qemu-kvm-1.2.0/microblaze-dis.c:775: sign_extension: Suspicious implicit sign extension: &quot;ibytes[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(ibytes[3] &lt;&lt; 24) | (ibytes[2] &lt;&lt; 16) | (ibytes[1] &lt;&lt; 8) | ibytes[0]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(ibytes[3] &lt;&lt; 24) | (ibytes[2] &lt;&lt; 16) | (ibytes[1] &lt;&lt; 8) | ibytes[0]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def939'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def939'>[#def939]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:751: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def940'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def940'>[#def940]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:805: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def941'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def941'>[#def941]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:809: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def942'/>Error: SIGN_EXTENSION (CWE-194): <a href ='#def942'>[#def942]</a>
>qemu-kvm-1.2.0/hw/dp8393x.c:818: sign_extension: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned). If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
>
><a name='def943'/>Error: SIZEOF_MISMATCH (CWE-569): <a href ='#def943'>[#def943]</a>
>qemu-kvm-1.2.0/target-ppc/translate_init.c:9649: suspicious_sizeof: Passing argument &quot;1024UL /* 32 * sizeof (opc_handler_t) */&quot; to function &quot;malloc(size_t)&quot; and then casting the return value to &quot;opc_handler_t **&quot; is suspicious.
>
><a name='def944'/>Error: SIZEOF_MISMATCH (CWE-569): <a href ='#def944'>[#def944]</a>
>qemu-kvm-1.2.0/block/vvfat.c:2849: suspicious_sizeof: Passing argument &quot;8UL /* sizeof (void *) */&quot; to function &quot;g_malloc(gsize)&quot; which returns a value of type &quot;void *&quot; is suspicious.
>
><a name='def945'/>Error: SIZEOF_MISMATCH (CWE-569): <a href ='#def945'>[#def945]</a>
>qemu-kvm-1.2.0/hw/qxl.c:238: suspicious_sizeof: Passing argument &quot;qxl-&gt;guest_surfaces.cmds&quot; of type &quot;QXLPHYSICAL *&quot; and argument &quot;8UL /* sizeof (qxl-&gt;guest_surfaces.cmds) */ * qxl-&gt;ssd.num_surfaces&quot; to function &quot;memset(void *, int, size_t)&quot; is suspicious. Did you intend to use &quot;sizeof(*qxl-&gt;guest_surfaces.cmds)&quot; instead of &quot;sizeof (qxl-&gt;guest_surfaces.cmds)&quot; ? In this particular case sizeof(QXLPHYSICAL *) happens to be equal to sizeof(QXLPHYSICAL), but this is not a portable assumption.
>
><a name='def946'/>Error: SIZEOF_MISMATCH (CWE-569): <a href ='#def946'>[#def946]</a>
>qemu-kvm-1.2.0/hw/qxl.c:952: suspicious_sizeof: Passing argument &quot;caps&quot; of type &quot;uint8_t *&quot; and argument &quot;8UL /* sizeof (caps) */&quot; to function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; is suspicious.
>
><a name='def947'/>Error: SIZEOF_MISMATCH (CWE-569): <a href ='#def947'>[#def947]</a>
>qemu-kvm-1.2.0/hw/qxl.c:954: suspicious_sizeof: Passing argument &quot;caps&quot; of type &quot;uint8_t *&quot; and argument &quot;8UL /* sizeof (caps) */&quot; to function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; is suspicious.
>
><a name='def948'/>Error: STRING_NULL (CWE-170): <a href ='#def948'>[#def948]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:781: string_null_argument: Function &quot;readlink(char const * restrict, char * restrict, size_t)&quot; does not terminate string &quot;*driver&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:782: cond_false: Condition &quot;r &lt;= 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:782: cond_false: Condition &quot;r &gt;= 4096UL /* sizeof (driver) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:784: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:786: string_null: Passing unterminated string &quot;driver&quot; to &quot;strrchr(char const *, int)&quot;, which expects a null-terminated string.
>
><a name='def949'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def949'>[#def949]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1104: cond_false: Condition &quot;sockfd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1107: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1108: fixed_size_dest: You might overrun the 108 byte fixed-size string &quot;helper.sun_path&quot; by copying &quot;path&quot; without checking the length.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1108: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
>
><a name='def950'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def950'>[#def950]</a>
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.mod == 3&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.reg == 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6202: cond_true: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6215: cond_true: Condition &quot;modrm.rm&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6219: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6220: fixed_size_dest: You might overrun the 100 byte fixed-size string &quot;op_out[0]&quot; by copying &quot;names[0]&quot; without checking the length.
>
><a name='def951'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def951'>[#def951]</a>
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.mod == 3&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.reg == 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6202: cond_true: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6215: cond_false: Condition &quot;modrm.rm&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:6223: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:6226: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6229: cond_false: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:6233: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:6234: cond_true: Condition &quot;address_mode != mode_32bit&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6238: fixed_size_dest: You might overrun the 100 byte fixed-size string &quot;op_out[0]&quot; by copying &quot;op1_names[0]&quot; without checking the length.
>
><a name='def952'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def952'>[#def952]</a>
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.mod == 3&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.reg == 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6202: cond_true: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6215: cond_true: Condition &quot;modrm.rm&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6219: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6221: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/i386-dis.c:6241: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:6242: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6244: fixed_size_dest: You might overrun the 100 byte fixed-size string &quot;op_out[1]&quot; by copying &quot;names[1]&quot; without checking the length.
>
><a name='def953'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def953'>[#def953]</a>
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.mod == 3&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.reg == 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6193: cond_true: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6202: cond_true: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6206: cond_true: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6215: cond_false: Condition &quot;modrm.rm&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:6223: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:6226: cond_true: Condition &quot;!intel_syntax&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6229: cond_false: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:6233: else_branch: Reached else branch
>qemu-kvm-1.2.0/i386-dis.c:6234: cond_true: Condition &quot;address_mode != mode_32bit&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6239: fixed_size_dest: You might overrun the 100 byte fixed-size string &quot;op_out[2]&quot; by copying &quot;names[2]&quot; without checking the length.
>
><a name='def954'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def954'>[#def954]</a>
>qemu-kvm-1.2.0/i386-dis.c:6260: switch: Switch case value &quot;216&quot;
>qemu-kvm-1.2.0/i386-dis.c:6262: switch_case: Reached case &quot;216&quot;
>qemu-kvm-1.2.0/i386-dis.c:6264: break: Breaking from switch
>qemu-kvm-1.2.0/i386-dis.c:6289: switch_end: Reached end of switch
>qemu-kvm-1.2.0/i386-dis.c:6293: cond_true: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/i386-dis.c:6296: cond_false: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch
>qemu-kvm-1.2.0/i386-dis.c:6300: if_end: End of if statement
>qemu-kvm-1.2.0/i386-dis.c:6302: switch: Switch case value &quot;223&quot;
>qemu-kvm-1.2.0/i386-dis.c:6304: switch_case: Reached case &quot;223&quot;
>qemu-kvm-1.2.0/i386-dis.c:6305: fixed_size_dest: You might overrun the 100 byte fixed-size string &quot;op_out[1]&quot; by copying &quot;names32[1]&quot; without checking the length.
>
><a name='def955'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def955'>[#def955]</a>
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1293: cond_false: Condition &quot;dev-&gt;fd != -1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1295: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1298: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1300: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1305: fixed_size_dest: You might overrun the 16 byte fixed-size string &quot;dev-&gt;port&quot; by copying &quot;port&quot; without checking the length.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1305: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
>
><a name='def956'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def956'>[#def956]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;122&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6913: switch_case: Reached case &quot;122&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6918: cond_false: Condition &quot;!(buf = lock_user(1, arg1, 390L /* sizeof (*buf) */, 0))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6919: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6921: cond_true: Condition &quot;!is_error(ret)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6924: fixed_size_dest: You might overrun the 65 byte fixed-size string &quot;buf-&gt;machine&quot; by copying the return value of &quot;cpu_to_uname_machine(void *)&quot; without checking the length.
>
><a name='def957'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def957'>[#def957]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:5103: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106: switch: Switch case value &quot;122&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6913: switch_case: Reached case &quot;122&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6918: cond_false: Condition &quot;!(buf = lock_user(1, arg1, 390L /* sizeof (*buf) */, 0))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6919: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6921: cond_true: Condition &quot;!is_error(ret)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6926: cond_true: Condition &quot;qemu_uname_release&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6926: cond_true: Condition &quot;*qemu_uname_release&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6927: fixed_size_dest: You might overrun the 65 byte fixed-size string &quot;buf-&gt;release&quot; by copying &quot;qemu_uname_release&quot; without checking the length.
>
><a name='def958'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def958'>[#def958]</a>
>qemu-kvm-1.2.0/cris-dis.c:1934: cond_true: Condition &quot;*s == &apos;p&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1937: cond_false: Condition &quot;*s == &apos;m&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1937: cond_false: Condition &quot;*s == &apos;M&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1937: cond_false: Condition &quot;*s == &apos;z&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1949: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1953: cond_false: Condition &quot;opcodep-&gt;match != 3583U /* 255 + 13 * 256 */&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:1954: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1958: cond_true: Condition &quot;opcodep-&gt;name[0] == &apos;j&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1960: cond_true: Condition &quot;__coverity_strncmp(opcodep-&gt;name, &quot;jsr&quot;, 3UL /* sizeof (&quot;jsr&quot;) - 1 */) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1962: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/cris-dis.c:1965: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:1972: cond_true: Condition &quot;*s&quot;, taking true branch
>qemu-kvm-1.2.0/cris-dis.c:1974: switch: Switch case value &quot;&apos;P&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2500: switch_case: Reached case &quot;&apos;P&apos;&quot;
>qemu-kvm-1.2.0/cris-dis.c:2505: cond_false: Condition &quot;sregp-&gt;name == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2509: else_branch: Reached else branch
>qemu-kvm-1.2.0/cris-dis.c:2510: cond_false: Condition &quot;with_reg_prefix&quot;, taking false branch
>qemu-kvm-1.2.0/cris-dis.c:2511: if_end: End of if statement
>qemu-kvm-1.2.0/cris-dis.c:2512: fixed_size_dest: You might overrun the 62 byte fixed-size string &quot;tp&quot; by copying &quot;sregp-&gt;name&quot; without checking the length.
>
><a name='def959'/>Error: STRING_OVERFLOW (CWE-120): <a href ='#def959'>[#def959]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: cond_false: Condition &quot;!access(path, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: cond_false: Condition &quot;sock &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:713: fixed_size_dest: You might overrun the 108 byte fixed-size string &quot;proxy.sun_path&quot; by copying &quot;path&quot; without checking the length.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:713: parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function.
>
><a name='def960'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def960'>[#def960]</a>
>qemu-kvm-1.2.0/hw/loader.c:448: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:449: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:451: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;hdr&quot;.
>qemu-kvm-1.2.0/hw/loader.c:452: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:453: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:457: cond_false: Condition &quot;hdr-&gt;ih_magic != 654645590&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:458: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:461: cond_false: Condition &quot;hdr-&gt;ih_type != 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:464: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:466: switch: Switch case value &quot;0&quot;
>qemu-kvm-1.2.0/hw/loader.c:467: switch_case: Reached case &quot;0&quot;
>qemu-kvm-1.2.0/hw/loader.c:469: break: Breaking from switch
>qemu-kvm-1.2.0/hw/loader.c:475: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/loader.c:478: cond_true: Condition &quot;is_linux&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:479: cond_true: Condition &quot;hdr-&gt;ih_os == 5&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:480: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/loader.c:482: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:488: tainted_data: Passing tainted variable &quot;hdr-&gt;ih_size&quot; to a tainted sink.
>
><a name='def961'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def961'>[#def961]</a>
>qemu-kvm-1.2.0/hw/loader.c:191: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:192: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:194: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;e&quot;.
>qemu-kvm-1.2.0/hw/loader.c:195: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:196: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:198: cond_true: Condition &quot;bswap_needed&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:203: switch: Switch case value &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:214: switch_case: Reached case &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_false: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:216: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:217: cond_true: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:219: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:220: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:221: cond_true: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:221: cond_true: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:221: tainted_data: Passing tainted variable &quot;e.a_data&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:97:5: tainted_data_sink_lv_call: Passing tainted variable &quot;nbytes&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def962'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def962'>[#def962]</a>
>qemu-kvm-1.2.0/hw/loader.c:191: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:192: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:194: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;e&quot;.
>qemu-kvm-1.2.0/hw/loader.c:195: cond_false: Condition &quot;size &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:196: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:198: cond_true: Condition &quot;bswap_needed&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:203: switch: Switch case value &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:214: switch_case: Reached case &quot;264U&quot;
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_true: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:215: cond_false: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:216: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:217: cond_true: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch
>qemu-kvm-1.2.0/hw/loader.c:218: tainted_data: Passing tainted variable &quot;e.a_text&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:97:5: tainted_data_sink_lv_call: Passing tainted variable &quot;nbytes&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def963'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def963'>[#def963]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:109: tainted_data_return: Function &quot;load_at(int, int, int)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_argument: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/loader.c:245:5: cond_false: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:248:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:249:5: return_tainted_data: Returning tainted variable &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:109: var_assign: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:111: cond_false: Condition &quot;!shdr_table&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:112: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:114: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_true: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_true: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_false: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:121: cond_false: Condition &quot;!symtab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:122: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:124: cond_false: Condition &quot;!syms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:125: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:130: cond_false: Condition &quot;i &lt; nsyms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:149: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:150: cond_false: Condition &quot;nsyms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:159: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/elf_ops.h:165: cond_false: Condition &quot;symtab-&gt;sh_link &gt;= ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:166: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:167: var_assign_var: Assigning: &quot;strtab&quot; = &quot;shdr_table + symtab-&gt;sh_link&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:169: tainted_data: Passing tainted variable &quot;strtab-&gt;sh_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def964'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def964'>[#def964]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:109: tainted_data_return: Function &quot;load_at(int, int, int)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_argument: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/loader.c:245:5: cond_false: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:248:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:249:5: return_tainted_data: Returning tainted variable &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:109: var_assign: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:111: cond_false: Condition &quot;!shdr_table&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:112: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:114: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_false: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:120: tainted_data_transitive: Call to function &quot;find_section32(struct elf32_shdr *, int, int)&quot; with tainted argument &quot;shdr_table&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/elf_ops.h:56:5: cond_true: Condition &quot;i &lt; n&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:57:9: cond_true: Condition &quot;(shdr_table + i).sh_type == type&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:58:13: return_tainted_data: Returning tainted variable &quot;shdr_table + i&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:120: var_assign: Assigning: &quot;symtab&quot; = &quot;find_section32(struct elf32_shdr *, int, int)&quot;, which taints &quot;symtab&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:121: cond_false: Condition &quot;!symtab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:122: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:123: tainted_data: Passing tainted variable &quot;symtab-&gt;sh_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def965'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def965'>[#def965]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:237: var_assign_var: Assigning: &quot;size&quot; = &quot;ehdr.e_phnum * 32UL&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data: Passing tainted variable &quot;size&quot; to a tainted sink.
>
><a name='def966'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def966'>[#def966]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:235: tainted_data: Passing tainted variable &quot;ehdr.e_shnum&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/elf_ops.h:109:5: tainted_data_sink_lv_call: Passing tainted variable &quot;40UL * ehdr-&gt;e_shnum&quot; to tainted data sink &quot;load_at(int, int, int)&quot;.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def967'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def967'>[#def967]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: tainted_data: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.
>
><a name='def968'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def968'>[#def968]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: tainted_data: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.
>
><a name='def969'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def969'>[#def969]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def970'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def970'>[#def970]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def971'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def971'>[#def971]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:286: var_assign_var: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_false: Condition &quot;addr &lt; low&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:288: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def972'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def972'>[#def972]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:286: var_assign_var: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def973'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def973'>[#def973]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def974'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def974'>[#def974]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def975'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def975'>[#def975]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def976'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def976'>[#def976]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def977'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def977'>[#def977]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def978'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def978'>[#def978]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def979'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def979'>[#def979]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def980'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def980'>[#def980]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:109: tainted_data_return: Function &quot;load_at(int, int, int)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_argument: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/loader.c:245:5: cond_false: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:248:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:249:5: return_tainted_data: Returning tainted variable &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:109: var_assign: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:111: cond_false: Condition &quot;!shdr_table&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:112: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:114: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_true: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_true: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_false: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:121: cond_false: Condition &quot;!symtab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:122: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:124: cond_false: Condition &quot;!syms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:125: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:130: cond_false: Condition &quot;i &lt; nsyms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:149: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:150: cond_false: Condition &quot;nsyms&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:159: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/elf_ops.h:165: cond_false: Condition &quot;symtab-&gt;sh_link &gt;= ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:166: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:167: var_assign_var: Assigning: &quot;strtab&quot; = &quot;shdr_table + symtab-&gt;sh_link&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:169: tainted_data: Passing tainted variable &quot;strtab-&gt;sh_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def981'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def981'>[#def981]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:109: tainted_data_return: Function &quot;load_at(int, int, int)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_argument: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/loader.c:245:5: cond_false: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:248:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:249:5: return_tainted_data: Returning tainted variable &quot;ptr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:109: var_assign: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:111: cond_false: Condition &quot;!shdr_table&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:112: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:114: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:115: cond_false: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:117: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:120: tainted_data_transitive: Call to function &quot;find_section64(struct elf64_shdr *, int, int)&quot; with tainted argument &quot;shdr_table&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/elf_ops.h:56:5: cond_true: Condition &quot;i &lt; n&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:57:9: cond_true: Condition &quot;(shdr_table + i).sh_type == type&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:58:13: return_tainted_data: Returning tainted variable &quot;shdr_table + i&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:120: var_assign: Assigning: &quot;symtab&quot; = &quot;find_section64(struct elf64_shdr *, int, int)&quot;, which taints &quot;symtab&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:121: cond_false: Condition &quot;!symtab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:122: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:123: tainted_data: Passing tainted variable &quot;symtab-&gt;sh_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def982'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def982'>[#def982]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:237: var_assign_var: Assigning: &quot;size&quot; = &quot;ehdr.e_phnum * 56UL&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data: Passing tainted variable &quot;size&quot; to a tainted sink.
>
><a name='def983'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def983'>[#def983]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:235: tainted_data: Passing tainted variable &quot;ehdr.e_shnum&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/elf_ops.h:109:5: tainted_data_sink_lv_call: Passing tainted variable &quot;64UL * ehdr-&gt;e_shnum&quot; to tainted data sink &quot;load_at(int, int, int)&quot;.
>qemu-kvm-1.2.0/hw/loader.c:242:5: cond_false: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/loader.c:243:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/loader.c:245:5: tainted_data_sink_lv_call: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def984'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def984'>[#def984]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: tainted_data: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.
>
><a name='def985'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def985'>[#def985]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: tainted_data: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.
>
><a name='def986'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def986'>[#def986]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def987'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def987'>[#def987]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def988'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def988'>[#def988]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:286: var_assign_var: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_false: Condition &quot;addr &lt; low&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:288: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def989'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def989'>[#def989]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:286: var_assign_var: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def990'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def990'>[#def990]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def991'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def991'>[#def991]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:287: cond_true: Condition &quot;addr &lt; low&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:289: cond_true: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:295: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def992'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def992'>[#def992]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def993'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def993'>[#def993]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def994'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def994'>[#def994]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_true: Condition &quot;must_swab&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:246: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:245: cond_false: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:248: loop_end: Reached end of loop
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def995'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def995'>[#def995]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:255: var_assign_var: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: cond_false: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:262: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:266: cond_true: Condition &quot;translate_fn&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:268: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:270: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:275: cond_false: Condition &quot;!translate_fn&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:281: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:284: tainted_data: Passing tainted variable &quot;mem_size&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/loader.c:643:5: var_assign_parm: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.
>qemu-kvm-1.2.0/hw/loader.c:645:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def996'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def996'>[#def996]</a>
>qemu-kvm-1.2.0/hw/elf_ops.h:205: cond_false: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:206: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:207: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:209: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:211: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:212: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/hw/elf_ops.h:213: cond_true: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:214: cond_false: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:215: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:216: break: Breaking from switch
>qemu-kvm-1.2.0/hw/elf_ops.h:230: switch_end: Reached end of switch
>qemu-kvm-1.2.0/hw/elf_ops.h:232: cond_true: Condition &quot;pentry&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:240: cond_false: Condition &quot;!phdr&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:241: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:242: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:242: cond_false: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:243: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:244: cond_false: Condition &quot;must_swab&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:249: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:252: cond_true: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:253: var_assign_var: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/elf_ops.h:254: cond_true: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: cond_true: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/elf_ops.h:258: lower_bounds: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.
>qemu-kvm-1.2.0/hw/elf_ops.h:259: cond_false: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/elf_ops.h:260: if_end: End of if statement
>qemu-kvm-1.2.0/hw/elf_ops.h:261: tainted_data: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def997'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def997'>[#def997]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: cond_false: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1893: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1896: cond_true: Condition &quot;i &lt; shnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1897: cond_true: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1900: goto: Jumping to label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1907: label: Reached label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1910: cond_false: Condition &quot;!s&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1912: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1914: var_assign_var: Assigning: &quot;i&quot; = &quot;(shdr + str_idx).sh_size&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1915: tainted_data: Passing tainted variable &quot;i&quot; to a tainted sink.
>
><a name='def998'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def998'>[#def998]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: cond_false: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1893: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1896: cond_true: Condition &quot;i &lt; shnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1897: cond_true: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1900: goto: Jumping to label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1907: label: Reached label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1910: cond_false: Condition &quot;!s&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1912: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1916: cond_false: Condition &quot;!strings&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1916: cond_false: Condition &quot;pread(fd, strings, i, (shdr + str_idx).sh_offset) != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1918: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1920: var_assign_var: Assigning: &quot;i&quot; = &quot;(shdr + sym_idx).sh_size&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1921: tainted_data: Passing tainted variable &quot;i&quot; to a tainted sink.
>
><a name='def999'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def999'>[#def999]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1891: cond_false: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1893: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1896: cond_true: Condition &quot;i &lt; shnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1897: cond_true: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1899: var_assign_var: Assigning: &quot;str_idx&quot; = &quot;(shdr + i).sh_link&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1900: goto: Jumping to label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1907: label: Reached label &quot;found&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:1910: cond_false: Condition &quot;!s&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1912: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1914: tainted_data: Using tainted variable &quot;str_idx&quot; as an index to pointer &quot;shdr&quot;.
>
><a name='def1000'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1000'>[#def1000]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;146&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7197:10: switch_case: Reached case &quot;146&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7199:23: parm_assign_alias: Assigning: &quot;count&quot; = &quot;arg3&quot;, which taints &quot;count&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:7203:13: cond_false: Condition &quot;lock_iovec(0, vec, arg2, count, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:7204:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:7205:13: data_index: Passing tainted variable &quot;count&quot; to a tainted data index sink.
>
><a name='def1001'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1001'>[#def1001]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;57&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5700:10: switch_case: Reached case &quot;57&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5701:9: tainted_data_sink_lv_call: Passing tainted variable &quot;arg2&quot; to tainted data sink &quot;setpgid(__pid_t, __pid_t)&quot;.
>
><a name='def1002'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1002'>[#def1002]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;37&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5579:10: switch_case: Reached case &quot;37&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5580:9: data_index: Passing tainted variable &quot;arg2&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: cond_false: Condition &quot;sig &gt;= 65&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/signal.c:113:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: upper_bounds: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:114:5: data_index: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.
>
><a name='def1003'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1003'>[#def1003]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;146&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7197:10: switch_case: Reached case &quot;146&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:7199:23: parm_assign_alias: Assigning: &quot;count&quot; = &quot;arg3&quot;, which taints &quot;count&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:7203:13: cond_false: Condition &quot;lock_iovec(0, vec, arg2, count, 1) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:7204:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:7205:13: data_index: Passing tainted variable &quot;count&quot; to a tainted data index sink.
>
><a name='def1004'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1004'>[#def1004]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[1]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;57&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5700:10: switch_case: Reached case &quot;57&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5701:9: tainted_data_sink_lv_call: Passing tainted variable &quot;arg1&quot; to tainted data sink &quot;setpgid(__pid_t, __pid_t)&quot;.
>
><a name='def1005'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1005'>[#def1005]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;37&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5579:10: switch_case: Reached case &quot;37&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5580:9: data_index: Passing tainted variable &quot;arg2&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: cond_false: Condition &quot;sig &gt;= 65&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/signal.c:113:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: upper_bounds: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:114:5: data_index: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.
>
><a name='def1006'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1006'>[#def1006]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5153:10: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5154:9: cond_false: Condition &quot;arg3 == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5156:14: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5157:13: cond_false: Condition &quot;!(p = lock_user(1, arg2, arg3, 0))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5158:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:5159:13: tainted_data_sink_lv_call: Passing tainted variable &quot;arg3&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.
>
><a name='def1007'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1007'>[#def1007]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data_return: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_data: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;265&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8463:10: switch_case: Reached case &quot;265&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:8464:2: data_index: Passing tainted variable &quot;arg3&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: cond_false: Condition &quot;sig &gt;= 65&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/signal.c:113:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/signal.c:112:5: upper_bounds: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.
>qemu-kvm-1.2.0/linux-user/signal.c:114:5: data_index: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.
>
><a name='def1008'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1008'>[#def1008]</a>
>qemu-kvm-1.2.0/hw/pc.c:684: cond_false: Condition &quot;!f&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:684: cond_false: Condition &quot;!(kernel_size = get_file_size(f))&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:684: cond_true: Condition &quot;8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:684: tainted_data_argument: Calling function &quot;fread(void * restrict, size_t, size_t, FILE * restrict)&quot; taints argument &quot;header&quot;.
>qemu-kvm-1.2.0/hw/pc.c:684: cond_true: Condition &quot;8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:684: cond_false: Condition &quot;fread(header, 1, ((8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size) ? 8192UL /* sizeof (header) / sizeof (header[0]) */ : kernel_size), f) != ((8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size) ? 8192UL /* sizeof (header) / sizeof (header[0]) */ : kernel_size)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:690: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:696: cond_true: Condition &quot;ldl_le_p(&amp;header[514]) == 1400005704&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:697: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pc.c:705: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:707: cond_true: Condition &quot;protocol &lt; 512&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:712: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pc.c:722: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:735: cond_false: Condition &quot;protocol &gt;= 515&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:738: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/pc.c:740: cond_true: Condition &quot;initrd_max &gt;= max_ram_size - 65536&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:745: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:749: cond_false: Condition &quot;protocol &gt;= 514&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:751: else_branch: Reached else branch
>qemu-kvm-1.2.0/hw/pc.c:758: cond_true: Condition &quot;vmode&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:762: cond_true: Condition &quot;!__coverity_strncmp(vmode, &quot;normal&quot;, 6)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/pc.c:764: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/pc.c:770: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:778: cond_false: Condition &quot;protocol &gt;= 512&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:779: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:782: cond_false: Condition &quot;protocol &gt;= 513&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:785: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:788: cond_false: Condition &quot;initrd_filename&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:812: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:815: lower_bounds: Casting narrower unsigned &quot;header[497]&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/pc.c:815: var_assign_var: Assigning: &quot;setup_size&quot; = &quot;header[497]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/pc.c:816: cond_false: Condition &quot;setup_size == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/pc.c:817: if_end: End of if statement
>qemu-kvm-1.2.0/hw/pc.c:818: var_assign_var: Assigning: &quot;setup_size&quot; = &quot;(setup_size + 1) * 512&quot;. Both are now tainted.
>qemu-kvm-1.2.0/hw/pc.c:819: var_assign_var: Compound assignment involving tainted variable &quot;setup_size&quot; to variable &quot;kernel_size&quot; taints &quot;kernel_size&quot;.
>qemu-kvm-1.2.0/hw/pc.c:824: tainted_data: Passing tainted variable &quot;setup_size&quot; to a tainted sink.
>
><a name='def1009'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1009'>[#def1009]</a>
>qemu-kvm-1.2.0/linux-user/syscall.c:775: cond_false: Condition &quot;!new_brk&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:778: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:779: cond_false: Condition &quot;new_brk &lt; target_original_brk&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:783: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:787: cond_false: Condition &quot;new_brk &lt;= brk_page&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:796: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:805: tainted_data_return: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_data: Returning tainted variable &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:805: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(brk_page, new_alloc_size, 3, 34, 0, 0U)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:805: var_assign: Assigning: &quot;mapped_addr&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;mapped_addr&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:809: cond_false: Condition &quot;mapped_addr == brk_page&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:824: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:824: cond_true: Condition &quot;mapped_addr != -1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:828: tainted_data: Passing tainted variable &quot;mapped_addr&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/mmap.c:643:5: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:644:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:646:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:647:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:653:5: cond_true: Condition &quot;start &gt; real_start&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:653:5: lower_bounds: Checking lower bounds of unsigned scalar &quot;start&quot; by &quot;start &gt; real_start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:656:9: a_loop_bound: Using tainted variable &quot;start&quot; as a loop boundary.
>
><a name='def1010'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1010'>[#def1010]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2783: switch_case: Reached case &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2785: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2786: switch_case: Reached case &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2787: var_assign_var: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2788: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1011'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1011'>[#def1011]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2783: switch_case: Reached case &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2785: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2786: switch_case: Reached case &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2787: var_assign_var: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2788: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1012'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1012'>[#def1012]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2783: switch_case: Reached case &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2785: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2786: switch_case: Reached case &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2787: var_assign_var: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2788: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1013'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1013'>[#def1013]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2783: switch_case: Reached case &quot;80&quot;
>qemu-kvm-1.2.0/vl.c:2785: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2786: switch_case: Reached case &quot;25&quot;
>qemu-kvm-1.2.0/vl.c:2787: var_assign_var: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2788: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1014'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1014'>[#def1014]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1015'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1015'>[#def1015]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1016'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1016'>[#def1016]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1017'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1017'>[#def1017]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2777: switch_case: Reached case &quot;87&quot;
>qemu-kvm-1.2.0/vl.c:2778: var_assign_var: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2779: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1018'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1018'>[#def1018]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1019'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1019'>[#def1019]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1020'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1020'>[#def1020]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1021'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1021'>[#def1021]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2774: switch_case: Reached case &quot;86&quot;
>qemu-kvm-1.2.0/vl.c:2775: var_assign_var: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2776: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1022'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1022'>[#def1022]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1023'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1023'>[#def1023]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1024'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1024'>[#def1024]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1025'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1025'>[#def1025]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2765: switch_case: Reached case &quot;84&quot;
>qemu-kvm-1.2.0/vl.c:2766: var_assign_var: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2767: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1026'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1026'>[#def1026]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1027'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1027'>[#def1027]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1028'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1028'>[#def1028]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1029'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1029'>[#def1029]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2762: switch_case: Reached case &quot;83&quot;
>qemu-kvm-1.2.0/vl.c:2763: var_assign_var: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2764: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1030'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1030'>[#def1030]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1031'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1031'>[#def1031]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1032'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1032'>[#def1032]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1033'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1033'>[#def1033]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2736: switch_case: Reached case &quot;22&quot;
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;value &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2742: cond_false: Condition &quot;*end&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2745: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2748: cond_false: Condition &quot;ram_size != sz&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2751: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2752: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2754: switch_case: Reached case &quot;23&quot;
>qemu-kvm-1.2.0/vl.c:2755: var_assign_var: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2756: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1034'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1034'>[#def1034]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1035'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1035'>[#def1035]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1036'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1036'>[#def1036]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1037'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1037'>[#def1037]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2703: switch_case: Reached case &quot;60&quot;
>qemu-kvm-1.2.0/vl.c:2704: var_assign_var: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2705: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1038'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1038'>[#def1038]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1039'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1039'>[#def1039]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1040'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1040'>[#def1040]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1041'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1041'>[#def1041]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2700: switch_case: Reached case &quot;59&quot;
>qemu-kvm-1.2.0/vl.c:2701: var_assign_var: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2702: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1042'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1042'>[#def1042]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1043'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1043'>[#def1043]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1044'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1044'>[#def1044]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2681: switch_case: Reached case &quot;64&quot;
>qemu-kvm-1.2.0/vl.c:2682: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1045'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1045'>[#def1045]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_false: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2547: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2547: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2548: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2597: switch_case: Reached case &quot;47&quot;
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 0&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 90&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_true: Condition &quot;graphic_rotate != 180&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2599: cond_false: Condition &quot;graphic_rotate != 270&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2604: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2605: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2621: switch_case: Reached case &quot;20&quot;
>qemu-kvm-1.2.0/vl.c:2631: cond_false: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2634: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2634: cond_false: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2639: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2641: cond_false: Condition &quot;legacy&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2641: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2646: cond_true: Condition &quot;!legacy&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2647: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2655: cond_true: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2657: cond_true: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2659: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2666: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2672: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2686: switch_case: Reached case &quot;63&quot;
>qemu-kvm-1.2.0/vl.c:2687: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/net.c:1035:5: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:743:5: cond_false: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:746:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:751:5: cond_false: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:760:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:761:9: data_index: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/net/slirp.c:611:5: parm_assign_alias: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.
>qemu-kvm-1.2.0/net/slirp.c:612:5: cond_true: Condition &quot;legacy_format&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:613:9: cond_false: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:615:9: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:616:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/net/slirp.c:632:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;*end != 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:634:5: cond_false: Condition &quot;port &gt; 65535&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:636:5: if_end: End of if statement
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_true: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch
>qemu-kvm-1.2.0/net/slirp.c:641:5: cond_false: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch
>qemu-kvm-1.2.0/net/slirp.c:648:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/net/slirp.c:649:9: data_index: Passing tainted variable &quot;p&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2949:5: cond_false: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2951:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2953:5: data_index: Passing tainted variable &quot;filename&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/qemu-char.c:2732:5: cond_false: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2736:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2738:5: tainted_data_transitive: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.
>qemu-kvm-1.2.0/cutils.c:68:5: var_assign_alias: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.
>qemu-kvm-1.2.0/cutils.c:70:5: cond_true: Condition &quot;*q != 0&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:71:9: cond_false: Condition &quot;*p != *q&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:72:13: if_end: End of if statement
>qemu-kvm-1.2.0/cutils.c:75:5: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/cutils.c:70:5: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/cutils.c:70:5: cond_false: Condition &quot;*q != 0&quot;, taking false branch
>qemu-kvm-1.2.0/cutils.c:75:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/cutils.c:76:5: cond_true: Condition &quot;ptr&quot;, taking true branch
>qemu-kvm-1.2.0/cutils.c:77:9: parm_assign: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2738:5: cond_true: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2739:9: var_assign_alias: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2743:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2750:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2751:5: cond_false: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2767:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2768:5: cond_false: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2771:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2772:5: cond_false: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2776:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2777:5: cond_false: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2781:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2782:5: cond_false: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2786:5: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2787:5: cond_true: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.
>qemu-kvm-1.2.0/qemu-char.c:2789:9: cond_true: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/qemu-char.c:2791:13: cond_false: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-char.c:2792:17: if_end: End of if statement
>qemu-kvm-1.2.0/qemu-char.c:2797:9: data_index: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.
>
><a name='def1046'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1046'>[#def1046]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1047'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1047'>[#def1047]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2521: switch_case: Reached case &quot;21&quot;
>qemu-kvm-1.2.0/vl.c:2523: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2524: switch_case: Reached case &quot;85&quot;
>qemu-kvm-1.2.0/vl.c:2527: var_assign_var: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2529: cond_false: Condition &quot;cyls &gt; 16383&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2530: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2531: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2532: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2535: cond_false: Condition &quot;heads &gt; 16&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2536: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2537: cond_false: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2538: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &lt; 1&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2541: cond_false: Condition &quot;secs &gt; 63&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2542: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2543: cond_true: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2545: cond_true: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2546: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2552: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2553: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2557: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2558: cond_false: Condition &quot;hda_opts != NULL&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2570: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2572: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1048'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1048'>[#def1048]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2504: switch_case: Reached case &quot;15&quot;
>qemu-kvm-1.2.0/vl.c:2505: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.
>qemu-kvm-1.2.0/qemu-config.c:729:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:730:5: cond_false: Condition &quot;rc &lt; 3&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:730:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1049'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1049'>[#def1049]</a>
>qemu-kvm-1.2.0/vl.c:2385: cond_false: Condition &quot;0 /* !1 */&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2392: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_true: Condition &quot;i &lt; 64&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2417: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2414: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2414: cond_false: Condition &quot;i &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2417: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2434: tainted_data_transitive: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.
>qemu-kvm-1.2.0/vl.c:2291:5: cond_true: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2294:5: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2295:9: cond_false: Condition &quot;!popt-&gt;name&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2298:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2299:9: cond_true: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2300:13: break: Breaking from loop
>qemu-kvm-1.2.0/vl.c:2302:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2303:5: cond_true: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2304:9: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2307:9: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2308:9: var_assign_alias: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2310:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:2312:5: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2314:5: parm_assign: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2436: switch_case: Reached case &quot;118&quot;
>qemu-kvm-1.2.0/vl.c:2438: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case value &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2439: switch_case: Reached case &quot;119&quot;
>qemu-kvm-1.2.0/vl.c:2441: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:2442: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2430: continue: Continuing loop
>qemu-kvm-1.2.0/vl.c:2444: loop: Looping back
>qemu-kvm-1.2.0/vl.c:2426: cond_true: Condition &quot;optind &lt; argc&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2427: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2431: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2435: switch: Switch case default
>qemu-kvm-1.2.0/vl.c:2442: switch_default: Reached end of switch
>qemu-kvm-1.2.0/vl.c:2444: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2426: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2426: cond_false: Condition &quot;optind &lt; argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2444: loop_end: Reached end of loop
>qemu-kvm-1.2.0/vl.c:2446: cond_false: Condition &quot;defconfig&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2452: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_true: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2461: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/vl.c:3329: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2470: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/vl.c:2472: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2473: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/vl.c:2475: var_assign_var: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.
>qemu-kvm-1.2.0/vl.c:2476: break: Breaking from switch
>qemu-kvm-1.2.0/vl.c:3328: switch_end: Reached end of switch
>qemu-kvm-1.2.0/vl.c:3330: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/vl.c:2456: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/vl.c:2456: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:2457: cond_false: Condition &quot;optind &gt;= argc&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2458: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2459: cond_false: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2461: else_branch: Reached else branch
>qemu-kvm-1.2.0/vl.c:2465: cond_false: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:2468: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:2469: switch: Switch case value &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2508: switch_case: Reached case &quot;16&quot;
>qemu-kvm-1.2.0/vl.c:2509: tainted_data: Passing tainted variable &quot;optarg&quot; to a tainted sink.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.
>qemu-kvm-1.2.0/qemu-config.c:759:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.
>qemu-kvm-1.2.0/qemu-config.c:760:5: cond_false: Condition &quot;rc &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/qemu-config.c:760:5: data_index: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.
>
><a name='def1050'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1050'>[#def1050]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: tainted_data_return: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: cond_false: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: cond_true: Condition &quot;max_cap--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: tainted_data_return: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: tainted_data_return: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: cond_false: Condition &quot;ret != len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: return_tainted_data: Returning tainted variable &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: return_tainted_data_fn: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: var_assign: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: cond_false: Condition &quot;pos &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: lower_bounds: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: cond_false: Condition &quot;id == 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: cond_true: Condition &quot;id == cap&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: return_tainted_data: Returning tainted variable &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: lower_bounds: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 1, 0)&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: var_assign: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1319: tainted_data: Passing tainted variable &quot;pos&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: data_index: Passing tainted variable &quot;offset&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: data_index: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.
>
><a name='def1051'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1051'>[#def1051]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: tainted_data_return: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: cond_false: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: cond_true: Condition &quot;max_cap--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: tainted_data_return: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: tainted_data_return: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: cond_false: Condition &quot;ret != len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: return_tainted_data: Returning tainted variable &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: return_tainted_data_fn: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: var_assign: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: cond_false: Condition &quot;pos &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: lower_bounds: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: cond_false: Condition &quot;id == 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: cond_true: Condition &quot;id == cap&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: return_tainted_data: Returning tainted variable &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: lower_bounds: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 16, 0)&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: var_assign: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: cond_true: Condition &quot;version == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: cond_false: Condition &quot;size == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1388: tainted_data: Passing tainted variable &quot;pos&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: data_index: Passing tainted variable &quot;offset&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: data_index: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.
>
><a name='def1052'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1052'>[#def1052]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: cond_true: Condition &quot;version == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: cond_false: Condition &quot;size == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_false: Condition &quot;type != 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: cond_false: Condition &quot;version &gt;= 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: tainted_data_return: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: cond_false: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: cond_true: Condition &quot;max_cap--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: tainted_data_return: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: tainted_data_return: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: cond_false: Condition &quot;ret != len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: return_tainted_data: Returning tainted variable &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: return_tainted_data_fn: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: var_assign: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: cond_false: Condition &quot;pos &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: lower_bounds: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: cond_false: Condition &quot;id == 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: cond_true: Condition &quot;id == cap&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: return_tainted_data: Returning tainted variable &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: lower_bounds: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 7, 0)&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: var_assign: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1463: tainted_data: Passing tainted variable &quot;pos&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: data_index: Passing tainted variable &quot;offset&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: data_index: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.
>
><a name='def1053'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1053'>[#def1053]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: cond_true: Condition &quot;version == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: cond_false: Condition &quot;size == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_false: Condition &quot;type != 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: cond_false: Condition &quot;version &gt;= 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: tainted_data_return: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: cond_false: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: cond_true: Condition &quot;max_cap--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: tainted_data_return: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: tainted_data_return: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: cond_false: Condition &quot;ret != len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: return_tainted_data: Returning tainted variable &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: return_tainted_data_fn: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: var_assign: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: cond_false: Condition &quot;pos &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: lower_bounds: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: cond_false: Condition &quot;id == 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: cond_true: Condition &quot;id == cap&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: return_tainted_data: Returning tainted variable &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: lower_bounds: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 3, 0)&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: var_assign: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1482: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1485: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1487: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1489: tainted_data: Passing tainted variable &quot;pos&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: data_index: Passing tainted variable &quot;offset&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: data_index: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.
>
><a name='def1054'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1054'>[#def1054]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: cond_true: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;pos != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: cond_true: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: cond_false: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: cond_true: Condition &quot;version == 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: cond_false: Condition &quot;size == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_true: Condition &quot;type != 1&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: cond_false: Condition &quot;type != 9&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: cond_false: Condition &quot;version &gt;= 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1482: cond_true: Condition &quot;pos&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1485: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1487: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: tainted_data_return: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: cond_false: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: cond_true: Condition &quot;max_cap--&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: tainted_data_return: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: tainted_data_return: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: tainted_data_argument: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: cond_false: Condition &quot;ret != len&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: return_tainted_data: Returning tainted variable &quot;val&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: return_tainted_data_fn: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: var_assign: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: cond_false: Condition &quot;pos &lt; 64&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: lower_bounds: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: cond_false: Condition &quot;id == 255&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: cond_true: Condition &quot;id == cap&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: return_tainted_data: Returning tainted variable &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: lower_bounds: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 9, pos)&quot; to wider signed type int effectively tests its lower bound.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: var_assign: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: cond_true: Condition &quot;pos = pci_find_cap_offset(pci_dev, 9, pos)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1501: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1503: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1505: tainted_data: Passing tainted variable &quot;pos&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: data_index: Passing tainted variable &quot;offset&quot; to a tainted data index sink.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: data_index: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.
>
><a name='def1055'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1055'>[#def1055]</a>
>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: cond_true: Condition &quot;ret &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: cond_true: Condition &quot;*__errno_location() == 16&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: cond_true: Condition &quot;first&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:980: tainted_data_return: Function &quot;usb_linux_get_num_interfaces(USBHostDevice *)&quot; returns tainted data.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:535:5: tainted_data_argument: Function &quot;usb_host_read_file(char *, size_t, char const *, char const *)&quot; taints argument &quot;line&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1626:5: cond_true: Condition &quot;f&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:1627:9: tainted_data_argument: Calling function &quot;fgets(char * restrict, int, FILE * restrict)&quot; taints parameter &quot;*line&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:535:5: cond_false: Condition &quot;!usb_host_read_file(line, 1024UL /* sizeof (line) */, &quot;bNumInterfaces&quot;, device_name)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:538:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:539:5: vararg_transitive: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;line&quot; taints &quot;num_interfaces&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:539:5: cond_false: Condition &quot;sscanf(line, &quot;%d&quot;, &amp;num_interfaces) != 1&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:541:5: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/host-linux.c:542:5: return_tainted_data: Returning tainted variable &quot;num_interfaces&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:980: var_assign: Assigning: &quot;count&quot; = &quot;usb_linux_get_num_interfaces(USBHostDevice *)&quot;, which taints &quot;count&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:981: cond_true: Condition &quot;count &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/host-linux.c:981: lower_bounds: Checking lower bounds of signed scalar &quot;count&quot; by &quot;count &gt; 0&quot;.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:983: tainted_data: Passing tainted variable &quot;count&quot; to a tainted sink.
>qemu-kvm-1.2.0/hw/usb/host-linux.c:515:5: a_loop_bound: Using tainted variable &quot;nb_interfaces&quot; as a loop boundary.
>
><a name='def1056'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1056'>[#def1056]</a>
>qemu-kvm-1.2.0/linux-user/mmap.c:164: cond_true: Condition &quot;addr &lt; real_end&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:165: cond_true: Condition &quot;addr &lt; start&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:167: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/mmap.c:164: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/mmap.c:164: cond_false: Condition &quot;addr &lt; real_end&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:167: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/mmap.c:169: cond_true: Condition &quot;prot1 == 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:173: cond_false: Condition &quot;p == (void *)0xffffffffffffffff&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:174: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:180: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:183: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:183: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:185: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:188: cond_true: Condition &quot;!(prot1 &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:192: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:192: tainted_data: Passing tainted variable &quot;end - start&quot; to a tainted sink.
>
><a name='def1057'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1057'>[#def1057]</a>
>qemu-kvm-1.2.0/linux-user/mmap.c:414: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:584: tainted_data: Passing tainted variable &quot;start + len&quot; to a tainted sink.
>qemu-kvm-1.2.0/exec.c:1076:5: a_loop_bound: Using tainted variable &quot;end&quot; as a loop boundary.
>
><a name='def1058'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1058'>[#def1058]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_false: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1624: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1625: cond_false: Condition &quot;retval != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1627: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1708: var_assign_var: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1763: tainted_data: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def1059'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1059'>[#def1059]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_false: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1624: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1625: cond_false: Condition &quot;retval != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1627: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1708: var_assign_var: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1764: cond_false: Condition &quot;!interp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1766: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1768: cond_true: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1769: tainted_data: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def1060'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1060'>[#def1060]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_false: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1624: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1625: cond_false: Condition &quot;retval != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1627: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1708: var_assign_var: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1764: cond_false: Condition &quot;!interp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1766: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1768: cond_false: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1771: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1772: tainted_data: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.
>
><a name='def1061'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1061'>[#def1061]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_false: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1624: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1625: cond_false: Condition &quot;retval != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1627: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1708: var_assign_var: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_true: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1713: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1714: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1715: cond_true: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1721: tainted_data: Passing tainted variable &quot;eppnt-&gt;p_offset - vaddr_po&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:461:12: var_assign_alias: Assigning: &quot;len&quot; = &quot;sb.st_size - offset&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;pread(int, void *, size_t, __off64_t)&quot;.
>
><a name='def1062'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1062'>[#def1062]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1611: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620: cond_false: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1624: tainted_data_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1625: cond_false: Condition &quot;retval != i&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1627: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1640: cond_true: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1642: cond_true: Condition &quot;a &lt; loaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1646: cond_true: Condition &quot;a &gt; hiaddr&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1639: cond_false: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1653: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:1656: cond_true: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1665: cond_false: Condition &quot;load_addr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1667: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1668: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1673: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1707: cond_true: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1708: var_assign_var: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1709: cond_false: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1756: cond_true: Condition &quot;pinterp_name&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1759: cond_false: Condition &quot;*pinterp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1762: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1764: cond_false: Condition &quot;!interp_name&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1766: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1768: cond_true: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1771: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1777: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1778: tainted_data: Using tainted variable &quot;eppnt-&gt;p_filesz - 1U&quot; as an index to pointer &quot;interp_name&quot;.
>
><a name='def1063'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1063'>[#def1063]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:1817: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1819: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1821: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;bprm_buf&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1822: cond_false: Condition &quot;retval &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1824: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1825: cond_true: Condition &quot;retval &lt; 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1829: tainted_data: Passing tainted variable &quot;bprm_buf&quot; to a tainted sink.
>qemu-kvm-1.2.0/linux-user/elfload.c:1603:25: var_assign_parm: Assigning: &quot;ehdr&quot; = &quot;bprm_buf&quot;. &quot;ehdr&quot; is now tainted.
>qemu-kvm-1.2.0/linux-user/elfload.c:1611:5: cond_false: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1613:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1615:5: cond_false: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1617:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1620:5: cond_true: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:1622:5: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1628:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:1629:5: tainted_data_sink_lv_call: Passing tainted variable &quot;ehdr-&gt;e_phnum&quot; to tainted data sink &quot;bswap_phdr(struct elf32_phdr *, int)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:1084:5: a_loop_bound: Using tainted variable &quot;phnum&quot; as a loop boundary.
>
><a name='def1064'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1064'>[#def1064]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:459: switch_case: Reached case &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:461: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_false: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:472: cond_false: Condition &quot;argc - optind != 2&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:475: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:477: cond_true: Condition &quot;cert_count &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:483: cond_true: Condition &quot;emul_args == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:502: cond_true: Condition &quot;emul_args&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:506: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:507: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:509: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:512: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:535: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:536: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:540: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:544: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_true: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:550: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:553: cond_false: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:561: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:565: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:570: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:571: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:576: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:580: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:581: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:582: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:583: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:588: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:589: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:600: cond_false: Condition &quot;reader_status == VREADER_OK&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:608: else_branch: Reached else branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:615: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:653: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:654: cond_true: Condition &quot;rv &gt;= 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:535: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:536: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:540: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:544: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_true: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:550: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:552: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.
>qemu-kvm-1.2.0/libcacard/vscclient.c:553: cond_false: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:561: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:565: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:570: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:571: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:576: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:580: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:581: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:582: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:583: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:588: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:589: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:594: var_assign_var: Assigning: &quot;dwSendLength&quot; = &quot;mhHeader.length&quot;. Both are now tainted.
>qemu-kvm-1.2.0/libcacard/vscclient.c:597: tainted_data: Passing tainted variable &quot;dwSendLength&quot; to a tainted sink.
>qemu-kvm-1.2.0/libcacard/vreader.c:199:5: cond_false: Condition &quot;card == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vreader.c:201:5: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vreader.c:203:5: tainted_data_sink_lv_call: Passing tainted variable &quot;send_buf_len&quot; to tainted data sink &quot;vcard_apdu_new(unsigned char *, int, vcard_7816_status_t *)&quot;.
>qemu-kvm-1.2.0/libcacard/card_7816.c:334:5: cond_false: Condition &quot;len &lt; 4&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/card_7816.c:337:5: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/card_7816.c:334:5: lower_bounds: Checking lower bounds of signed scalar &quot;len&quot; by &quot;len &lt; 4&quot;.
>qemu-kvm-1.2.0/libcacard/card_7816.c:341:5: tainted_data_sink_lv_call: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def1065'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1065'>[#def1065]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:459: switch_case: Reached case &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:461: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_false: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:472: cond_false: Condition &quot;argc - optind != 2&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:475: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:477: cond_true: Condition &quot;cert_count &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:483: cond_true: Condition &quot;emul_args == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:502: cond_true: Condition &quot;emul_args&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:506: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:507: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:509: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:512: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:535: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:536: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:540: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:544: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_true: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:550: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:552: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.
>qemu-kvm-1.2.0/libcacard/vscclient.c:553: cond_false: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:561: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:565: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:570: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:571: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:575: tainted_data: Passing tainted variable &quot;mhHeader.length&quot; to a tainted sink.
>
><a name='def1066'/>Error: TAINTED_SCALAR (CWE-20): <a href ='#def1066'>[#def1066]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:452: switch_case: Reached case &quot;99&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:453: cond_false: Condition &quot;cert_count &gt;= 100&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:456: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:458: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_true: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:451: switch: Switch case value &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:459: switch_case: Reached case &quot;101&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:461: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:469: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:450: cond_false: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:470: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:472: cond_false: Condition &quot;argc - optind != 2&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:475: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:477: cond_true: Condition &quot;cert_count &gt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:483: cond_true: Condition &quot;emul_args == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:489: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:491: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_true: Condition &quot;i &lt; cert_count&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:495: cond_false: Condition &quot;i &lt; cert_count&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:498: loop_end: Reached end of loop
>qemu-kvm-1.2.0/libcacard/vscclient.c:502: cond_true: Condition &quot;emul_args&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:506: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:507: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:509: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:512: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:535: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:536: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:540: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:544: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:545: cond_true: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:548: cond_false: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:550: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:552: tainted_data_argument: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.
>qemu-kvm-1.2.0/libcacard/vscclient.c:553: cond_false: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:561: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:565: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:570: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:571: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:576: break: Breaking from switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:580: switch_end: Reached end of switch
>qemu-kvm-1.2.0/libcacard/vscclient.c:581: switch: Switch case value &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:582: switch_case: Reached case &quot;7U&quot;
>qemu-kvm-1.2.0/libcacard/vscclient.c:583: cond_false: Condition &quot;rv &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:588: if_end: End of if statement
>qemu-kvm-1.2.0/libcacard/vscclient.c:589: cond_true: Condition &quot;verbose&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:591: tainted_data: Passing tainted variable &quot;mhHeader.length&quot; to a tainted sink.
>qemu-kvm-1.2.0/libcacard/vscclient.c:35:5: a_loop_bound: Using tainted variable &quot;nSize&quot; as a loop boundary.
>
><a name='def1067'/>Error: TAINTED_STRING (CWE-20): <a href ='#def1067'>[#def1067]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_string_return_content: &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted string content.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_string_return_content: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted string content.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_string_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_string: Returning tainted string &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6))&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_string: Returning tainted string &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(env, n, env-&gt;dregs[1], env-&gt;dregs[2], env-&gt;dregs[3], env-&gt;dregs[4], env-&gt;dregs[5], env-&gt;aregs[0], 0, 0)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_string: Passing tainted string &quot;env-&gt;dregs[1]&quot; to &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which cannot accept tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;8&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5224:10: switch_case: Reached case &quot;8&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: tainted_data_transitive: Call to function &quot;lock_user_string(abi_ulong)&quot; with tainted argument &quot;arg1&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: cond_false: Condition &quot;len &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: tainted_data_transitive: Calling function &quot;lock_user(int, abi_ulong, long, int)&quot; with tainted argument &quot;guest_addr&quot; results in tainted data.
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_false: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:421:5: return_tainted_data: Returning tainted variable &quot;(void *)((unsigned long)(target_ulong)guest_addr + guest_base)&quot;.
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: return_tainted_data: Returning tainted variable &quot;lock_user(0, guest_addr, (long)(len + 1), 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: var_assign_var: Assigning: &quot;p&quot; = &quot;lock_user_string(arg1)&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: cond_false: Condition &quot;!(p = lock_user_string(arg1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5226:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:5227:9: tainted_string_sink_content_lv_call: Passing tainted string &quot;p&quot; to &quot;creat(char const *, mode_t)&quot;, which depends on its content.
>
><a name='def1068'/>Error: TAINTED_STRING (CWE-20): <a href ='#def1068'>[#def1068]</a>
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2624: switch_case: Reached case &quot;4&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2626: cond_true: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2631: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2633: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/main.c:2635: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_string_return_content: &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted string content.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: switch_case: Reached case &quot;90&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: cond_false: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_string_return_content: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted string content.
>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: cond_false: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: cond_false: Condition &quot;len == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: cond_false: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: cond_true: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: cond_false: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: cond_false: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: cond_false: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: cond_true: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_true: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: cond_false: Condition &quot;prot &amp; 2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: cond_false: Condition &quot;retaddr == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: tainted_string_argument: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.
>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: cond_false: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: cond_true: Condition &quot;!(prot &amp; 2)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: cond_false: Condition &quot;ret != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: goto: Jumping to label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: label: Reached label &quot;the_end&quot;
>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: return_tainted_string: Returning tainted string &quot;start&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: tainted_data_transitive: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: cond_false: Condition &quot;ret == -1&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: return_tainted_data: Returning tainted variable &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: var_assign: Assigning: &quot;ret&quot; = &quot;get_errno(target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6))&quot;, which taints &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: return_tainted_string: Returning tainted string &quot;ret&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2656: var_assign: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(env, n, env-&gt;dregs[1], env-&gt;dregs[2], env-&gt;dregs[3], env-&gt;dregs[4], env-&gt;dregs[5], env-&gt;aregs[0], 0, 0)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2636: switch_case: Reached case &quot;257&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2640: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2666: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/main.c:2699: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/main.c:2701: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/linux-user/main.c:2621: cond_true: Condition &quot;true&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/main.c:2623: switch: Switch case value &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2651: switch_case: Reached case &quot;32&quot;
>qemu-kvm-1.2.0/linux-user/main.c:2656: tainted_string: Passing tainted string &quot;env-&gt;dregs[2]&quot; to &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which cannot accept tainted data.
>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: cond_true: Condition &quot;do_strace&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: switch: Switch case value &quot;38&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5582:10: switch_case: Reached case &quot;38&quot;
>qemu-kvm-1.2.0/linux-user/syscall.c:5586:13: tainted_data_transitive: Call to function &quot;lock_user_string(abi_ulong)&quot; with tainted argument &quot;arg2&quot; returns tainted data.
>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: cond_false: Condition &quot;len &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: tainted_data_transitive: Calling function &quot;lock_user(int, abi_ulong, long, int)&quot; with tainted argument &quot;guest_addr&quot; results in tainted data.
>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: cond_false: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/qemu.h:421:5: return_tainted_data: Returning tainted variable &quot;(void *)((unsigned long)(target_ulong)guest_addr + guest_base)&quot;.
>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: return_tainted_data: Returning tainted variable &quot;lock_user(0, guest_addr, (long)(len + 1), 1)&quot;.
>qemu-kvm-1.2.0/linux-user/syscall.c:5586:13: var_assign_var: Assigning: &quot;p2&quot; = &quot;lock_user_string(arg2)&quot;. Both are now tainted.
>qemu-kvm-1.2.0/linux-user/syscall.c:5587:13: cond_false: Condition &quot;!p&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5587:13: cond_false: Condition &quot;!p2&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5590:17: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/syscall.c:5590:17: tainted_string_sink_content_lv_call: Passing tainted string &quot;p2&quot; to &quot;rename(char const *, char const *)&quot;, which depends on its content.
>
><a name='def1069'/>Error: TOCTOU (CWE-367): <a href ='#def1069'>[#def1069]</a>
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:857: cond_true: Condition &quot;ctx-&gt;export_flags &amp; 0x20&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:858: fs_check_call: Calling function &quot;lstat(char const *, struct stat *)&quot; to perform check on &quot;rpath(ctx, path, buffer)&quot;.
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:859: cond_false: Condition &quot;err&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:861: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:866: cond_true: Condition &quot;(stbuf.st_mode &amp; 61440) == 16384&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:869: cond_true: Condition &quot;err &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:869: cond_false: Condition &quot;*__errno_location() != 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:875: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:882: cond_true: Condition &quot;err &lt; 0&quot;, taking true branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:882: cond_false: Condition &quot;*__errno_location() != 2&quot;, taking false branch
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:888: if_end: End of if statement
>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:890: toctou: Calling function &quot;remove(char const *)&quot; that uses &quot;rpath(ctx, path, buffer)&quot; after a check function. This can cause a time-of-check, time-of-use race condition.
>
><a name='def1070'/>Error: TOCTOU (CWE-367): <a href ='#def1070'>[#def1070]</a>
>qemu-kvm-1.2.0/slirp/slirp.c:119: cond_true: Condition &quot;dns_addr.s_addr != 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:121: cond_false: Condition &quot;curtime - dns_addr_time &lt; 1000&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:124: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:126: fs_check_call: Calling function &quot;stat(char const *, struct stat *)&quot; to perform check on &quot;&quot;/etc/resolv.conf&quot;&quot;.
>qemu-kvm-1.2.0/slirp/slirp.c:126: cond_false: Condition &quot;stat(&quot;/etc/resolv.conf&quot;, &amp;dns_addr_stat) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:127: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:128: cond_true: Condition &quot;dns_addr_stat.st_dev == old_stat.st_dev&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:128: cond_true: Condition &quot;dns_addr_stat.st_ino == old_stat.st_ino&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:128: cond_true: Condition &quot;dns_addr_stat.st_size == old_stat.st_size&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:128: cond_false: Condition &quot;dns_addr_stat.st_mtim.tv_sec == old_stat.st_mtim.tv_sec&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:134: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:137: toctou: Calling function &quot;fopen(char const * restrict, char const * restrict)&quot; that uses &quot;&quot;/etc/resolv.conf&quot;&quot; after a check function. This can cause a time-of-check, time-of-use race condition.
>
><a name='def1071'/>Error: TOCTOU (CWE-367): <a href ='#def1071'>[#def1071]</a>
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1873: cond_false: Condition &quot;dev-&gt;dev.romfile&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1873: cond_false: Condition &quot;!dev-&gt;dev.rom_bar&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1875: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1882: cond_false: Condition &quot;stat(rom_file, &amp;st)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1884: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1886: fs_check_call: Calling function &quot;access(char const *, int)&quot; to perform check on &quot;rom_file&quot;.
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1886: cond_false: Condition &quot;access(rom_file, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1890: if_end: End of if statement
>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1893: toctou: Calling function &quot;fopen(char const * restrict, char const * restrict)&quot; that uses &quot;rom_file&quot; after a check function. This can cause a time-of-check, time-of-use race condition.
>
><a name='def1072'/>Error: TOCTOU (CWE-367): <a href ='#def1072'>[#def1072]</a>
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;*__errno_location() != 38&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:225: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:232: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:235: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:241: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:242: fs_check_call: Calling function &quot;stat(char const *, struct stat *)&quot; to perform check on &quot;path&quot;.
>qemu-kvm-1.2.0/oslib-posix.c:245: cond_true: Condition &quot;i &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:246: cond_true: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:249: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/oslib-posix.c:255: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:256: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/oslib-posix.c:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/oslib-posix.c:245: cond_true: Condition &quot;i &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:246: cond_true: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:249: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/oslib-posix.c:255: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:256: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/oslib-posix.c:245: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/oslib-posix.c:245: cond_false: Condition &quot;i &lt; 2&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:256: loop_end: Reached end of loop
>qemu-kvm-1.2.0/oslib-posix.c:258: toctou: Calling function &quot;utimes(char const *, struct timeval const *)&quot; that uses &quot;path&quot; after a check function. This can cause a time-of-check, time-of-use race condition.
>
><a name='def1073'/>Error: TOCTOU (CWE-367): <a href ='#def1073'>[#def1073]</a>
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: cond_false: Condition &quot;c == -1&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: switch: Switch case value &quot;112&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1006: switch_case: Reached case &quot;112&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1007: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1008: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: cond_false: Condition &quot;c == -1&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: switch: Switch case value &quot;110&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1009: switch_case: Reached case &quot;110&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1011: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: cond_false: Condition &quot;c == -1&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: switch: Switch case value &quot;102&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1012: switch_case: Reached case &quot;102&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1014: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: loop: Jumping back to the beginning of the loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: loop_begin: Jumped back to beginning of loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: cond_true: Condition &quot;1&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: cond_true: Condition &quot;c == -1&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1003: break: Breaking from loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: loop_end: Reached end of loop
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: cond_true: Condition &quot;sock_name == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: cond_false: Condition &quot;sock == -1&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: cond_false: Condition &quot;rpath == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1037: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1039: cond_false: Condition &quot;sock_name&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1043: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1045: cond_false: Condition &quot;sock_name&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1051: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1053: cond_false: Condition &quot;lstat(rpath, &amp;stbuf) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1057: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1059: cond_false: Condition &quot;!((stbuf.st_mode &amp; 61440) == 16384)&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1062: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1064: cond_false: Condition &quot;is_daemon&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1070: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1073: cond_false: Condition &quot;sock_name&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1078: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1083: fs_check_call: Calling function &quot;statfs(char const *, struct statfs *)&quot; to perform check on &quot;rpath&quot;.
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1084: cond_true: Condition &quot;!retval&quot;, taking true branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1085: switch: Switch case value &quot;61267L&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1086: switch_case: Reached case &quot;61267L&quot;
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1091: break: Breaking from switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1092: switch_end: Reached end of switch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1096: cond_false: Condition &quot;chdir(&quot;/&quot;) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1099: if_end: End of if statement
>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1100: toctou: Calling function &quot;chroot(char const *)&quot; that uses &quot;rpath&quot; after a check function. This can cause a time-of-check, time-of-use race condition.
>
><a name='def1074'/>Error: UNINIT (CWE-457): <a href ='#def1074'>[#def1074]</a>
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:344: var_decl: Declaring variable &quot;cpkt&quot; without initializer.
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:350: cond_false: Condition &quot;len &lt; 8UL /* sizeof (cpkt) */&quot;, taking false branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:353: if_end: End of if statement
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:360: cond_false: Condition &quot;cpkt.event == 0&quot;, taking false branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:374: if_end: End of if statement
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:377: cond_false: Condition &quot;!port&quot;, taking false branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:381: if_end: End of if statement
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:387: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:388: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:389: cond_false: Condition &quot;!cpkt.value&quot;, taking false branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:393: if_end: End of if statement
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:401: cond_true: Condition &quot;vsc-&gt;is_console&quot;, taking true branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:405: cond_true: Condition &quot;port-&gt;name&quot;, taking true branch
>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:412: uninit_use_in_call: Using uninitialized value &quot;cpkt&quot;: field &quot;cpkt&quot;.&quot;id&quot; is uninitialized when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.
>
><a name='def1075'/>Error: UNINIT (CWE-457): <a href ='#def1075'>[#def1075]</a>
>qemu-kvm-1.2.0/linux-user/elfload.c:2753: var_decl: Declaring variable &quot;info&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/elfload.c:2764: cond_false: Condition &quot;dumpsize.rlim_cur == 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2765: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2767: cond_false: Condition &quot;core_dump_filename(ts, corefile, 4096UL /* sizeof (corefile) */) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2768: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2770: cond_false: Condition &quot;(fd = open(corefile, 65 /* 1 | 0x40 */, 420 /* ((0x100 | 0x80) | (0x100 &gt;&gt; 3)) | ((0x100 &gt;&gt; 3) &gt;&gt; 3) */)) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2772: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/elfload.c:2779: cond_true: Condition &quot;(mm = vma_init()) == NULL&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2780: goto: Jumping to label &quot;out&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:2879: label: Reached label &quot;out&quot;
>qemu-kvm-1.2.0/linux-user/elfload.c:2880: uninit_use_in_call: Using uninitialized value &quot;info.notes&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: cond_false: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2682:5: read_parm_fld: Reading a parameter field.
>qemu-kvm-1.2.0/linux-user/elfload.c:2880: uninit_use_in_call: Using uninitialized value &quot;info.prstatus&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: cond_false: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2680:5: read_parm_fld: Reading a parameter field.
>qemu-kvm-1.2.0/linux-user/elfload.c:2880: uninit_use_in_call: Using uninitialized value &quot;info.psinfo&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.
>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: cond_false: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: loop_end: Reached end of loop
>qemu-kvm-1.2.0/linux-user/elfload.c:2681:5: read_parm_fld: Reading a parameter field.
>
><a name='def1076'/>Error: UNINIT (CWE-457): <a href ='#def1076'>[#def1076]</a>
>qemu-kvm-1.2.0/linux-user/signal.c:372: var_decl: Declaring variable &quot;act&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/signal.c:377: cond_false: Condition &quot;core_dump_signal(target_sig)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/signal.c:381: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/signal.c:382: cond_false: Condition &quot;core_dumped&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/signal.c:391: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/signal.c:401: uninit_use_in_call: Using uninitialized value &quot;act.sa_flags&quot; when calling &quot;sigaction(int, struct sigaction const * restrict, struct sigaction * restrict)&quot;.
>
><a name='def1077'/>Error: UNINIT (CWE-457): <a href ='#def1077'>[#def1077]</a>
>qemu-kvm-1.2.0/vl.c:1078: var_decl: Declaring variable &quot;p&quot; without initializer.
>qemu-kvm-1.2.0/vl.c:1081: cond_false: Condition &quot;!usb_enabled&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:1082: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:1086: cond_false: Condition &quot;dev&quot;, taking false branch
>qemu-kvm-1.2.0/vl.c:1087: if_end: End of if statement
>qemu-kvm-1.2.0/vl.c:1096: cond_true: Condition &quot;!__coverity_strcmp(devname, &quot;bt&quot;)&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:1097: cond_true: Condition &quot;devname[2]&quot;, taking true branch
>qemu-kvm-1.2.0/vl.c:1097: uninit_use_in_call: Using uninitialized value &quot;p&quot; when calling &quot;hci_init(char const *)&quot;.
>qemu-kvm-1.2.0/vl.c:640:5: read_parm: Reading a parameter value.
>
><a name='def1078'/>Error: UNINIT (CWE-457): <a href ='#def1078'>[#def1078]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1017: var_decl: Declaring variable &quot;qhdb&quot; without initializer.
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1029: cond_true: Condition &quot;is_valid(link)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1029: cond_true: Condition &quot;cnt&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1030: cond_false: Condition &quot;s-&gt;frame_bytes &gt;= s-&gt;frame_bandwidth&quot;, taking false branch
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1035: if_end: End of if statement
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1036: cond_true: Condition &quot;is_qh(link)&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1040: uninit_use_in_call: Using uninitialized element of array &quot;qhdb.addr&quot; when calling &quot;qhdb_insert(QhDb *, uint32_t)&quot;.
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:965:5: cond_true: Condition &quot;i &lt; db-&gt;count&quot;, taking true branch
>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:966:9: read_parm_fld: Reading a parameter field.
>
><a name='def1079'/>Error: UNINIT (CWE-457): <a href ='#def1079'>[#def1079]</a>
>qemu-kvm-1.2.0/net/socket.c:350: var_decl: Declaring variable &quot;saddr&quot; without initializer.
>qemu-kvm-1.2.0/net/socket.c:361: cond_false: Condition &quot;is_connected&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:385: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:389: cond_false: Condition &quot;is_connected&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:392: uninit_use: Using uninitialized value &quot;saddr.sin_port&quot;.
>
><a name='def1080'/>Error: UNINIT (CWE-457): <a href ='#def1080'>[#def1080]</a>
>qemu-kvm-1.2.0/net/socket.c:352: var_decl: Declaring variable &quot;saddr_len&quot; without initializer.
>qemu-kvm-1.2.0/net/socket.c:361: cond_true: Condition &quot;is_connected&quot;, taking true branch
>qemu-kvm-1.2.0/net/socket.c:362: uninit_use_in_call: Using uninitialized value &quot;saddr_len&quot; when calling &quot;getsockname(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.
>
><a name='def1081'/>Error: UNINIT (CWE-457): <a href ='#def1081'>[#def1081]</a>
>qemu-kvm-1.2.0/net/socket.c:648: var_decl: Declaring variable &quot;raddr&quot; without initializer.
>qemu-kvm-1.2.0/net/socket.c:650: cond_false: Condition &quot;parse_host_port(&amp;laddr, lhost) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:652: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:654: cond_false: Condition &quot;parse_host_port(&amp;raddr, rhost) &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:656: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:659: cond_false: Condition &quot;fd &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:662: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:666: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:670: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:672: cond_false: Condition &quot;ret &lt; 0&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:676: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:679: cond_false: Condition &quot;!s&quot;, taking false branch
>qemu-kvm-1.2.0/net/socket.c:681: if_end: End of if statement
>qemu-kvm-1.2.0/net/socket.c:683: uninit_use: Using uninitialized value &quot;raddr&quot;: field &quot;raddr&quot;.&quot;sin_zero&quot; is uninitialized.
>
><a name='def1082'/>Error: UNINIT (CWE-457): <a href ='#def1082'>[#def1082]</a>
>qemu-kvm-1.2.0/block/nbd.c:303: var_decl: Declaring variable &quot;request&quot; without initializer.
>qemu-kvm-1.2.0/block/nbd.c:308: uninit_use_in_call: Using uninitialized value &quot;request.handle&quot; when calling &quot;nbd_send_request(int, struct nbd_request *)&quot;.
>qemu-kvm-1.2.0/nbd.c:485:5: read_parm_fld: Reading a parameter field.
>
><a name='def1083'/>Error: UNINIT (CWE-457): <a href ='#def1083'>[#def1083]</a>
>qemu-kvm-1.2.0/oslib-posix.c:216: var_decl: Declaring variable &quot;tv_now&quot; without initializer.
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;*__errno_location() != 38&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:225: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:232: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_false: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:235: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_false: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:240: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:241: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:245: cond_true: Condition &quot;i &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:246: cond_true: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:247: uninit_use: Using uninitialized value &quot;tv_now.tv_sec&quot;.
>
><a name='def1084'/>Error: UNINIT (CWE-457): <a href ='#def1084'>[#def1084]</a>
>qemu-kvm-1.2.0/oslib-posix.c:216: var_decl: Declaring variable &quot;tv_now&quot; without initializer.
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;ret != -1&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:223: cond_false: Condition &quot;*__errno_location() != 38&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:225: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:230: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:232: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:233: cond_false: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:235: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_false: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:238: cond_false: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch
>qemu-kvm-1.2.0/oslib-posix.c:240: if_end: End of if statement
>qemu-kvm-1.2.0/oslib-posix.c:241: cond_true: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:245: cond_true: Condition &quot;i &lt; 2&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:246: cond_true: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch
>qemu-kvm-1.2.0/oslib-posix.c:248: uninit_use: Using uninitialized value &quot;tv_now.tv_usec&quot;.
>
><a name='def1085'/>Error: UNINIT (CWE-457): <a href ='#def1085'>[#def1085]</a>
>qemu-kvm-1.2.0/iohandler.c:206: var_decl: Declaring variable &quot;act&quot; without initializer.
>qemu-kvm-1.2.0/iohandler.c:211: uninit_use_in_call: Using uninitialized value &quot;act.sa_mask&quot;: field &quot;act.sa_mask&quot;.&quot;__val&quot; is uninitialized when calling &quot;sigaction(int, struct sigaction const * restrict, struct sigaction * restrict)&quot;.
>
><a name='def1086'/>Error: UNINIT (CWE-457): <a href ='#def1086'>[#def1086]</a>
>qemu-kvm-1.2.0/slirp/slirp.c:424: var_decl: Declaring variable &quot;ret&quot; without initializer.
>qemu-kvm-1.2.0/slirp/slirp.c:426: cond_false: Condition &quot;slirp_instances.tqh_first == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:428: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:436: cond_true: Condition &quot;slirp&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:440: cond_true: Condition &quot;time_fasttimo&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:440: cond_true: Condition &quot;curtime - time_fasttimo &gt;= 2&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:444: cond_true: Condition &quot;do_slowtimo&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:444: cond_true: Condition &quot;curtime - last_slowtimo &gt;= 499&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:453: cond_true: Condition &quot;!select_error&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:457: cond_true: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:465: cond_true: Condition &quot;so-&gt;so_state &amp; 1&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:466: continue: Continuing loop
>qemu-kvm-1.2.0/slirp/slirp.c:568: loop: Looping back
>qemu-kvm-1.2.0/slirp/slirp.c:457: cond_true: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:465: cond_false: Condition &quot;so-&gt;so_state &amp; 1&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:465: cond_false: Condition &quot;so-&gt;s == -1&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:466: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:473: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:473: cond_true: Condition &quot;(xfds-&gt;fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; so-&gt;s % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:474: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:491: if_end: End of if statement
>qemu-kvm-1.2.0/slirp/slirp.c:496: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/slirp/slirp.c:496: cond_true: Condition &quot;(writefds-&gt;fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; so-&gt;s % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:500: cond_true: Condition &quot;so-&gt;so_state &amp; 2&quot;, taking true branch
>qemu-kvm-1.2.0/slirp/slirp.c:504: uninit_use_in_call: Using uninitialized value &quot;ret&quot; when calling &quot;send(int, void const *, size_t, int)&quot;.
>
><a name='def1087'/>Error: UNINIT (CWE-457): <a href ='#def1087'>[#def1087]</a>
>qemu-kvm-1.2.0/libcacard/vscclient.c:64: var_decl: Declaring variable &quot;mhHeader&quot; without initializer.
>qemu-kvm-1.2.0/libcacard/vscclient.c:68: cond_true: Condition &quot;verbose &gt; 10&quot;, taking true branch
>qemu-kvm-1.2.0/libcacard/vscclient.c:76: uninit_use_in_call: Using uninitialized value &quot;mhHeader&quot;: field &quot;mhHeader&quot;.&quot;data&quot; is uninitialized when calling &quot;write(int, void const *, size_t)&quot;.
>
><a name='def1088'/>Error: UNINIT (CWE-457): <a href ='#def1088'>[#def1088]</a>
>qemu-kvm-1.2.0/hw/openrisc_sim.c:66: var_decl: Declaring variable &quot;entry&quot; without initializer.
>qemu-kvm-1.2.0/hw/openrisc_sim.c:68: cond_true: Condition &quot;kernel_filename&quot;, taking true branch
>qemu-kvm-1.2.0/hw/openrisc_sim.c:68: cond_false: Condition &quot;!qtest_enabled()&quot;, taking false branch
>qemu-kvm-1.2.0/hw/openrisc_sim.c:88: if_end: End of if statement
>qemu-kvm-1.2.0/hw/openrisc_sim.c:90: uninit_use: Using uninitialized value &quot;entry&quot;.
>
><a name='def1089'/>Error: UNINIT (CWE-457): <a href ='#def1089'>[#def1089]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;0U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:97: switch_case: Reached case &quot;0U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:98: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_add(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3419:5: read_parm: Reading a parameter value.
>
><a name='def1090'/>Error: UNINIT (CWE-457): <a href ='#def1090'>[#def1090]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;4194304U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:114: switch_case: Reached case &quot;4194304U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:116: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_div(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3530:5: read_parm: Reading a parameter value.
>
><a name='def1091'/>Error: UNINIT (CWE-457): <a href ='#def1091'>[#def1091]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;5242880U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:119: switch_case: Reached case &quot;5242880U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:121: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_div(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3529:5: read_parm: Reading a parameter value.
>
><a name='def1092'/>Error: UNINIT (CWE-457): <a href ='#def1092'>[#def1092]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;1048576U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:101: switch_case: Reached case &quot;1048576U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:103: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_mul(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3468:5: read_parm: Reading a parameter value.
>
><a name='def1093'/>Error: UNINIT (CWE-457): <a href ='#def1093'>[#def1093]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;8388608U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:134: switch_case: Reached case &quot;8388608U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:135: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_rem(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3603:5: read_parm: Reading a parameter value.
>
><a name='def1094'/>Error: UNINIT (CWE-457): <a href ='#def1094'>[#def1094]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;3178496U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:173: switch_case: Reached case &quot;3178496U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:175: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_round_to_int(float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3196:5: read_parm: Reading a parameter value.
>
><a name='def1095'/>Error: UNINIT (CWE-457): <a href ='#def1095'>[#def1095]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;4227072U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:178: switch_case: Reached case &quot;4227072U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:179: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sqrt(float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3906:5: read_parm: Reading a parameter value.
>
><a name='def1096'/>Error: UNINIT (CWE-457): <a href ='#def1096'>[#def1096]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;2097152U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:106: switch_case: Reached case &quot;2097152U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:107: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sub(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3442:5: read_parm: Reading a parameter value.
>
><a name='def1097'/>Error: UNINIT (CWE-457): <a href ='#def1097'>[#def1097]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;3145728U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:110: switch_case: Reached case &quot;3145728U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:111: uninit_use_in_call: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sub(float64, float64, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:3441:5: read_parm: Reading a parameter value.
>
><a name='def1098'/>Error: UNINIT (CWE-457): <a href ='#def1098'>[#def1098]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: var_decl: Declaring variable &quot;rFm&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: cond_false: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: else_branch: Reached else branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: switch: Switch case value &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: switch_case: Reached case &quot;3&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: cond_true: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: switch: Switch case value &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: switch_case: Reached case &quot;1&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: break: Breaking from switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: switch_end: Reached end of switch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: switch: Switch case value &quot;32768U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:145: switch_case: Reached case &quot;32768U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:146: uninit_use: Using uninitialized value &quot;rFm&quot;.
>
><a name='def1099'/>Error: UNINIT (CWE-457): <a href ='#def1099'>[#def1099]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;0U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:95: switch_case: Reached case &quot;0U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:96: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_add(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4662:5: read_parm: Reading a parameter value.
>
><a name='def1100'/>Error: UNINIT (CWE-457): <a href ='#def1100'>[#def1100]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;4194304U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:112: switch_case: Reached case &quot;4194304U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:114: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_div(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4767:5: read_parm: Reading a parameter value.
>
><a name='def1101'/>Error: UNINIT (CWE-457): <a href ='#def1101'>[#def1101]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;5242880U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:117: switch_case: Reached case &quot;5242880U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:119: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_div(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4770:5: read_parm: Reading a parameter value.
>
><a name='def1102'/>Error: UNINIT (CWE-457): <a href ='#def1102'>[#def1102]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;1048576U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:99: switch_case: Reached case &quot;1048576U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:101: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_mul(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4707:5: read_parm: Reading a parameter value.
>
><a name='def1103'/>Error: UNINIT (CWE-457): <a href ='#def1103'>[#def1103]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;8388608U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:132: switch_case: Reached case &quot;8388608U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:133: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_rem(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4847:5: read_parm: Reading a parameter value.
>
><a name='def1104'/>Error: UNINIT (CWE-457): <a href ='#def1104'>[#def1104]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;2097152U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:104: switch_case: Reached case &quot;2097152U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:105: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_sub(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4683:5: read_parm: Reading a parameter value.
>
><a name='def1105'/>Error: UNINIT (CWE-457): <a href ='#def1105'>[#def1105]</a>
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: var_decl: Declaring variable &quot;rFn&quot; without initializer.
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: cond_true: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: cond_false: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: if_end: End of if statement
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: switch: Switch case value &quot;3145728U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:108: switch_case: Reached case &quot;3145728U&quot;
>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:109: uninit_use_in_call: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_sub(floatx80, floatx80, float_status *)&quot;.
>qemu-kvm-1.2.0/fpu/softfloat.c:4684:5: read_parm: Reading a parameter value.
>
><a name='def1106'/>Error: UNREACHABLE (CWE-561): <a href ='#def1106'>[#def1106]</a>
>qemu-kvm-1.2.0/hw/usb/hcd-musb.c:573: unreachable: This code cannot be reached: &quot;switch (ttype){
> case 0: ...&quot;.
>
><a name='def1107'/>Error: UNREACHABLE (CWE-561): <a href ='#def1107'>[#def1107]</a>
>qemu-kvm-1.2.0/gdbstub.c:446: unreachable: Since the loop increment is unreachable, the loop body will never execute more than once.
>
><a name='def1108'/>Error: UNREACHABLE (CWE-561): <a href ='#def1108'>[#def1108]</a>
>qemu-kvm-1.2.0/hw/sd.c:343: unreachable: This code cannot be reached: &quot;return sd_crc7(buffer, 5UL)...&quot;.
>
><a name='def1109'/>Error: UNREACHABLE (CWE-561): <a href ='#def1109'>[#def1109]</a>
>qemu-kvm-1.2.0/hw/ide/microdrive.c:212: unreachable: This code cannot be reached: &quot;if (s-&gt;cycle)ret = s-&gt;io &gt;&gt;...&quot;.
>
><a name='def1110'/>Error: UNREACHABLE (CWE-561): <a href ='#def1110'>[#def1110]</a>
>qemu-kvm-1.2.0/hw/ide/microdrive.c:273: unreachable: This code cannot be reached: &quot;if (s-&gt;cycle)ide_data_write...&quot;.
>
><a name='def1111'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1111'>[#def1111]</a>
>qemu-kvm-1.2.0/block/qed.c:679: returned_pointer: Pointer &quot;cb.co&quot; returned by &quot;qemu_coroutine_self()&quot; is never used.
>
><a name='def1112'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1112'>[#def1112]</a>
>qemu-kvm-1.2.0/block/qed.c:1395: returned_pointer: Pointer &quot;cb.co&quot; returned by &quot;qemu_coroutine_self()&quot; is never used.
>
><a name='def1113'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1113'>[#def1113]</a>
>qemu-kvm-1.2.0/json-parser.c:545: returned_pointer: Pointer &quot;token&quot; returned by &quot;parser_context_pop_token(ctxt)&quot; is never used.
>
><a name='def1114'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1114'>[#def1114]</a>
>qemu-kvm-1.2.0/linux-user/mmap.c:484: returned_pointer: Pointer &quot;p&quot; returned by &quot;mmap((void *)((unsigned long)(target_ulong)start + guest_base), len, prot, flags | 0x10, fd, host_offset)&quot; is never used.
>
><a name='def1115'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1115'>[#def1115]</a>
>qemu-kvm-1.2.0/linux-user/mmap.c:754: returned_pointer: Pointer &quot;host_addr&quot; returned by &quot;mremap((void *)((unsigned long)(target_ulong)old_addr + guest_base), new_size, old_size, flags)&quot; is never used.
>
><a name='def1116'/>Error: UNUSED_VALUE (CWE-563): <a href ='#def1116'>[#def1116]</a>
>qemu-kvm-1.2.0/json-parser.c:466: returned_pointer: Pointer &quot;token&quot; returned by &quot;parser_context_pop_token(ctxt)&quot; is never used.
>
><a name='def1117'/>Error: USE_AFTER_FREE (CWE-416): <a href ='#def1117'>[#def1117]</a>
>qemu-kvm-1.2.0/envlist.c:141: cond_false: Condition &quot;envlist == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:141: cond_false: Condition &quot;env == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:142: if_end: End of if statement
>qemu-kvm-1.2.0/envlist.c:145: cond_false: Condition &quot;(eq_sign = __coverity_strchr(env, 61)) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:146: if_end: End of if statement
>qemu-kvm-1.2.0/envlist.c:154: alias: Assigning: &quot;entry&quot; = &quot;envlist-&gt;el_entries.lh_first&quot;. Now both point to the same storage.
>qemu-kvm-1.2.0/envlist.c:154: cond_true: Condition &quot;entry != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/envlist.c:156: cond_true: Condition &quot;__coverity_strncmp(entry-&gt;ev_var, env, envname_len) == 0&quot;, taking true branch
>qemu-kvm-1.2.0/envlist.c:157: break: Breaking from loop
>qemu-kvm-1.2.0/envlist.c:158: loop_end: Reached end of loop
>qemu-kvm-1.2.0/envlist.c:160: cond_true: Condition &quot;entry != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/envlist.c:161: cond_true: Condition &quot;entry-&gt;ev_link.le_next != NULL&quot;, taking true branch
>qemu-kvm-1.2.0/envlist.c:163: freed_arg: &quot;free(void *)&quot; frees &quot;entry&quot;.
>qemu-kvm-1.2.0/envlist.c:164: if_fallthrough: Falling through to end of if statement
>qemu-kvm-1.2.0/envlist.c:166: if_end: End of if statement
>qemu-kvm-1.2.0/envlist.c:168: cond_false: Condition &quot;(entry = malloc(24UL /* sizeof (*entry) */)) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:169: if_end: End of if statement
>qemu-kvm-1.2.0/envlist.c:170: cond_false: Condition &quot;0&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:170: cond_false: Condition &quot;(entry-&gt;ev_var = ((0 &amp;&amp; (size_t)(void const *)(env + 1) - (size_t)(void const *)env == 1) ? ((char const *)env[0] == 0) ? (char *)calloc(1UL /* (size_t)1 */, 1UL /* (size_t)1 */) : ({...}) : __strdup(env))) == NULL&quot;, taking false branch
>qemu-kvm-1.2.0/envlist.c:173: if_end: End of if statement
>qemu-kvm-1.2.0/envlist.c:174: use_after_free: Using freed pointer &quot;envlist-&gt;el_entries.lh_first&quot;.
>
><a name='def1118'/>Error: USE_AFTER_FREE (CWE-416): <a href ='#def1118'>[#def1118]</a>
>qemu-kvm-1.2.0/audio/wavaudio.c:183: cond_false: Condition &quot;!wav-&gt;f&quot;, taking false branch
>qemu-kvm-1.2.0/audio/wavaudio.c:185: if_end: End of if statement
>qemu-kvm-1.2.0/audio/wavaudio.c:190: cond_false: Condition &quot;fseek(wav-&gt;f, 4, 0)&quot;, taking false branch
>qemu-kvm-1.2.0/audio/wavaudio.c:194: if_end: End of if statement
>qemu-kvm-1.2.0/audio/wavaudio.c:195: cond_true: Condition &quot;fwrite(rlen, 4, 1, wav-&gt;f) != 1&quot;, taking true branch
>qemu-kvm-1.2.0/audio/wavaudio.c:198: goto: Jumping to label &quot;doclose&quot;
>qemu-kvm-1.2.0/audio/wavaudio.c:211: label: Reached label &quot;doclose&quot;
>qemu-kvm-1.2.0/audio/wavaudio.c:212: freed_arg: &quot;fclose(FILE *)&quot; frees &quot;wav-&gt;f&quot;.
>qemu-kvm-1.2.0/audio/wavaudio.c:212: cond_true: Condition &quot;fclose(wav-&gt;f)&quot;, taking true branch
>qemu-kvm-1.2.0/audio/wavaudio.c:213: pass_freed_arg: Passing freed pointer &quot;wav-&gt;f&quot; as an argument to function &quot;dolog(char const *, ...)&quot;.
>
></pre>
><h2>Scan Properties</h2>
><table style='font-family: monospace;'>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>analyzer</td><td>coverity</td></tr>
><tr><td style='padding-right: 8px;'>analyzer-args</td><td>--wait-for-license --security --concurrency</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>analyzer-version</td><td>Coverity Static Analysis for C/C++ version 6.5.0 on Linux 2.6.32-279.el6.x86_64 x86_64\nInternal version numbers: 5cf350e73a3d7603cb5520c80316bfaded6febde p-carmel-push-12518.257</td></tr>
><tr><td style='padding-right: 8px;'>compilation-unit-count</td><td>2633</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>compilation-unit-ratio</td><td>99</td></tr>
><tr><td style='padding-right: 8px;'>host</td><td>cov01.lab.eng.brq.redhat.com</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>lines-processed</td><td>761013</td></tr>
><tr><td style='padding-right: 8px;'>mock-config</td><td>fedora-rawhide-xscan</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>project-name</td><td>qemu-1.2.0-25.fc19</td></tr>
><tr><td style='padding-right: 8px;'>time-created</td><td>2012-12-07 08:44:41</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>time-elapsed-analysis</td><td>00:24:49</td></tr>
><tr><td style='padding-right: 8px;'>time-finished</td><td>2012-12-07 09:41:35</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>tool</td><td>cov-mockbuild</td></tr>
><tr><td style='padding-right: 8px;'>tool-args</td><td>-i fedora-rawhide-xscan qemu-1.2.0-25.fc19.src.rpm --security --concurrency</td></tr>
><tr style='background-color: #EEE;'><td style='padding-right: 8px;'>tool-version</td><td>cov-mockbuild-0.20121127_91fc7f1-1.el6.noarch csdiff-0.20121113_49dc2ca-1.el6.x86_64</td></tr>
></table>
></body>
></html>

<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.1//EN' 'http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head><title>qemu-1.2.0-25.fc19</title></head>
<body>
<h1>qemu-1.2.0-25.fc19</h1>
<a href='qemu-1.2.0-25.fc19.err'>[Show plain-text results]</a>
<h2>List of Defects</h2>
<pre style='white-space: pre-wrap;'>
<a name='def1'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def1'>[#def1]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1858: <b>cond_true</b>: Condition &quot;nb_regs &gt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1865: <b>cond_false</b>: Condition &quot;call_stack_size &gt; 128&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1866: <b>cond_false</b>: Condition &quot;allocate_args&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1870: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_true</b>: Condition &quot;i &lt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1878: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1880: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1896: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_true</b>: Condition &quot;i &lt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1878: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1880: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1896: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_true</b>: Condition &quot;i &lt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1878: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1880: <b>cond_false</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1888: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1896: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_true</b>: Condition &quot;i &lt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1878: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1880: <b>cond_false</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1882: <b>cond_false</b>: Condition &quot;ts-&gt;val_type == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1888: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1888: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1894: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1896: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_true</b>: Condition &quot;i &lt; nb_params&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1878: <b>cond_false</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1897: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1873: <b>cond_false</b>: Condition &quot;i &lt; nb_params&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1901: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>cond_true</b>: Condition &quot;i &lt; nb_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1907: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1911: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1912: <b>cond_true</b>: Condition &quot;ts-&gt;reg != reg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1915: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1922: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1925: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>cond_true</b>: Condition &quot;i &lt; nb_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1907: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1911: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1912: <b>cond_true</b>: Condition &quot;ts-&gt;reg != reg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1915: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1922: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1925: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>cond_true</b>: Condition &quot;i &lt; nb_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1907: <b>cond_true</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1911: <b>cond_false</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1915: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1915: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1917: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1922: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1925: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>cond_true</b>: Condition &quot;i &lt; nb_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1907: <b>cond_false</b>: Condition &quot;arg != 18446744073709551615UL /* (TCGArg)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1924: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1925: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1905: <b>cond_false</b>: Condition &quot;i &lt; nb_regs&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1925: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1933: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1938: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1958: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1962: <b>cond_true</b>: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1964: <b>cond_true</b>: Condition &quot;(dead_args &gt;&gt; i) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1966: <b>cond_true</b>: Condition &quot;!ts-&gt;fixed_reg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1967: <b>cond_true</b>: Condition &quot;ts-&gt;val_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1972: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1962: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1962: <b>cond_true</b>: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1964: <b>cond_true</b>: Condition &quot;(dead_args &gt;&gt; i) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1966: <b>cond_false</b>: Condition &quot;!ts-&gt;fixed_reg&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1970: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1972: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1962: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1962: <b>cond_false</b>: Condition &quot;i &lt; nb_iargs + nb_oargs&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1972: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1975: <b>cond_true</b>: Condition &quot;reg &lt; 16&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1976: <b>cond_true</b>: Condition &quot;(tcg_target_call_clobber_regs &gt;&gt; reg) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1979: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1975: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1975: <b>cond_true</b>: Condition &quot;reg &lt; 16&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1976: <b>cond_true</b>: Condition &quot;(tcg_target_call_clobber_regs &gt;&gt; reg) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1979: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1975: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1975: <b>cond_false</b>: Condition &quot;reg &lt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1979: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1983: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1987: <b>address_of</b>: Taking address with &quot;&amp;func_arg&quot; yields a singleton pointer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/tcg.c:1987: <b>callee_ptr_arith</b>: Passing &quot;&amp;func_arg&quot; to function &quot;tcg_out_op(TCGContext *, TCGOpcode, TCGArg const *, int const *)&quot; which uses it as an array. This might corrupt or misinterpret adjacent memory locations.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1504:5: <b>switch</b>: Switch case value &quot;INDEX_op_movi_i32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1541:10: <b>switch_case</b>: Reached case &quot;INDEX_op_movi_i32&quot;</span>
qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1542:9: <b>ptr_arith</b>: Performing pointer arithmetic on &quot;args&quot; in expression &quot;args + 1&quot;.

<a name='def2'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def2'>[#def2]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:657: <b>address_of</b>: Taking address with &quot;&amp;d-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:657: <b>assign</b>: Assigning: &quot;ring&quot; = &quot;&amp;d-&gt;ram-&gt;release_ring&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:663: <b>cond_false</b>: Condition &quot;ring-&gt;prod - ring-&gt;cons + 1 == ring-&gt;num_items&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:667: <b>cond_true</b>: Condition &quot;!flush&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:667: <b>cond_false</b>: Condition &quot;d-&gt;oom_running&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:670: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:671: <b>cond_true</b>: Condition &quot;!flush&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:671: <b>cond_false</b>: Condition &quot;d-&gt;num_free_res &lt; 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:674: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:676: <b>cond_true</b>: Condition &quot;ring-&gt;prod == ring-&gt;notify_on_prod&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:677: <b>cond_true</b>: Condition &quot;notify&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:682: <b>cond_true</b>: Condition &quot;notify&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:685: <b>assign</b>: Assigning: &quot;start&quot; = &quot;ring&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:685: <b>ptr_arith</b>: Using &quot;ring&quot; as an array.  This might corrupt or misinterpret adjacent memory locations.

<a name='def3'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def3'>[#def3]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:588: <b>switch</b>: Switch case value &quot;QXL_MODE_COMPAT&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:604: <b>switch_case</b>: Reached case &quot;QXL_MODE_COMPAT&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:607: <b>address_of</b>: Taking address with &quot;&amp;qxl-&gt;ram-&gt;cmd_ring&quot; yields a singleton pointer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:607: <b>assign</b>: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;cmd_ring&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:608: <b>cond_false</b>: Condition &quot;qxl-&gt;guest_bug&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:608: <b>cond_false</b>: Condition &quot;ring-&gt;cons == ring-&gt;prod&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:610: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:611: <b>assign</b>: Assigning: &quot;start&quot; = &quot;ring&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:611: <b>ptr_arith</b>: Using &quot;ring&quot; as an array.  This might corrupt or misinterpret adjacent memory locations.

<a name='def4'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def4'>[#def4]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:748: <b>switch</b>: Switch case value &quot;QXL_MODE_COMPAT&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:749: <b>switch_case</b>: Reached case &quot;QXL_MODE_COMPAT&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:752: <b>address_of</b>: Taking address with &quot;&amp;qxl-&gt;ram-&gt;cursor_ring&quot; yields a singleton pointer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:752: <b>assign</b>: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;cursor_ring&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:753: <b>cond_false</b>: Condition &quot;ring-&gt;cons == ring-&gt;prod&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:755: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:756: <b>assign</b>: Assigning: &quot;start&quot; = &quot;ring&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:756: <b>ptr_arith</b>: Using &quot;ring&quot; as an array.  This might corrupt or misinterpret adjacent memory locations.

<a name='def5'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def5'>[#def5]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:703: <b>cond_false</b>: Condition &quot;ext.group_id == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:713: <b>address_of</b>: Taking address with &quot;&amp;qxl-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:713: <b>assign</b>: Assigning: &quot;ring&quot; = &quot;&amp;qxl-&gt;ram-&gt;release_ring&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:714: <b>assign</b>: Assigning: &quot;start&quot; = &quot;ring&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:714: <b>ptr_arith</b>: Using &quot;ring&quot; as an array.  This might corrupt or misinterpret adjacent memory locations.

<a name='def6'/><b>Error: <span style='background: #C0FF00;'>ARRAY_VS_SINGLETON</span> (CWE-119):</b> <a href ='#def6'>[#def6]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:392: <b>address_of</b>: Taking address with &quot;&amp;d-&gt;ram-&gt;release_ring&quot; yields a singleton pointer.</span>
qemu-kvm-1.2.0/hw/qxl.c:392: <b>ptr_arith</b>: Using &quot;&amp;d-&gt;ram-&gt;release_ring&quot; as an array.  This might corrupt or misinterpret adjacent memory locations.

<a name='def7'/><b>Error: <span style='background: #C0FF00;'>ATOMICITY</span> (CWE-662):</b> <a href ='#def7'>[#def7]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:296: <b>cond_false</b>: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:298: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:300: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:303: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:304: <b>cond_false</b>: Condition &quot;pa-&gt;done&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:306: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:308: <b>cond_true</b>: Condition &quot;pa-&gt;dead &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:309: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:315: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:317: <b>cond_true</b>: Condition &quot;ta &gt; tb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:296: <b>lock</b>: Locking &quot;pa-&gt;pt.mutex&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:318: <b>def</b>: Assigning data that might be protected by the lock to &quot;wpos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:320: <b>unlock</b>: Unlocking &quot;pa-&gt;pt.mutex&quot;. &quot;wpos&quot; might now be unreliable because other threads can now change the data that it depends on.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:320: <b>cond_false</b>: Condition &quot;audio_pt_unlock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:322: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:324: <b>cond_false</b>: Condition &quot;to_grab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:338: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:340: <b>cond_false</b>: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:342: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:340: <b>lockagain</b>: Locking &quot;pa-&gt;pt.mutex&quot; again.</span>
qemu-kvm-1.2.0/audio/paaudio.c:344: <b>use</b>: Using an unreliable value of &quot;wpos&quot; inside the second locked section. If the data that &quot;wpos&quot; depends on was changed by another thread, this use might be incorrect.

<a name='def8'/><b>Error: <span style='background: #C0FF00;'>ATOMICITY</span> (CWE-662):</b> <a href ='#def8'>[#def8]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:204: <b>cond_false</b>: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:208: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:211: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:212: <b>cond_false</b>: Condition &quot;pa-&gt;done&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:214: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:216: <b>cond_true</b>: Condition &quot;pa-&gt;live &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:217: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:223: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:225: <b>cond_true</b>: Condition &quot;ta &gt; tb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:204: <b>lock</b>: Locking &quot;pa-&gt;pt.mutex&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:226: <b>def</b>: Assigning data that might be protected by the lock to &quot;rpos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:228: <b>unlock</b>: Unlocking &quot;pa-&gt;pt.mutex&quot;. &quot;rpos&quot; might now be unreliable because other threads can now change the data that it depends on.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:228: <b>cond_false</b>: Condition &quot;audio_pt_unlock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:230: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:232: <b>cond_false</b>: Condition &quot;to_mix&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:247: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:249: <b>cond_false</b>: Condition &quot;audio_pt_lock(&amp;pa-&gt;pt, &lt;anonymous&gt;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:251: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/paaudio.c:249: <b>lockagain</b>: Locking &quot;pa-&gt;pt.mutex&quot; again.</span>
qemu-kvm-1.2.0/audio/paaudio.c:253: <b>use</b>: Using an unreliable value of &quot;rpos&quot; inside the second locked section. If the data that &quot;rpos&quot; depends on was changed by another thread, this use might be incorrect.

<a name='def9'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def9'>[#def9]</a>
qemu-kvm-1.2.0/trace.h:1116: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def10'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def10'>[#def10]</a>
qemu-kvm-1.2.0/trace.h:1116: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def11'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def11'>[#def11]</a>
qemu-kvm-1.2.0/trace.h:1128: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def12'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def12'>[#def12]</a>
qemu-kvm-1.2.0/trace.h:1128: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def13'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def13'>[#def13]</a>
qemu-kvm-1.2.0/trace.h:1119: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def14'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def14'>[#def14]</a>
qemu-kvm-1.2.0/trace.h:1119: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def15'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def15'>[#def15]</a>
qemu-kvm-1.2.0/trace.h:21: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;newptr&quot; is suspicious.

<a name='def16'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def16'>[#def16]</a>
qemu-kvm-1.2.0/trace.h:21: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def17'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def17'>[#def17]</a>
qemu-kvm-1.2.0/trace.h:2169: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;display_state&quot; is suspicious.

<a name='def18'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def18'>[#def18]</a>
qemu-kvm-1.2.0/trace.h:2169: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.

<a name='def19'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def19'>[#def19]</a>
qemu-kvm-1.2.0/trace.h:903: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def20'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def20'>[#def20]</a>
qemu-kvm-1.2.0/trace.h:915: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.

<a name='def21'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def21'>[#def21]</a>
qemu-kvm-1.2.0/trace.h:78: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def22'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def22'>[#def22]</a>
qemu-kvm-1.2.0/trace.h:78: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;filename&quot; is suspicious.

<a name='def23'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def23'>[#def23]</a>
qemu-kvm-1.2.0/trace.h:78: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;format_name&quot; is suspicious.

<a name='def24'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def24'>[#def24]</a>
qemu-kvm-1.2.0/trace.h:90: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def25'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def25'>[#def25]</a>
qemu-kvm-1.2.0/trace.h:90: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def26'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def26'>[#def26]</a>
qemu-kvm-1.2.0/trace.h:489: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def27'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def27'>[#def27]</a>
qemu-kvm-1.2.0/trace.h:486: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def28'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def28'>[#def28]</a>
qemu-kvm-1.2.0/trace.h:492: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def29'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def29'>[#def29]</a>
qemu-kvm-1.2.0/trace.h:495: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def30'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def30'>[#def30]</a>
qemu-kvm-1.2.0/trace.h:2172: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;display_state&quot; is suspicious.

<a name='def31'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def31'>[#def31]</a>
qemu-kvm-1.2.0/trace.h:2172: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.

<a name='def32'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def32'>[#def32]</a>
qemu-kvm-1.2.0/trace.h:144: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;req&quot; is suspicious.

<a name='def33'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def33'>[#def33]</a>
qemu-kvm-1.2.0/trace.h:141: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;req&quot; is suspicious.

<a name='def34'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def34'>[#def34]</a>
qemu-kvm-1.2.0/trace.h:135: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;req&quot; is suspicious.

<a name='def35'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def35'>[#def35]</a>
qemu-kvm-1.2.0/trace.h:138: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;req&quot; is suspicious.

<a name='def36'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def36'>[#def36]</a>
qemu-kvm-1.2.0/trace.h:480: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;n&quot; is suspicious.

<a name='def37'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def37'>[#def37]</a>
qemu-kvm-1.2.0/trace.h:480: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;o&quot; is suspicious.

<a name='def38'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def38'>[#def38]</a>
qemu-kvm-1.2.0/trace.h:480: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def39'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def39'>[#def39]</a>
qemu-kvm-1.2.0/trace.h:480: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def40'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def40'>[#def40]</a>
qemu-kvm-1.2.0/trace.h:483: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;n&quot; is suspicious.

<a name='def41'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def41'>[#def41]</a>
qemu-kvm-1.2.0/trace.h:483: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;o&quot; is suspicious.

<a name='def42'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def42'>[#def42]</a>
qemu-kvm-1.2.0/trace.h:483: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def43'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def43'>[#def43]</a>
qemu-kvm-1.2.0/trace.h:483: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;port&quot; is suspicious.

<a name='def44'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def44'>[#def44]</a>
qemu-kvm-1.2.0/trace.h:117: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def45'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def45'>[#def45]</a>
qemu-kvm-1.2.0/trace.h:2160: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;cb&quot; is suspicious.

<a name='def46'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def46'>[#def46]</a>
qemu-kvm-1.2.0/trace.h:2160: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.

<a name='def47'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def47'>[#def47]</a>
qemu-kvm-1.2.0/trace.h:2157: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.

<a name='def48'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def48'>[#def48]</a>
qemu-kvm-1.2.0/trace.h:2163: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.

<a name='def49'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def49'>[#def49]</a>
qemu-kvm-1.2.0/trace.h:2166: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.

<a name='def50'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def50'>[#def50]</a>
qemu-kvm-1.2.0/trace.h:2154: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def51'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def51'>[#def51]</a>
qemu-kvm-1.2.0/trace.h:2154: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dbs&quot; is suspicious.

<a name='def52'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def52'>[#def52]</a>
qemu-kvm-1.2.0/trace.h:51: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.

<a name='def53'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def53'>[#def53]</a>
qemu-kvm-1.2.0/trace.h:51: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def54'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def54'>[#def54]</a>
qemu-kvm-1.2.0/trace.h:36: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;elem&quot; is suspicious.

<a name='def55'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def55'>[#def55]</a>
qemu-kvm-1.2.0/trace.h:36: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def56'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def56'>[#def56]</a>
qemu-kvm-1.2.0/trace.h:39: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def57'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def57'>[#def57]</a>
qemu-kvm-1.2.0/trace.h:45: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.

<a name='def58'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def58'>[#def58]</a>
qemu-kvm-1.2.0/trace.h:45: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def59'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def59'>[#def59]</a>
qemu-kvm-1.2.0/trace.h:1548: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;buf&quot; is suspicious.

<a name='def60'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def60'>[#def60]</a>
qemu-kvm-1.2.0/trace.h:1545: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;buf&quot; is suspicious.

<a name='def61'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def61'>[#def61]</a>
qemu-kvm-1.2.0/trace.h:1551: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;buf&quot; is suspicious.

<a name='def62'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def62'>[#def62]</a>
qemu-kvm-1.2.0/trace.h:42: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;elem&quot; is suspicious.

<a name='def63'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def63'>[#def63]</a>
qemu-kvm-1.2.0/trace.h:42: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def64'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def64'>[#def64]</a>
qemu-kvm-1.2.0/trace.h:54: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vdev&quot; is suspicious.

<a name='def65'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def65'>[#def65]</a>
qemu-kvm-1.2.0/trace.h:822: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;f&quot; is suspicious.

<a name='def66'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def66'>[#def66]</a>
qemu-kvm-1.2.0/trace.h:819: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;f&quot; is suspicious.

<a name='def67'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def67'>[#def67]</a>
qemu-kvm-1.2.0/trace.h:1908: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;cmd_name&quot; is suspicious.

<a name='def68'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def68'>[#def68]</a>
qemu-kvm-1.2.0/trace.h:1908: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mon&quot; is suspicious.

<a name='def69'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def69'>[#def69]</a>
qemu-kvm-1.2.0/trace.h:1029: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def70'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def70'>[#def70]</a>
qemu-kvm-1.2.0/trace.h:1026: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def71'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def71'>[#def71]</a>
qemu-kvm-1.2.0/trace.h:1020: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def72'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def72'>[#def72]</a>
qemu-kvm-1.2.0/trace.h:1023: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def73'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def73'>[#def73]</a>
qemu-kvm-1.2.0/trace.h:1017: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def74'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def74'>[#def74]</a>
qemu-kvm-1.2.0/trace.h:102: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def75'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def75'>[#def75]</a>
qemu-kvm-1.2.0/trace.h:108: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def76'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def76'>[#def76]</a>
qemu-kvm-1.2.0/trace.h:99: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def77'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def77'>[#def77]</a>
qemu-kvm-1.2.0/trace.h:105: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def78'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def78'>[#def78]</a>
qemu-kvm-1.2.0/trace.h:519: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;sts&quot; is suspicious.

<a name='def79'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def79'>[#def79]</a>
qemu-kvm-1.2.0/trace.h:522: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;schedule&quot; is suspicious.

<a name='def80'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def80'>[#def80]</a>
qemu-kvm-1.2.0/trace.h:522: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;state&quot; is suspicious.

<a name='def81'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def81'>[#def81]</a>
qemu-kvm-1.2.0/trace.h:48: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;vq&quot; is suspicious.

<a name='def82'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def82'>[#def82]</a>
qemu-kvm-1.2.0/trace.h:1920: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;data&quot; is suspicious.

<a name='def83'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def83'>[#def83]</a>
qemu-kvm-1.2.0/trace.h:1923: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;data&quot; is suspicious.

<a name='def84'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def84'>[#def84]</a>
qemu-kvm-1.2.0/trace.h:1914: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;data&quot; is suspicious.

<a name='def85'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def85'>[#def85]</a>
qemu-kvm-1.2.0/trace.h:1914: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;evname&quot; is suspicious.

<a name='def86'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def86'>[#def86]</a>
qemu-kvm-1.2.0/trace.h:525: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;q&quot; is suspicious.

<a name='def87'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def87'>[#def87]</a>
qemu-kvm-1.2.0/trace.h:552: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;owner&quot; is suspicious.

<a name='def88'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def88'>[#def88]</a>
qemu-kvm-1.2.0/trace.h:501: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;str&quot; is suspicious.

<a name='def89'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def89'>[#def89]</a>
qemu-kvm-1.2.0/trace.h:507: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;str&quot; is suspicious.

<a name='def90'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def90'>[#def90]</a>
qemu-kvm-1.2.0/trace.h:504: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;str&quot; is suspicious.

<a name='def91'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def91'>[#def91]</a>
qemu-kvm-1.2.0/trace.h:549: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;device&quot; is suspicious.

<a name='def92'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def92'>[#def92]</a>
qemu-kvm-1.2.0/trace.h:549: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;owner&quot; is suspicious.

<a name='def93'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def93'>[#def93]</a>
qemu-kvm-1.2.0/trace.h:534: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;q&quot; is suspicious.

<a name='def94'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def94'>[#def94]</a>
qemu-kvm-1.2.0/trace.h:564: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;action&quot; is suspicious.

<a name='def95'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def95'>[#def95]</a>
qemu-kvm-1.2.0/trace.h:564: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def96'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def96'>[#def96]</a>
qemu-kvm-1.2.0/trace.h:564: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;q&quot; is suspicious.

<a name='def97'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def97'>[#def97]</a>
qemu-kvm-1.2.0/trace.h:561: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;action&quot; is suspicious.

<a name='def98'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def98'>[#def98]</a>
qemu-kvm-1.2.0/trace.h:561: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;q&quot; is suspicious.

<a name='def99'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def99'>[#def99]</a>
qemu-kvm-1.2.0/trace.h:570: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;reason&quot; is suspicious.

<a name='def100'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def100'>[#def100]</a>
qemu-kvm-1.2.0/trace.h:87: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def101'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def101'>[#def101]</a>
qemu-kvm-1.2.0/trace.h:87: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def102'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def102'>[#def102]</a>
qemu-kvm-1.2.0/trace.h:84: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mcb&quot; is suspicious.

<a name='def103'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def103'>[#def103]</a>
qemu-kvm-1.2.0/trace.h:2400: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;busname&quot; is suspicious.

<a name='def104'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def104'>[#def104]</a>
qemu-kvm-1.2.0/trace.h:2388: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def105'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def105'>[#def105]</a>
qemu-kvm-1.2.0/trace.h:2385: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;msg&quot; is suspicious.

<a name='def106'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def106'>[#def106]</a>
qemu-kvm-1.2.0/trace.h:1704: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;nxt&quot; is suspicious.

<a name='def107'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def107'>[#def107]</a>
qemu-kvm-1.2.0/trace.h:1707: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.

<a name='def108'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def108'>[#def108]</a>
qemu-kvm-1.2.0/trace.h:1707: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;self&quot; is suspicious.

<a name='def109'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def109'>[#def109]</a>
qemu-kvm-1.2.0/trace.h:1710: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.

<a name='def110'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def110'>[#def110]</a>
qemu-kvm-1.2.0/trace.h:1710: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;self&quot; is suspicious.

<a name='def111'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def111'>[#def111]</a>
qemu-kvm-1.2.0/trace.h:1713: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.

<a name='def112'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def112'>[#def112]</a>
qemu-kvm-1.2.0/trace.h:1713: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;self&quot; is suspicious.

<a name='def113'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def113'>[#def113]</a>
qemu-kvm-1.2.0/trace.h:1716: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mutex&quot; is suspicious.

<a name='def114'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def114'>[#def114]</a>
qemu-kvm-1.2.0/trace.h:1716: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;self&quot; is suspicious.

<a name='def115'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def115'>[#def115]</a>
qemu-kvm-1.2.0/trace.h:2295: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;surface&quot; is suspicious.

<a name='def116'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def116'>[#def116]</a>
qemu-kvm-1.2.0/trace.h:1686: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;addr&quot; is suspicious.

<a name='def117'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def117'>[#def117]</a>
qemu-kvm-1.2.0/trace.h:1974: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;aname&quot; is suspicious.

<a name='def118'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def118'>[#def118]</a>
qemu-kvm-1.2.0/trace.h:1974: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;uname&quot; is suspicious.

<a name='def119'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def119'>[#def119]</a>
qemu-kvm-1.2.0/trace.h:1125: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def120'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def120'>[#def120]</a>
qemu-kvm-1.2.0/trace.h:1125: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def121'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def121'>[#def121]</a>
qemu-kvm-1.2.0/trace.h:1122: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def122'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def122'>[#def122]</a>
qemu-kvm-1.2.0/trace.h:1122: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def123'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def123'>[#def123]</a>
qemu-kvm-1.2.0/trace.h:2034: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def124'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def124'>[#def124]</a>
qemu-kvm-1.2.0/trace.h:2049: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def125'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def125'>[#def125]</a>
qemu-kvm-1.2.0/trace.h:2076: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def126'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def126'>[#def126]</a>
qemu-kvm-1.2.0/trace.h:2094: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;target&quot; is suspicious.

<a name='def127'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def127'>[#def127]</a>
qemu-kvm-1.2.0/trace.h:2040: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def128'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def128'>[#def128]</a>
qemu-kvm-1.2.0/trace.h:2040: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;symname&quot; is suspicious.

<a name='def129'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def129'>[#def129]</a>
qemu-kvm-1.2.0/trace.h:1968: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;version&quot; is suspicious.

<a name='def130'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def130'>[#def130]</a>
qemu-kvm-1.2.0/trace.h:1971: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;version&quot; is suspicious.

<a name='def131'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def131'>[#def131]</a>
qemu-kvm-1.2.0/trace.h:1995: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;qids&quot; is suspicious.

<a name='def132'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def132'>[#def132]</a>
qemu-kvm-1.2.0/trace.h:2088: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def133'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def133'>[#def133]</a>
qemu-kvm-1.2.0/trace.h:2082: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def134'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def134'>[#def134]</a>
qemu-kvm-1.2.0/trace.h:114: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def135'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def135'>[#def135]</a>
qemu-kvm-1.2.0/trace.h:114: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def136'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def136'>[#def136]</a>
qemu-kvm-1.2.0/trace.h:111: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def137'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def137'>[#def137]</a>
qemu-kvm-1.2.0/trace.h:24: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def138'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def138'>[#def138]</a>
qemu-kvm-1.2.0/trace.h:717: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;evt&quot; is suspicious.

<a name='def139'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def139'>[#def139]</a>
qemu-kvm-1.2.0/trace.h:717: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;trb&quot; is suspicious.

<a name='def140'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def140'>[#def140]</a>
qemu-kvm-1.2.0/trace.h:762: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def141'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def141'>[#def141]</a>
qemu-kvm-1.2.0/trace.h:774: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def142'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def142'>[#def142]</a>
qemu-kvm-1.2.0/trace.h:765: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def143'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def143'>[#def143]</a>
qemu-kvm-1.2.0/trace.h:768: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def144'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def144'>[#def144]</a>
qemu-kvm-1.2.0/trace.h:759: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def145'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def145'>[#def145]</a>
qemu-kvm-1.2.0/trace.h:18: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def146'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def146'>[#def146]</a>
qemu-kvm-1.2.0/trace.h:720: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;name&quot; is suspicious.

<a name='def147'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def147'>[#def147]</a>
qemu-kvm-1.2.0/trace.h:771: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;xfer&quot; is suspicious.

<a name='def148'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def148'>[#def148]</a>
qemu-kvm-1.2.0/trace.h:147: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def149'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def149'>[#def149]</a>
qemu-kvm-1.2.0/trace.h:147: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def150'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def150'>[#def150]</a>
qemu-kvm-1.2.0/trace.h:1419: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dcmd&quot; is suspicious.

<a name='def151'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def151'>[#def151]</a>
qemu-kvm-1.2.0/trace.h:1272: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;cmd&quot; is suspicious.

<a name='def152'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def152'>[#def152]</a>
qemu-kvm-1.2.0/trace.h:918: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.

<a name='def153'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def153'>[#def153]</a>
qemu-kvm-1.2.0/trace.h:912: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;aurb&quot; is suspicious.

<a name='def154'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def154'>[#def154]</a>
qemu-kvm-1.2.0/trace.h:1395: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;desc&quot; is suspicious.

<a name='def155'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def155'>[#def155]</a>
qemu-kvm-1.2.0/trace.h:1392: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;desc&quot; is suspicious.

<a name='def156'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def156'>[#def156]</a>
qemu-kvm-1.2.0/trace.h:960: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;dir&quot; is suspicious.

<a name='def157'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def157'>[#def157]</a>
qemu-kvm-1.2.0/trace.h:960: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;type&quot; is suspicious.

<a name='def158'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def158'>[#def158]</a>
qemu-kvm-1.2.0/trace.h:966: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;errmsg&quot; is suspicious.

<a name='def159'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def159'>[#def159]</a>
qemu-kvm-1.2.0/trace.h:909: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def160'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def160'>[#def160]</a>
qemu-kvm-1.2.0/trace.h:897: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def161'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def161'>[#def161]</a>
qemu-kvm-1.2.0/trace.h:900: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def162'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def162'>[#def162]</a>
qemu-kvm-1.2.0/trace.h:906: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;p&quot; is suspicious.

<a name='def163'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def163'>[#def163]</a>
qemu-kvm-1.2.0/block/curl.c:296: <b>bad_sizeof</b>: Taking the size of &quot;curl_read_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?

<a name='def164'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def164'>[#def164]</a>
qemu-kvm-1.2.0/block/curl.c:390: <b>bad_sizeof</b>: Taking the size of &quot;curl_read_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?

<a name='def165'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def165'>[#def165]</a>
qemu-kvm-1.2.0/block/curl.c:386: <b>bad_sizeof</b>: Taking the size of &quot;curl_size_cb(void *, size_t, size_t, void *)&quot;, which is the address of an object, is suspicious. Did you intend the size of the object itself?

<a name='def166'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def166'>[#def166]</a>
qemu-kvm-1.2.0/trace.h:1911: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mon&quot; is suspicious.

<a name='def167'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def167'>[#def167]</a>
qemu-kvm-1.2.0/trace.h:2202: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;cookie&quot; is suspicious.

<a name='def168'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def168'>[#def168]</a>
qemu-kvm-1.2.0/trace.h:2364: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;client_monitors_config&quot; is suspicious.

<a name='def169'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def169'>[#def169]</a>
qemu-kvm-1.2.0/trace.h:2361: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;heads&quot; is suspicious.

<a name='def170'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def170'>[#def170]</a>
qemu-kvm-1.2.0/trace.h:2274: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;last_release&quot; is suspicious.

<a name='def171'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def171'>[#def171]</a>
qemu-kvm-1.2.0/trace.h:2274: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def172'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def172'>[#def172]</a>
qemu-kvm-1.2.0/trace.h:2274: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;notify&quot; is suspicious.

<a name='def173'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def173'>[#def173]</a>
qemu-kvm-1.2.0/trace.h:2256: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def174'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def174'>[#def174]</a>
qemu-kvm-1.2.0/trace.h:2259: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def175'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def175'>[#def175]</a>
qemu-kvm-1.2.0/trace.h:2265: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def176'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def176'>[#def176]</a>
qemu-kvm-1.2.0/trace.h:2268: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def177'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def177'>[#def177]</a>
qemu-kvm-1.2.0/hw/qxl.c:952: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;caps&quot; is suspicious.

<a name='def178'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def178'>[#def178]</a>
qemu-kvm-1.2.0/hw/qxl.c:954: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;caps&quot; is suspicious.

<a name='def179'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def179'>[#def179]</a>
qemu-kvm-1.2.0/trace.h:2226: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def180'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def180'>[#def180]</a>
qemu-kvm-1.2.0/trace.h:2229: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;log_buf&quot; is suspicious.

<a name='def181'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def181'>[#def181]</a>
qemu-kvm-1.2.0/trace.h:2235: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;desc&quot; is suspicious.

<a name='def182'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def182'>[#def182]</a>
qemu-kvm-1.2.0/trace.h:2238: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def183'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def183'>[#def183]</a>
qemu-kvm-1.2.0/trace.h:2331: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ext&quot; is suspicious.

<a name='def184'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def184'>[#def184]</a>
qemu-kvm-1.2.0/trace.h:2244: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def185'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def185'>[#def185]</a>
qemu-kvm-1.2.0/trace.h:1101: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def186'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def186'>[#def186]</a>
qemu-kvm-1.2.0/trace.h:1107: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def187'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def187'>[#def187]</a>
qemu-kvm-1.2.0/trace.h:1107: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def188'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def188'>[#def188]</a>
qemu-kvm-1.2.0/trace.h:1113: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def189'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def189'>[#def189]</a>
qemu-kvm-1.2.0/trace.h:1113: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def190'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def190'>[#def190]</a>
qemu-kvm-1.2.0/trace.h:1110: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def191'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def191'>[#def191]</a>
qemu-kvm-1.2.0/trace.h:1110: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def192'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def192'>[#def192]</a>
qemu-kvm-1.2.0/trace.h:1110: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def193'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def193'>[#def193]</a>
qemu-kvm-1.2.0/trace.h:1104: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def194'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def194'>[#def194]</a>
qemu-kvm-1.2.0/trace.h:1344: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def195'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def195'>[#def195]</a>
qemu-kvm-1.2.0/trace.h:1347: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def196'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def196'>[#def196]</a>
qemu-kvm-1.2.0/trace.h:1311: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def197'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def197'>[#def197]</a>
qemu-kvm-1.2.0/trace.h:1326: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def198'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def198'>[#def198]</a>
qemu-kvm-1.2.0/trace.h:1305: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def199'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def199'>[#def199]</a>
qemu-kvm-1.2.0/trace.h:1305: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;sdev&quot; is suspicious.

<a name='def200'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def200'>[#def200]</a>
qemu-kvm-1.2.0/trace.h:1308: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;frame&quot; is suspicious.

<a name='def201'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def201'>[#def201]</a>
qemu-kvm-1.2.0/trace.h:126: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;job&quot; is suspicious.

<a name='def202'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def202'>[#def202]</a>
qemu-kvm-1.2.0/trace.h:132: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def203'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def203'>[#def203]</a>
qemu-kvm-1.2.0/trace.h:132: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;job&quot; is suspicious.

<a name='def204'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def204'>[#def204]</a>
qemu-kvm-1.2.0/trace.h:129: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def205'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def205'>[#def205]</a>
qemu-kvm-1.2.0/trace.h:129: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;job&quot; is suspicious.

<a name='def206'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def206'>[#def206]</a>
qemu-kvm-1.2.0/trace.h:1044: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def207'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def207'>[#def207]</a>
qemu-kvm-1.2.0/trace.h:1056: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def208'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def208'>[#def208]</a>
qemu-kvm-1.2.0/trace.h:1047: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def209'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def209'>[#def209]</a>
qemu-kvm-1.2.0/trace.h:1053: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def210'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def210'>[#def210]</a>
qemu-kvm-1.2.0/trace.h:1050: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def211'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def211'>[#def211]</a>
qemu-kvm-1.2.0/trace.h:2175: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;display_surface&quot; is suspicious.

<a name='def212'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def212'>[#def212]</a>
qemu-kvm-1.2.0/trace.h:2175: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;filename&quot; is suspicious.

<a name='def213'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def213'>[#def213]</a>
qemu-kvm-1.2.0/trace.h:93: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def214'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def214'>[#def214]</a>
qemu-kvm-1.2.0/trace.h:93: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def215'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def215'>[#def215]</a>
qemu-kvm-1.2.0/trace.h:96: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def216'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def216'>[#def216]</a>
qemu-kvm-1.2.0/trace.h:96: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def217'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def217'>[#def217]</a>
qemu-kvm-1.2.0/trace.h:1071: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def218'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def218'>[#def218]</a>
qemu-kvm-1.2.0/trace.h:1074: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def219'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def219'>[#def219]</a>
qemu-kvm-1.2.0/trace.h:1059: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def220'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def220'>[#def220]</a>
qemu-kvm-1.2.0/trace.h:1068: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def221'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def221'>[#def221]</a>
qemu-kvm-1.2.0/trace.h:1065: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def222'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def222'>[#def222]</a>
qemu-kvm-1.2.0/trace.h:1062: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def223'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def223'>[#def223]</a>
qemu-kvm-1.2.0/trace.h:1086: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def224'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def224'>[#def224]</a>
qemu-kvm-1.2.0/trace.h:1086: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;table&quot; is suspicious.

<a name='def225'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def225'>[#def225]</a>
qemu-kvm-1.2.0/trace.h:1092: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def226'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def226'>[#def226]</a>
qemu-kvm-1.2.0/trace.h:1092: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;table&quot; is suspicious.

<a name='def227'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def227'>[#def227]</a>
qemu-kvm-1.2.0/trace.h:1089: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def228'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def228'>[#def228]</a>
qemu-kvm-1.2.0/trace.h:1089: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;table&quot; is suspicious.

<a name='def229'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def229'>[#def229]</a>
qemu-kvm-1.2.0/trace.h:1095: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def230'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def230'>[#def230]</a>
qemu-kvm-1.2.0/trace.h:1095: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;table&quot; is suspicious.

<a name='def231'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def231'>[#def231]</a>
qemu-kvm-1.2.0/trace.h:1197: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;scd&quot; is suspicious.

<a name='def232'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def232'>[#def232]</a>
qemu-kvm-1.2.0/trace.h:1194: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;scd&quot; is suspicious.

<a name='def233'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def233'>[#def233]</a>
qemu-kvm-1.2.0/trace.h:1038: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def234'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def234'>[#def234]</a>
qemu-kvm-1.2.0/trace.h:1035: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def235'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def235'>[#def235]</a>
qemu-kvm-1.2.0/trace.h:1041: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def236'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def236'>[#def236]</a>
qemu-kvm-1.2.0/trace.h:1032: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def237'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def237'>[#def237]</a>
qemu-kvm-1.2.0/trace.h:33: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def238'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def238'>[#def238]</a>
qemu-kvm-1.2.0/trace.h:27: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def239'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def239'>[#def239]</a>
qemu-kvm-1.2.0/trace.h:30: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;ptr&quot; is suspicious.

<a name='def240'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def240'>[#def240]</a>
qemu-kvm-1.2.0/trace.h:2382: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;cookie&quot; is suspicious.

<a name='def241'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def241'>[#def241]</a>
qemu-kvm-1.2.0/trace.h:81: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mcb&quot; is suspicious.

<a name='def242'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def242'>[#def242]</a>
qemu-kvm-1.2.0/trace.h:1917: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;data&quot; is suspicious.

<a name='def243'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def243'>[#def243]</a>
qemu-kvm-1.2.0/trace.h:153: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def244'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def244'>[#def244]</a>
qemu-kvm-1.2.0/trace.h:153: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def245'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def245'>[#def245]</a>
qemu-kvm-1.2.0/trace.h:150: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;acb&quot; is suspicious.

<a name='def246'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def246'>[#def246]</a>
qemu-kvm-1.2.0/trace.h:150: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def247'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def247'>[#def247]</a>
qemu-kvm-1.2.0/block/rbd.c:593: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;rcb&quot; is suspicious.

<a name='def248'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def248'>[#def248]</a>
qemu-kvm-1.2.0/trace.h:120: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def249'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def249'>[#def249]</a>
qemu-kvm-1.2.0/trace.h:123: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;base&quot; is suspicious.

<a name='def250'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def250'>[#def250]</a>
qemu-kvm-1.2.0/trace.h:123: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def251'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def251'>[#def251]</a>
qemu-kvm-1.2.0/trace.h:123: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def252'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def252'>[#def252]</a>
qemu-kvm-1.2.0/trace.h:123: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def253'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def253'>[#def253]</a>
qemu-kvm-1.2.0/trace.h:123: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def254'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def254'>[#def254]</a>
qemu-kvm-1.2.0/trace.h:162: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def255'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def255'>[#def255]</a>
qemu-kvm-1.2.0/trace.h:1077: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;entry&quot; is suspicious.

<a name='def256'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def256'>[#def256]</a>
qemu-kvm-1.2.0/trace.h:1077: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;l2_cache&quot; is suspicious.

<a name='def257'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def257'>[#def257]</a>
qemu-kvm-1.2.0/trace.h:1083: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;entry&quot; is suspicious.

<a name='def258'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def258'>[#def258]</a>
qemu-kvm-1.2.0/trace.h:1083: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;l2_cache&quot; is suspicious.

<a name='def259'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def259'>[#def259]</a>
qemu-kvm-1.2.0/trace.h:1080: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;entry&quot; is suspicious.

<a name='def260'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def260'>[#def260]</a>
qemu-kvm-1.2.0/trace.h:1098: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;s&quot; is suspicious.

<a name='def261'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def261'>[#def261]</a>
qemu-kvm-1.2.0/trace.h:1698: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;co&quot; is suspicious.

<a name='def262'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def262'>[#def262]</a>
qemu-kvm-1.2.0/trace.h:1692: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;from&quot; is suspicious.

<a name='def263'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def263'>[#def263]</a>
qemu-kvm-1.2.0/trace.h:1692: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;opaque&quot; is suspicious.

<a name='def264'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def264'>[#def264]</a>
qemu-kvm-1.2.0/trace.h:1692: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;to&quot; is suspicious.

<a name='def265'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def265'>[#def265]</a>
qemu-kvm-1.2.0/trace.h:1695: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;from&quot; is suspicious.

<a name='def266'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def266'>[#def266]</a>
qemu-kvm-1.2.0/trace.h:1695: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;to&quot; is suspicious.

<a name='def267'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def267'>[#def267]</a>
qemu-kvm-1.2.0/trace.h:1458: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;intr&quot; is suspicious.

<a name='def268'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def268'>[#def268]</a>
qemu-kvm-1.2.0/trace.h:1458: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;mode&quot; is suspicious.

<a name='def269'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def269'>[#def269]</a>
qemu-kvm-1.2.0/trace.h:264: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def270'/><b>Error: <span style='background: #C0FF00;'>BAD_SIZEOF</span> (CWE-467):</b> <a href ='#def270'>[#def270]</a>
qemu-kvm-1.2.0/trace.h:267: <b>bad_sizeof</b>: Taking the size of pointer parameter &quot;bs&quot; is suspicious.

<a name='def271'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE</span> (CWE-170):</b> <a href ='#def271'>[#def271]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:620: <b>cond_true</b>: Condition &quot;is_dot&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/vvfat.c:622: <b>buffer_size</b>: You might overrun the 8 byte destination string &quot;entry-&gt;name&quot; by writing the maximum 11 bytes from &quot;32&quot;.

<a name='def272'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE</span> (CWE-170):</b> <a href ='#def272'>[#def272]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:620: <b>cond_false</b>: Condition &quot;is_dot&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:625: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_false</b>: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:631: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:632: <b>cond_true</b>: Condition &quot;j &gt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:632: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:634: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block/vvfat.c:637: <b>buffer_size</b>: You might overrun the 8 byte destination string &quot;entry-&gt;name&quot; by writing the maximum 11 bytes from &quot;32&quot;.

<a name='def273'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def273'>[#def273]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1178: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1180: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block/sheepdog.c:1183: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;buf&quot; of size 256 bytes might leave the destination string unterminated.

<a name='def274'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def274'>[#def274]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci.c:1390: <b>cond_true</b>: Condition &quot;hci-&gt;device.lmp_name&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/bt-hci.c:1391: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 248 bytes on destination array &quot;params.name&quot; of size 248 bytes might leave the destination string unterminated.

<a name='def275'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def275'>[#def275]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2451: <b>cond_true</b>: Condition &quot;len &gt;= 80&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2453: <b>cond_false</b>: Condition &quot;copy_from_user(&amp;psinfo-&gt;pr_psargs, ts-&gt;info-&gt;arg_start, len)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2454: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2455: <b>cond_true</b>: Condition &quot;i &lt; len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2456: <b>cond_true</b>: Condition &quot;psinfo-&gt;pr_psargs[i] == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2457: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2455: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2455: <b>cond_true</b>: Condition &quot;i &lt; len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2456: <b>cond_true</b>: Condition &quot;psinfo-&gt;pr_psargs[i] == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2457: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2455: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2455: <b>cond_false</b>: Condition &quot;i &lt; len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2457: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2467: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2468: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
qemu-kvm-1.2.0/linux-user/elfload.c:2469: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;psinfo-&gt;pr_fname&quot; of size 16 bytes might leave the destination string unterminated.

<a name='def276'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def276'>[#def276]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:108: <b>cond_false</b>: Condition &quot;!v9fs_synth_fs&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:110: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:111: <b>cond_false</b>: Condition &quot;!name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:111: <b>cond_false</b>: Condition &quot;strlen(name) &gt;= 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:113: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:114: <b>cond_true</b>: Condition &quot;!parent&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: <b>cond_true</b>: Condition &quot;tmp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:120: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(tmp-&gt;name, name)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:123: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:124: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:119: <b>cond_false</b>: Condition &quot;tmp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:124: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:135: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 255 bytes on destination array &quot;node-&gt;name&quot; of size 255 bytes might leave the destination string unterminated.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:136: <b>cond_true</b>: Condition &quot;parent-&gt;child.lh_first != NULL&quot;, taking true branch

<a name='def277'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def277'>[#def277]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:47: <b>cond_true</b>: Condition &quot;attr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:51: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:59: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:61: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 255 bytes on destination array &quot;node-&gt;name&quot; of size 255 bytes might leave the destination string unterminated.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-synth.c:62: <b>cond_true</b>: Condition &quot;parent-&gt;child.lh_first != NULL&quot;, taking true branch

<a name='def278'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def278'>[#def278]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1280: <b>cond_false</b>: Condition &quot;!drv&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1283: <b>cond_false</b>: Condition &quot;!bs-&gt;backing_hd&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1285: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1287: <b>cond_false</b>: Condition &quot;bs-&gt;backing_hd-&gt;keep_read_only&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1291: <b>cond_false</b>: Condition &quot;bdrv_in_use(bs)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1291: <b>cond_false</b>: Condition &quot;bdrv_in_use(bs-&gt;backing_hd)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1293: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1297: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 1024 bytes on destination array &quot;filename&quot; of size 1024 bytes might leave the destination string unterminated.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1300: <b>cond_true</b>: Condition &quot;ro&quot;, taking true branch</span>
qemu-kvm-1.2.0/block.c:1307: <b>cond_true</b>: Condition &quot;rw_ret &lt; 0&quot;, taking true branch

<a name='def279'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def279'>[#def279]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1102: <b>cond_false</b>: Condition &quot;parse_vdiname(s, filename, vdi, &amp;snapid, tag) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1105: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1107: <b>cond_false</b>: Condition &quot;s-&gt;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1110: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1113: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1115: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1117: <b>cond_true</b>: Condition &quot;flags &amp; 0x40&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1120: <b>cond_false</b>: Condition &quot;s-&gt;flush_fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1124: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1127: <b>cond_true</b>: Condition &quot;snapid&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1133: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1137: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1145: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1147: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block/sheepdog.c:1154: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;s-&gt;name&quot; of size 256 bytes might leave the destination string unterminated.

<a name='def280'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def280'>[#def280]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1746: <b>cond_false</b>: Condition &quot;s-&gt;is_snapshot&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1757: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;s-&gt;inode.tag&quot; of size 256 bytes might leave the destination string unterminated.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1763: <b>cond_true</b>: Condition &quot;fd &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1765: <b>goto</b>: Jumping to label &quot;cleanup&quot;</span>
qemu-kvm-1.2.0/block/sheepdog.c:1797: <b>label</b>: Reached label &quot;cleanup&quot;

<a name='def281'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def281'>[#def281]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1821: <b>cond_true</b>: Condition &quot;!snapid&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/sheepdog.c:1822: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;tag&quot; of size 256 bytes might leave the destination string unterminated.

<a name='def282'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def282'>[#def282]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1817: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;vdi&quot; of size 256 bytes might leave the destination string unterminated.</span>
qemu-kvm-1.2.0/block/sheepdog.c:1821: <b>cond_true</b>: Condition &quot;!snapid&quot;, taking true branch

<a name='def283'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def283'>[#def283]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1896: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1899: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1912: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1914: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1923: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1927: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1929: <b>cond_true</b>: Condition &quot;found &lt; nr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1930: <b>cond_false</b>: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1932: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1939: <b>cond_true</b>: Condition &quot;ret&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1940: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1955: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1929: <b>cond_true</b>: Condition &quot;found &lt; nr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1930: <b>cond_false</b>: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1932: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1939: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1941: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1943: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(inode.name, s-&gt;name)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1943: <b>cond_true</b>: Condition &quot;is_snapshot(&amp;inode)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1951: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;(sn_tab + found).name&quot; of size 256 bytes might leave the destination string unterminated.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1955: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1929: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1929: <b>cond_true</b>: Condition &quot;found &lt; nr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1930: <b>cond_true</b>: Condition &quot;!test_bit(vid, vdi_inuse)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1931: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1955: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1963: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
qemu-kvm-1.2.0/block/sheepdog.c:1965: <b>if_end</b>: End of if statement

<a name='def284'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def284'>[#def284]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:149: <b>cond_false</b>: Condition &quot;!s&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:150: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:152: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;name&quot; of size 16 bytes might leave the destination string unterminated.</span>
qemu-kvm-1.2.0/os-posix.c:155: <b>cond_true</b>: Condition &quot;prctl(15, name)&quot;, taking true branch

<a name='def285'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def285'>[#def285]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:231: <b>cond_false</b>: Condition &quot;__s == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:231: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:231: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:231: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:239: <b>cond_true</b>: Condition &quot;cpu_model == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:244: <b>cond_false</b>: Condition &quot;cpu == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:247: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:283: <b>cond_true</b>: Condition &quot;dinfo&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:290: <b>cond_true</b>: Condition &quot;i &lt; nb_nics&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:291: <b>cond_true</b>: Condition &quot;i == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:291: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:290: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:290: <b>cond_true</b>: Condition &quot;i &lt; nb_nics&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:291: <b>cond_false</b>: Condition &quot;i == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:291: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:290: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:290: <b>cond_false</b>: Condition &quot;i &lt; nb_nics&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:291: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:299: <b>cond_true</b>: Condition &quot;kernel_filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:305: <b>cond_false</b>: Condition &quot;kernel_size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:308: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:316: <b>cond_true</b>: Condition &quot;initrd_filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:323: <b>cond_false</b>: Condition &quot;initrd_size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:326: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/r2d.c:334: <b>cond_true</b>: Condition &quot;kernel_cmdline&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/r2d.c:335: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 256 bytes on destination array &quot;boot_params.kernel_cmdline&quot; of size 256 bytes might leave the destination string unterminated.

<a name='def286'/><b>Error: <span style='background: #C0FF00;'>BUFFER_SIZE_WARNING</span> (CWE-170):</b> <a href ='#def286'>[#def286]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:785: <b>cond_false</b>: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:790: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:792: <b>cond_true</b>: Condition &quot;ifa&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:806: <b>cond_true</b>: Condition &quot;!info&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:811: <b>cond_true</b>: Condition &quot;!cur_item&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:813: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:816: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:823: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:828: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:831: <b>buffer_size_warning</b>: Calling strncpy with a maximum size argument of 16 bytes on destination array &quot;ifr.ifr_ifrn.ifrn_name&quot; of size 16 bytes might leave the destination string unterminated.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>cond_true</b>: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:838: <b>goto</b>: Jumping to label &quot;error&quot;</span>
qemu-kvm-1.2.0/qga/commands-posix.c:932: <b>label</b>: Reached label &quot;error&quot;

<a name='def287'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def287'>[#def287]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:165: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:175: <b>switch_default</b>: Reached default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:176: <b>check_return</b>: Calling function &quot;audio_bug(char const *, int)&quot; without checking return value (as is done elsewhere 25 out of 26 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:192: <b>example_checked</b>: &quot;audio_bug(&quot;audio_calloc&quot;, cond)&quot; has its value checked in &quot;audio_bug(&quot;audio_calloc&quot;, cond)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:1003: <b>example_checked</b>: &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; hw-&gt;samples)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:1530: <b>example_checked</b>: &quot;audio_bug(&lt;anonymous&gt;, captured &gt; sw-&gt;total_hw_samples_mixed)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, captured &gt; sw-&gt;total_hw_samples_mixed)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/audio.c:1281: <b>example_checked</b>: &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; sw-&gt;hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, live &lt; 0 || live &gt; sw-&gt;hw-&gt;samples)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/sdlaudio.c:256: <b>example_checked</b>: &quot;audio_bug(&lt;anonymous&gt;, sdl-&gt;live &lt; 0 || sdl-&gt;live &gt; hw-&gt;samples)&quot; has its value checked in &quot;audio_bug(&lt;anonymous&gt;, sdl-&gt;live &lt; 0 || sdl-&gt;live &gt; hw-&gt;samples)&quot;.</span>
qemu-kvm-1.2.0/audio/audio.c:176: <b>unchecked_value</b>: No check of the return value of &quot;audio_bug(&quot;bits_to_index&quot;, 1)&quot;.

<a name='def288'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def288'>[#def288]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:162: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:164: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:166: <b>check_return</b>: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: <b>example_assign</b>: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: <b>example_checked</b>: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:166: <b>unchecked_value</b>: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 0UL, 0, &quot;dd&quot;, &amp;header.type, &amp;header.size)&quot;.

<a name='def289'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def289'>[#def289]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:162: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:164: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:171: <b>cond_false</b>: Condition &quot;header.size &gt; 65536U /* 64 * 1024 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:183: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:187: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:189: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:192: <b>cond_false</b>: Condition &quot;header.type == T_ERROR&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:199: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:201: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:246: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:247: <b>check_return</b>: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: <b>example_assign</b>: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: <b>example_checked</b>: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:247: <b>unchecked_value</b>: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;q&quot;, response)&quot;.

<a name='def290'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def290'>[#def290]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:271: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:273: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:275: <b>check_return</b>: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: <b>example_assign</b>: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: <b>example_checked</b>: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:275: <b>unchecked_value</b>: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 0UL, 0, &quot;dd&quot;, &amp;header.type, &amp;header.size)&quot;.

<a name='def291'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def291'>[#def291]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:271: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:273: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:276: <b>cond_false</b>: Condition &quot;header.size != 4UL /* sizeof (int) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:279: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:282: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:286: <b>check_return</b>: Calling function &quot;v9fs_unmarshal(struct iovec *, int, size_t, int, char const *, ...)&quot; without checking return value (as is done elsewhere 62 out of 66 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:639: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(iovec, 1, 8UL, 0, &quot;sdddd&quot;, &amp;path, &amp;flags, &amp;mode, &amp;uid, &amp;gid)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:641: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:162: <b>example_assign</b>: Assigning: &quot;copied&quot; = return value from &quot;v9fs_unmarshal(out_sg, out_num, offset, bswap, &quot;w&quot;, &amp;str-&gt;size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:164: <b>example_checked</b>: &quot;copied&quot; has its value checked in &quot;copied &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:194: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:195: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:910: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ds&quot;, &amp;s-&gt;msize, &amp;version)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:911: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1239: <b>example_assign</b>: Assigning: &quot;err&quot; = return value from &quot;v9fs_unmarshal(pdu-&gt;elem.out_sg, pdu-&gt;elem.out_num, offset, 1, &quot;ddw&quot;, &amp;fid, &amp;newfid, &amp;nwnames)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p.c:1240: <b>example_checked</b>: &quot;err&quot; has its value checked in &quot;err &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:286: <b>unchecked_value</b>: No check of the return value of &quot;v9fs_unmarshal(reply, 1, 8UL, 0, &quot;d&quot;, status)&quot;.

<a name='def292'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def292'>[#def292]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:505: <b>cond_true</b>: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:507: <b>cond_false</b>: Condition &quot;err == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:509: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:512: <b>cond_true</b>: Condition &quot;err == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:514: <b>goto</b>: Jumping to label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:541: <b>label</b>: Reached label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:542: <b>check_return</b>: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:542: <b>unchecked_value</b>: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.

<a name='def293'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def293'>[#def293]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:445: <b>cond_true</b>: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:448: <b>cond_false</b>: Condition &quot;err == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:450: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:452: <b>cond_true</b>: Condition &quot;err == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:454: <b>goto</b>: Jumping to label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:483: <b>label</b>: Reached label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:484: <b>check_return</b>: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:484: <b>unchecked_value</b>: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.

<a name='def294'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def294'>[#def294]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:609: <b>cond_true</b>: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:611: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:614: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:618: <b>cond_true</b>: Condition &quot;err == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:620: <b>goto</b>: Jumping to label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:652: <b>label</b>: Reached label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:654: <b>check_return</b>: Calling function &quot;remove(rpath(fs_ctx, path, buffer))&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:654: <b>unchecked_value</b>: No check of the return value of &quot;remove(rpath(fs_ctx, path, buffer))&quot;.

<a name='def295'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def295'>[#def295]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:676: <b>cond_true</b>: Condition &quot;fs_ctx-&gt;export_flags &amp; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:681: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:684: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:689: <b>cond_false</b>: Condition &quot;write_size == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:691: <b>cond_false</b>: Condition &quot;write_size != oldpath_size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:696: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:701: <b>cond_true</b>: Condition &quot;err == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:703: <b>goto</b>: Jumping to label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:756: <b>label</b>: Reached label &quot;err_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:757: <b>check_return</b>: Calling function &quot;remove(rpath(fs_ctx, newpath, buffer))&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:757: <b>unchecked_value</b>: No check of the return value of &quot;remove(rpath(fs_ctx, newpath, buffer))&quot;.

<a name='def296'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def296'>[#def296]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:191: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:192: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:195: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:196: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:198: <b>cond_true</b>: Condition &quot;bswap_needed&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:203: <b>switch</b>: Switch case value &quot;267U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:204: <b>switch_case</b>: Reached case &quot;267U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:207: <b>cond_false</b>: Condition &quot;e.a_text + e.a_data &gt; max_sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:208: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:209: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:209: <b>check_return</b>: Calling function &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/loader.c:209: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot;.

<a name='def297'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def297'>[#def297]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:191: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:192: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:195: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:196: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:198: <b>cond_true</b>: Condition &quot;bswap_needed&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:203: <b>switch</b>: Switch case value &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:214: <b>switch_case</b>: Reached case &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_false</b>: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:216: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:217: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:217: <b>check_return</b>: Calling function &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/loader.c:217: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, (((e.a_info &amp; 0xffffU) == 0x10bU) ? 1024UL : (((e.a_info &amp; 0xffffU) == 0xccU) ? 0UL : 32UL)), 0)&quot;.

<a name='def298'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def298'>[#def298]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:238: <b>check_return</b>: Calling function &quot;lseek(fd, ehdr.e_phoff, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/elf_ops.h:238: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, ehdr.e_phoff, 0)&quot;.

<a name='def299'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def299'>[#def299]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:238: <b>check_return</b>: Calling function &quot;lseek(fd, ehdr.e_phoff, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/elf_ops.h:238: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, ehdr.e_phoff, 0)&quot;.

<a name='def300'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def300'>[#def300]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2764: <b>cond_false</b>: Condition &quot;dumpsize.rlim_cur == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2765: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2767: <b>cond_false</b>: Condition &quot;core_dump_filename(ts, corefile, 4096UL /* sizeof (corefile) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2768: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2770: <b>cond_false</b>: Condition &quot;(fd = open(corefile, 65 /* 1 | 0x40 */, 420 /* ((0x100 | 0x80) | (0x100 &gt;&gt; 3)) | ((0x100 &gt;&gt; 3) &gt;&gt; 3) */)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2772: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2779: <b>cond_false</b>: Condition &quot;(mm = vma_init()) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2780: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2790: <b>cond_false</b>: Condition &quot;dump_write(fd, &amp;elf, 52UL /* sizeof (elf) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2791: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2794: <b>cond_false</b>: Condition &quot;fill_note_info(&amp;info, signr, env) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2795: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2804: <b>cond_false</b>: Condition &quot;dump_write(fd, &amp;phdr, 32UL /* sizeof (phdr) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2805: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2811: <b>cond_true</b>: Condition &quot;1 /* 1 &amp;&amp; (8192 - 1 &amp; 0x2000) == 0 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2817: <b>cond_true</b>: Condition &quot;vma != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2827: <b>cond_true</b>: Condition &quot;vma-&gt;vma_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2828: <b>cond_true</b>: Condition &quot;vma-&gt;vma_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2830: <b>cond_true</b>: Condition &quot;vma-&gt;vma_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2835: <b>check_return</b>: Calling function &quot;dump_write(int, void const *, size_t)&quot; without checking return value (as is done elsewhere 6 out of 7 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2591: <b>example_checked</b>: &quot;dump_write(fd, &amp;en, 12UL)&quot; has its value checked in &quot;dump_write(fd, &amp;en, 12UL) != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2593: <b>example_checked</b>: &quot;dump_write(fd, men-&gt;name, men-&gt;namesz_rounded)&quot; has its value checked in &quot;dump_write(fd, men-&gt;name, men-&gt;namesz_rounded) != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2595: <b>example_checked</b>: &quot;dump_write(fd, men-&gt;data, men-&gt;datasz_rounded)&quot; has its value checked in &quot;dump_write(fd, men-&gt;data, men-&gt;datasz_rounded) != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2790: <b>example_checked</b>: &quot;dump_write(fd, &amp;elf, 52UL)&quot; has its value checked in &quot;dump_write(fd, &amp;elf, 52UL) != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2804: <b>example_checked</b>: &quot;dump_write(fd, &amp;phdr, 32UL)&quot; has its value checked in &quot;dump_write(fd, &amp;phdr, 32UL) != 0&quot;.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:2835: <b>unchecked_value</b>: No check of the return value of &quot;dump_write(fd, &amp;phdr, 32UL)&quot;.

<a name='def301'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def301'>[#def301]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:525: <b>cond_true</b>: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_BRIDGE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:528: <b>cond_true</b>: Condition &quot;bridge-&gt;has_helper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:529: <b>cond_true</b>: Condition &quot;bridge-&gt;has_br&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:532: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:534: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:536: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/net/tap.c:536: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.

<a name='def302'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def302'>[#def302]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:602: <b>cond_true</b>: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_TAP&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:605: <b>cond_true</b>: Condition &quot;tap-&gt;has_fd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:606: <b>cond_false</b>: Condition &quot;tap-&gt;has_ifname&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:606: <b>cond_false</b>: Condition &quot;tap-&gt;has_script&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:606: <b>cond_false</b>: Condition &quot;tap-&gt;has_downscript&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:606: <b>cond_false</b>: Condition &quot;tap-&gt;has_vnet_hdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:606: <b>cond_false</b>: Condition &quot;tap-&gt;has_helper&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:611: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:614: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:616: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:618: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/net/tap.c:618: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.

<a name='def303'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def303'>[#def303]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:602: <b>cond_true</b>: Condition &quot;opts-&gt;kind == NET_CLIENT_OPTIONS_KIND_TAP&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:605: <b>cond_false</b>: Condition &quot;tap-&gt;has_fd&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:624: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:624: <b>cond_true</b>: Condition &quot;tap-&gt;has_helper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:625: <b>cond_false</b>: Condition &quot;tap-&gt;has_ifname&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:625: <b>cond_false</b>: Condition &quot;tap-&gt;has_script&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:625: <b>cond_false</b>: Condition &quot;tap-&gt;has_downscript&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:625: <b>cond_false</b>: Condition &quot;tap-&gt;has_vnet_hdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:630: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:633: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:635: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap.c:637: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/net/tap.c:637: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.

<a name='def304'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def304'>[#def304]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2468: <b>check_return</b>: Calling function &quot;setsockopt(fd, 6, 1, (char *)&amp;val, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:2468: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(fd, 6, 1, (char *)&amp;val, 4U)&quot;.

<a name='def305'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def305'>[#def305]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2456: <b>check_return</b>: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:2456: <b>unchecked_value</b>: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.

<a name='def306'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def306'>[#def306]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2458: <b>check_return</b>: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:2458: <b>unchecked_value</b>: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.

<a name='def307'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def307'>[#def307]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2460: <b>check_return</b>: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:2460: <b>unchecked_value</b>: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.

<a name='def308'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def308'>[#def308]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2462: <b>check_return</b>: Calling function &quot;send(fd, (char *)buf, 3UL, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:2462: <b>unchecked_value</b>: No check of the return value of &quot;send(fd, (char *)buf, 3UL, 0)&quot;.

<a name='def309'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def309'>[#def309]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:858: <b>cond_false</b>: Condition &quot;stdio_nb_clients &gt;= 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:860: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:861: <b>cond_true</b>: Condition &quot;stdio_nb_clients == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:864: <b>check_return</b>: Calling function &quot;fcntl(0, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:864: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(0, 4, 2048)&quot;.

<a name='def310'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def310'>[#def310]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:1095: <b>check_return</b>: Calling function &quot;fd_open(BlockDriverState *)&quot; without checking return value (as is done elsewhere 6 out of 7 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:1083: <b>example_checked</b>: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &gt;= 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:941: <b>example_checked</b>: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:369: <b>example_checked</b>: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:325: <b>example_checked</b>: &quot;fd_open(bs)&quot; has its value checked in &quot;fd_open(bs) &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:612: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;fd_open(bs)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:613: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
qemu-kvm-1.2.0/block/raw-posix.c:1095: <b>unchecked_value</b>: No check of the return value of &quot;fd_open(bs)&quot;.

<a name='def311'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def311'>[#def311]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:324: <b>check_return</b>: Calling function &quot;fstat(fd, &amp;buf)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/ivshmem.c:324: <b>unchecked_value</b>: No check of the return value of &quot;fstat(fd, &amp;buf)&quot;.

<a name='def312'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def312'>[#def312]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:660: <b>check_return</b>: Calling function &quot;fseek(f, where, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/pc.c:660: <b>unchecked_value</b>: No check of the return value of &quot;fseek(f, where, 0)&quot;.

<a name='def313'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def313'>[#def313]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pflash_cfi01.c:203: <b>cond_true</b>: Condition &quot;pfl-&gt;bs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pflash_cfi01.c:208: <b>check_return</b>: Calling function &quot;bdrv_write(BlockDriverState *, int64_t, uint8_t const *, int)&quot; without checking return value (as is done elsewhere 36 out of 40 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow.c:813: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs, sector_num, buf, s-&gt;cluster_sectors)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow.c:814: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2.c:1161: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, (meta.cluster_offset &gt;&gt; 9) + num - 1UL, buf, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2.c:1162: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vdi.c:596: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, 0L, block, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vdi.c:600: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:761: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(extent-&gt;file, cluster_offset, whole_grain, extent-&gt;cluster_sectors)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:763: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1697: <b>example_checked</b>: &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot; has its value checked in &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot;.</span>
qemu-kvm-1.2.0/hw/pflash_cfi01.c:208: <b>unchecked_value</b>: No check of the return value of &quot;bdrv_write(pfl-&gt;bs, offset, pfl-&gt;storage + (offset &lt;&lt; 9), offset_end - offset)&quot;.

<a name='def314'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def314'>[#def314]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pflash_cfi02.c:234: <b>cond_true</b>: Condition &quot;pfl-&gt;bs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pflash_cfi02.c:239: <b>check_return</b>: Calling function &quot;bdrv_write(BlockDriverState *, int64_t, uint8_t const *, int)&quot; without checking return value (as is done elsewhere 36 out of 40 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow.c:813: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs, sector_num, buf, s-&gt;cluster_sectors)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow.c:814: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2.c:1161: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, (meta.cluster_offset &gt;&gt; 9) + num - 1UL, buf, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2.c:1162: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vdi.c:596: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(bs-&gt;file, 0L, block, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vdi.c:600: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:761: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_write(extent-&gt;file, cluster_offset, whole_grain, extent-&gt;cluster_sectors)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:763: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1697: <b>example_checked</b>: &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot; has its value checked in &quot;bdrv_write(s-&gt;qcow, offset, s-&gt;cluster_buffer, 1)&quot;.</span>
qemu-kvm-1.2.0/hw/pflash_cfi02.c:239: <b>unchecked_value</b>: No check of the return value of &quot;bdrv_write(pfl-&gt;bs, offset, pfl-&gt;storage + (offset &lt;&lt; 9), offset_end - offset)&quot;.

<a name='def315'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def315'>[#def315]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:956: <b>cond_true</b>: Condition &quot;!nr_copies&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:962: <b>cond_true</b>: Condition &quot;aiocb_type == AIOCB_READ_UDATA&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:966: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:974: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:976: <b>cond_true</b>: Condition &quot;s-&gt;cache_enabled&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:997: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1001: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1003: <b>cond_false</b>: Condition &quot;wlen&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1010: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1012: <b>check_return</b>: Calling function &quot;socket_set_cork(s-&gt;fd, 0)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:60:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;</span>
qemu-kvm-1.2.0/block/sheepdog.c:1012: <b>unchecked_value</b>: No check of the return value of &quot;socket_set_cork(s-&gt;fd, 0)&quot;.

<a name='def316'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def316'>[#def316]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:956: <b>cond_true</b>: Condition &quot;!nr_copies&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:962: <b>cond_true</b>: Condition &quot;aiocb_type == AIOCB_READ_UDATA&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:966: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:974: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:976: <b>cond_true</b>: Condition &quot;s-&gt;cache_enabled&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:993: <b>check_return</b>: Calling function &quot;socket_set_cork(s-&gt;fd, 1)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:60:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;</span>
qemu-kvm-1.2.0/block/sheepdog.c:993: <b>unchecked_value</b>: No check of the return value of &quot;socket_set_cork(s-&gt;fd, 1)&quot;.

<a name='def317'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def317'>[#def317]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:163: <b>cond_true</b>: Condition &quot;!done&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:163: <b>cond_false</b>: Condition &quot;i &lt; ncmdline&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:187: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:188: <b>cond_false</b>: Condition &quot;cmdline&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:191: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:193: <b>cond_true</b>: Condition &quot;!done&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:194: <b>cond_true</b>: Condition &quot;!prompted&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cmd.c:201: <b>check_return</b>: Calling function &quot;main_loop_wait(0)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:478:5: <b>cond_true</b>: Condition &quot;nonblocking&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:480:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:482:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:496:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;os_host_main_loop_wait(timeout)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:298:5: <b>cond_true</b>: Condition &quot;timeout &lt; 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:304:5: <b>cond_true</b>: Condition &quot;timeout &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:308:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;select(nfds + 1, &amp;rfds, &amp;wfds, &amp;xfds, tvarg)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:310:5: <b>cond_true</b>: Condition &quot;timeout &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:314:5: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:314:5: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:499:5: <b>cond_true</b>: Condition &quot;ret &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/cmd.c:201: <b>unchecked_value</b>: No check of the return value of &quot;main_loop_wait(0)&quot;.

<a name='def318'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def318'>[#def318]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:514: <b>cond_false</b>: Condition &quot;parse_host_port(&amp;saddr, host_str) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:515: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:518: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:521: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:526: <b>check_return</b>: Calling function &quot;setsockopt(fd, 1, 2, (char const *)&amp;val, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/net/socket.c:526: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(fd, 1, 2, (char const *)&amp;val, 4U)&quot;.

<a name='def319'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def319'>[#def319]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:431: <b>cond_true</b>: Condition &quot;!(env-&gt;psw.mask &amp; 0x100000000ULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:435: <b>check_return</b>: Calling function &quot;mmu_translate(CPUS390XState *, target_ulong, int, uint64_t, target_ulong *, int *)&quot; without checking return value (as is done elsewhere 7 out of 8 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:400: <b>example_checked</b>: &quot;mmu_translate(env, vaddr, rw, asc, &amp;raddr, &amp;prot)&quot; has its value checked in &quot;mmu_translate(env, vaddr, rw, asc, &amp;raddr, &amp;prot)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/mem_helper.c:117: <b>example_checked</b>: &quot;mmu_translate(env, src, 0, asc, &amp;src_phys, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, src, 0, asc, &amp;src_phys, &amp;flags)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/mem_helper.c:87: <b>example_checked</b>: &quot;mmu_translate(env, dest, 1, asc, &amp;dest_phys, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, dest, 1, asc, &amp;dest_phys, &amp;flags)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/mem_helper.c:1183: <b>example_checked</b>: &quot;mmu_translate(env, addr, 0, asc, &amp;ret, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, addr, 0, asc, &amp;ret, &amp;flags)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/mem_helper.c:1090: <b>example_checked</b>: &quot;mmu_translate(env, a1 &amp; 0xfffffffffffff000UL, 1, mode1, &amp;dest, &amp;flags)&quot; has its value checked in &quot;mmu_translate(env, a1 &amp; 0xfffffffffffff000UL, 1, mode1, &amp;dest, &amp;flags)&quot;.</span>
qemu-kvm-1.2.0/target-s390x/helper.c:435: <b>unchecked_value</b>: No check of the return value of &quot;mmu_translate(env, vaddr, 2, asc, &amp;raddr, &amp;prot)&quot;.

<a name='def320'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def320'>[#def320]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: <b>cond_false</b>: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:413: <b>check_return</b>: Calling function &quot;fcntl(card-&gt;pipe[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/ccid-card-emulated.c:413: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(card-&gt;pipe[0], 4, 2048)&quot;.

<a name='def321'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def321'>[#def321]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: <b>cond_false</b>: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:415: <b>check_return</b>: Calling function &quot;fcntl(card-&gt;pipe[0], 8, getpid())&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/ccid-card-emulated.c:415: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(card-&gt;pipe[0], 8, getpid())&quot;.

<a name='def322'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def322'>[#def322]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:409: <b>cond_false</b>: Condition &quot;pipe(card-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:412: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ccid-card-emulated.c:414: <b>check_return</b>: Calling function &quot;fcntl(card-&gt;pipe[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/ccid-card-emulated.c:414: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(card-&gt;pipe[1], 4, 2048)&quot;.

<a name='def323'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def323'>[#def323]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:646: <b>cond_false</b>: Condition &quot;posix_aio_state&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:647: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:652: <b>cond_false</b>: Condition &quot;qemu_pipe(fds) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:656: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:661: <b>check_return</b>: Calling function &quot;fcntl(s-&gt;rfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/posix-aio-compat.c:661: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(s-&gt;rfd, 4, 2048)&quot;.

<a name='def324'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def324'>[#def324]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:646: <b>cond_false</b>: Condition &quot;posix_aio_state&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:647: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:652: <b>cond_false</b>: Condition &quot;qemu_pipe(fds) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:656: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:662: <b>check_return</b>: Calling function &quot;fcntl(s-&gt;wfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/posix-aio-compat.c:662: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(s-&gt;wfd, 4, 2048)&quot;.

<a name='def325'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def325'>[#def325]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:821: <b>check_return</b>: Calling function &quot;fcntl(0, 4, old_fd0_flags)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-char.c:821: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(0, 4, old_fd0_flags)&quot;.

<a name='def326'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def326'>[#def326]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1707: <b>cond_false</b>: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1711: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1712: <b>check_return</b>: Calling function &quot;fcntl(d-&gt;pipe[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/qxl.c:1712: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(d-&gt;pipe[0], 4, 2048)&quot;.

<a name='def327'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def327'>[#def327]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1707: <b>cond_false</b>: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1711: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1714: <b>check_return</b>: Calling function &quot;fcntl(d-&gt;pipe[0], 8, getpid())&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/qxl.c:1714: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(d-&gt;pipe[0], 8, getpid())&quot;.

<a name='def328'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def328'>[#def328]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1707: <b>cond_false</b>: Condition &quot;pipe(d-&gt;pipe) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1711: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1713: <b>check_return</b>: Calling function &quot;fcntl(d-&gt;pipe[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/qxl.c:1713: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(d-&gt;pipe[1], 4, 2048)&quot;.

<a name='def329'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def329'>[#def329]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:356: <b>check_return</b>: Calling function &quot;fseek(s-&gt;stdio_file, pos, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/savevm.c:356: <b>unchecked_value</b>: No check of the return value of &quot;fseek(s-&gt;stdio_file, pos, 0)&quot;.

<a name='def330'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def330'>[#def330]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:349: <b>check_return</b>: Calling function &quot;fseek(s-&gt;stdio_file, pos, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/savevm.c:349: <b>unchecked_value</b>: No check of the return value of &quot;fseek(s-&gt;stdio_file, pos, 0)&quot;.

<a name='def331'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def331'>[#def331]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:91: <b>cond_true</b>: Condition &quot;req&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:91: <b>cond_true</b>: Condition &quot;(next = req-&gt;next.tqe_next) , 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:93: <b>cond_true</b>: Condition &quot;req-&gt;retry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:95: <b>switch</b>: Switch case value &quot;SCSI_XFER_NONE&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:100: <b>switch_case</b>: Reached case &quot;SCSI_XFER_NONE&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:101: <b>cond_true</b>: Condition &quot;!req-&gt;sg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:103: <b>check_return</b>: Calling function &quot;scsi_req_enqueue(SCSIRequest *)&quot; without checking return value (as is done elsewhere 9 out of 11 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/esp.c:133: <b>example_assign</b>: Assigning: &quot;datalen&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current_req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/esp.c:135: <b>example_checked</b>: &quot;datalen&quot; has its value checked in &quot;datalen != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/lsi53c895a.c:773: <b>example_assign</b>: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current-&gt;req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/lsi53c895a.c:774: <b>example_checked</b>: &quot;n&quot; has its value checked in &quot;n&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/megasas.c:1123: <b>example_assign</b>: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/megasas.c:1124: <b>example_checked</b>: &quot;len&quot; has its value checked in &quot;len &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:624: <b>example_assign</b>: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(req-&gt;sreq)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:629: <b>example_checked</b>: &quot;n&quot; has its value checked in &quot;n&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-uas.c:560: <b>example_assign</b>: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req-&gt;req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-uas.c:561: <b>example_checked</b>: &quot;len&quot; has its value checked in &quot;len&quot;.</span>
qemu-kvm-1.2.0/hw/scsi-bus.c:103: <b>unchecked_value</b>: No check of the return value of &quot;scsi_req_enqueue(req)&quot;.

<a name='def332'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def332'>[#def332]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:602: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:607: <b>cond_false</b>: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:610: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:616: <b>cond_true</b>: Condition &quot;flags &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U /* sizeof (int) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), 16U /* sizeof (addr) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:643: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:646: <b>check_return</b>: Calling function &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/socket.c:646: <b>unchecked_value</b>: No check of the return value of &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.

<a name='def333'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def333'>[#def333]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:602: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:607: <b>cond_false</b>: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:610: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:616: <b>cond_true</b>: Condition &quot;flags &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U /* sizeof (int) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), 16U /* sizeof (addr) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:643: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:644: <b>check_return</b>: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/socket.c:644: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.

<a name='def334'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def334'>[#def334]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:355: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:356: <b>check_return</b>: Calling function &quot;sosendoob(so)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:298:2: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:301:2: <b>cond_true</b>: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:303:3: <b>return_wrapper</b>: The function wraps and returns the value of &quot;slirp_send(so, sb-&gt;sb_rptr, so-&gt;so_urgc, 1)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828:2: <b>cond_true</b>: Condition &quot;so-&gt;s == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828:2: <b>cond_false</b>: Condition &quot;so-&gt;extra&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:831:2: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:833:2: <b>return_wrapper</b>: The function wraps and returns the value of &quot;send(so-&gt;s, buf, len, flags)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:307:2: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:330:2: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:334:2: <b>cond_true</b>: Condition &quot;sb-&gt;sb_rptr &gt;= sb-&gt;sb_data + sb-&gt;sb_datalen&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/socket.c:356: <b>unchecked_value</b>: No check of the return value of &quot;sosendoob(so)&quot;.

<a name='def335'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def335'>[#def335]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1223: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1226: <b>cond_false</b>: Condition &quot;flat&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1236: <b>cond_true</b>: Condition &quot;compress&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1238: <b>cond_true</b>: Condition &quot;compress&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1277: <b>cond_false</b>: Condition &quot;ret != 4UL /* sizeof (magic) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1280: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1282: <b>cond_false</b>: Condition &quot;ret != 75UL /* sizeof (header) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1285: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1288: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1291: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1295: <b>cond_true</b>: Condition &quot;i &lt; gt_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1298: <b>cond_false</b>: Condition &quot;ret != 4UL /* sizeof (tmp) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1301: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1302: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1295: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1295: <b>cond_true</b>: Condition &quot;i &lt; gt_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1298: <b>cond_false</b>: Condition &quot;ret != 4UL /* sizeof (tmp) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1301: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1302: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1295: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1295: <b>cond_false</b>: Condition &quot;i &lt; gt_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1302: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1305: <b>check_return</b>: Calling function &quot;lseek(fd, le64_to_cpu(header.gd_offset) &lt;&lt; 9, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/block/vmdk.c:1305: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, le64_to_cpu(header.gd_offset) &lt;&lt; 9, 0)&quot;.

<a name='def336'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def336'>[#def336]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1223: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1226: <b>cond_false</b>: Condition &quot;flat&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1236: <b>cond_true</b>: Condition &quot;compress&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1238: <b>cond_true</b>: Condition &quot;compress&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1277: <b>cond_false</b>: Condition &quot;ret != 4UL /* sizeof (magic) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1280: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1282: <b>cond_false</b>: Condition &quot;ret != 75UL /* sizeof (header) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1285: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1288: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1291: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:1294: <b>check_return</b>: Calling function &quot;lseek(fd, le64_to_cpu(header.rgd_offset) &lt;&lt; 9, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/block/vmdk.c:1294: <b>unchecked_value</b>: No check of the return value of &quot;lseek(fd, le64_to_cpu(header.rgd_offset) &lt;&lt; 9, 0)&quot;.

<a name='def337'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def337'>[#def337]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:280: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:285: <b>check_return</b>: Calling function &quot;setsockopt(sock, 1, 2, &amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-sockets.c:285: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(sock, 1, 2, &amp;on, 4U)&quot;.

<a name='def338'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def338'>[#def338]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:121: <b>cond_false</b>: Condition &quot;qemu_opt_get(opts, &quot;host&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:121: <b>cond_false</b>: Condition &quot;qemu_opt_get(opts, &quot;port&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:126: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:131: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:132: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:133: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:134: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:137: <b>cond_true</b>: Condition &quot;port_offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:139: <b>cond_true</b>: Condition &quot;strlen(addr)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:140: <b>cond_false</b>: Condition &quot;rc != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:145: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:148: <b>cond_true</b>: Condition &quot;e != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:153: <b>cond_false</b>: Condition &quot;slisten &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:160: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:162: <b>check_return</b>: Calling function &quot;setsockopt(slisten, 1, 2, (void *)&amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-sockets.c:162: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(slisten, 1, 2, (void *)&amp;on, 4U)&quot;.

<a name='def339'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def339'>[#def339]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:121: <b>cond_false</b>: Condition &quot;qemu_opt_get(opts, &quot;host&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:121: <b>cond_false</b>: Condition &quot;qemu_opt_get(opts, &quot;port&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:126: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:131: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:132: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:133: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:134: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:137: <b>cond_true</b>: Condition &quot;port_offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:139: <b>cond_true</b>: Condition &quot;strlen(addr)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:140: <b>cond_false</b>: Condition &quot;rc != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:145: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:148: <b>cond_true</b>: Condition &quot;e != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:153: <b>cond_false</b>: Condition &quot;slisten &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:160: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:164: <b>cond_true</b>: Condition &quot;e-&gt;ai_family == 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:166: <b>check_return</b>: Calling function &quot;setsockopt(slisten, 41, 26, (void *)&amp;off, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-sockets.c:166: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(slisten, 41, 26, (void *)&amp;off, 4U)&quot;.

<a name='def340'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def340'>[#def340]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:424: <b>cond_true</b>: Condition &quot;addr == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:427: <b>cond_false</b>: Condition &quot;port == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:427: <b>cond_false</b>: Condition &quot;strlen(port) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:430: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:432: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv4&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:433: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:434: <b>cond_false</b>: Condition &quot;qemu_opt_get_bool(opts, &quot;ipv6&quot;, false /* 0 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:435: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:437: <b>cond_false</b>: Condition &quot;0 != (rc = getaddrinfo(addr, port, &amp;ai, &amp;peer))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:441: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:451: <b>cond_true</b>: Condition &quot;addr == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:454: <b>cond_true</b>: Condition &quot;!port&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:457: <b>cond_false</b>: Condition &quot;0 != (rc = getaddrinfo(addr, port, &amp;ai, &amp;local))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:461: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:465: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:469: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:470: <b>check_return</b>: Calling function &quot;setsockopt(sock, 1, 2, (void *)&amp;on, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qemu-sockets.c:470: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(sock, 1, 2, (void *)&amp;on, 4U)&quot;.

<a name='def341'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def341'>[#def341]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:393: <b>switch</b>: Switch case value &quot;225&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:394: <b>switch_case</b>: Reached case &quot;225&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:395: <b>cond_false</b>: Condition &quot;devep != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:396: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:398: <b>switch</b>: Switch case value &quot;USB_MSDM_CBW&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:399: <b>switch_case</b>: Reached case &quot;USB_MSDM_CBW&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:400: <b>cond_false</b>: Condition &quot;p-&gt;iov.size != 31&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:403: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:405: <b>cond_false</b>: Condition &quot;le32_to_cpu(cbw.sig) != 1128420181&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:409: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:411: <b>cond_false</b>: Condition &quot;cbw.lun != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:414: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:417: <b>cond_true</b>: Condition &quot;s-&gt;data_len == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:419: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:423: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:426: <b>cond_true</b>: Condition &quot;le32_to_cpu(s-&gt;csw.residue) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: <b>check_return</b>: Calling function &quot;scsi_req_enqueue(SCSIRequest *)&quot; without checking return value (as is done elsewhere 9 out of 11 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/esp.c:133: <b>example_assign</b>: Assigning: &quot;datalen&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current_req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/esp.c:135: <b>example_checked</b>: &quot;datalen&quot; has its value checked in &quot;datalen != 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/lsi53c895a.c:773: <b>example_assign</b>: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(s-&gt;current-&gt;req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/lsi53c895a.c:774: <b>example_checked</b>: &quot;n&quot; has its value checked in &quot;n&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/megasas.c:1123: <b>example_assign</b>: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/megasas.c:1124: <b>example_checked</b>: &quot;len&quot; has its value checked in &quot;len &gt; 0L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:624: <b>example_assign</b>: Assigning: &quot;n&quot; = return value from &quot;scsi_req_enqueue(req-&gt;sreq)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:629: <b>example_checked</b>: &quot;n&quot; has its value checked in &quot;n&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-uas.c:560: <b>example_assign</b>: Assigning: &quot;len&quot; = return value from &quot;scsi_req_enqueue(req-&gt;req)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-uas.c:561: <b>example_checked</b>: &quot;len&quot; has its value checked in &quot;len&quot;.</span>
qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: <b>unchecked_value</b>: No check of the return value of &quot;scsi_req_enqueue(s-&gt;req)&quot;.

<a name='def342'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def342'>[#def342]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:286: <b>cond_false</b>: Condition &quot;pagetable_index &gt;= s-&gt;max_table_entries&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:286: <b>cond_false</b>: Condition &quot;s-&gt;pagetable[pagetable_index] == 4294967295U&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:287: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:297: <b>cond_true</b>: Condition &quot;write&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:297: <b>cond_true</b>: Condition &quot;s-&gt;last_bitmap_offset != bitmap_offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:302: <b>check_return</b>: Calling function &quot;bdrv_pwrite_sync(BlockDriverState *, int64_t, void const *, int)&quot; without checking return value (as is done elsewhere 23 out of 24 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/cow.c:122: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, offset, &amp;bitmap, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/cow.c:123: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow.c:382: <b>example_checked</b>: &quot;bdrv_pwrite_sync(bs-&gt;file, l2_offset + l2_index * 8UL, &amp;tmp, 8)&quot; has its value checked in &quot;bdrv_pwrite_sync(bs-&gt;file, l2_offset + l2_index * 8UL, &amp;tmp, 8) &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-cluster.c:145: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, s-&gt;l1_table_offset + 8 * l1_start_index, buf, 512)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-cluster.c:147: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:265: <b>example_assign</b>: Assigning: &quot;ret&quot; = return value from &quot;bdrv_pwrite_sync(bs-&gt;file, s-&gt;refcount_table_offset + refcount_table_index * 8UL, &amp;data64, 8)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:268: <b>example_checked</b>: &quot;ret&quot; has its value checked in &quot;ret &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vmdk.c:785: <b>example_checked</b>: &quot;bdrv_pwrite_sync(extent-&gt;file, (int64_t)m_data-&gt;l2_offset * 512L + m_data-&gt;l2_index * 4UL, &amp;m_data-&gt;offset, 4)&quot; has its value checked in &quot;bdrv_pwrite_sync(extent-&gt;file, (int64_t)m_data-&gt;l2_offset * 512L + m_data-&gt;l2_index * 4UL, &amp;m_data-&gt;offset, 4) &lt; 0&quot;.</span>
qemu-kvm-1.2.0/block/vpc.c:302: <b>unchecked_value</b>: No check of the return value of &quot;bdrv_pwrite_sync(bs-&gt;file, bitmap_offset, bitmap, s-&gt;bitmap_size)&quot;.

<a name='def343'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def343'>[#def343]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1274: <b>check_return</b>: Calling function &quot;strstart(char const *, char const *, char const **)&quot; without checking return value (as is done elsewhere 74 out of 76 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/nbd.c:95: <b>example_checked</b>: &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot; has its value checked in &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:1055: <b>example_checked</b>: &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot; has its value checked in &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:170: <b>example_checked</b>: &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot; has its value checked in &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1024: <b>example_checked</b>: &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot; has its value checked in &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dump.c:847: <b>example_checked</b>: &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot; has its value checked in &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot;.</span>
qemu-kvm-1.2.0/block/sheepdog.c:1274: <b>unchecked_value</b>: No check of the return value of &quot;strstart(filename, &quot;sheepdog:&quot;, &amp;vdiname)&quot;.

<a name='def344'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def344'>[#def344]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:1094: <b>check_return</b>: Calling function &quot;strstart(char const *, char const *, char const **)&quot; without checking return value (as is done elsewhere 74 out of 76 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/nbd.c:95: <b>example_checked</b>: &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot; has its value checked in &quot;strstart(file, &quot;nbd:&quot;, &amp;host_spec)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/raw-posix.c:1055: <b>example_checked</b>: &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot; has its value checked in &quot;strstart(filename, &quot;/dev/fd&quot;, NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:170: <b>example_checked</b>: &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot; has its value checked in &quot;strstart(filename, &quot;rbd:&quot;, &amp;start)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1024: <b>example_checked</b>: &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot; has its value checked in &quot;strstart(dirname, &quot;fat:&quot;, NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dump.c:847: <b>example_checked</b>: &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot; has its value checked in &quot;strstart(file, &quot;file:&quot;, &amp;p)&quot;.</span>
qemu-kvm-1.2.0/block/sheepdog.c:1094: <b>unchecked_value</b>: No check of the return value of &quot;strstart(filename, &quot;sheepdog:&quot;, (char const **)&amp;filename)&quot;.

<a name='def345'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def345'>[#def345]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:738: <b>cond_false</b>: Condition &quot;!len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:740: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:743: <b>cond_true</b>: Condition &quot;rc &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:745: <b>cond_true</b>: Condition &quot;ret != len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:749: <b>check_return</b>: Calling function &quot;socket_set_cork(csock, 0)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:60:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;</span>
qemu-kvm-1.2.0/nbd.c:749: <b>unchecked_value</b>: No check of the return value of &quot;socket_set_cork(csock, 0)&quot;.

<a name='def346'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def346'>[#def346]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:738: <b>cond_false</b>: Condition &quot;!len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:740: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:741: <b>check_return</b>: Calling function &quot;socket_set_cork(csock, 1)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:60:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;setsockopt(fd, 6, 3, &amp;v, 4U)&quot;</span>
qemu-kvm-1.2.0/nbd.c:741: <b>unchecked_value</b>: No check of the return value of &quot;socket_set_cork(csock, 1)&quot;.

<a name='def347'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def347'>[#def347]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:147: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, f &amp; 0xfffffffffffff7ff)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/oslib-posix.c:147: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, f &amp; 0xfffffffffffff7ff)&quot;.

<a name='def348'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def348'>[#def348]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:154: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, f | 0x800)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/oslib-posix.c:154: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, f | 0x800)&quot;.

<a name='def349'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def349'>[#def349]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:161: <b>check_return</b>: Calling function &quot;fcntl(fd, 2, f | 1)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/oslib-posix.c:161: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 2, f | 1)&quot;.

<a name='def350'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def350'>[#def350]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;*__errno_location() != 38&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:235: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:241: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:242: <b>check_return</b>: Calling function &quot;stat(path, &amp;st)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/oslib-posix.c:242: <b>unchecked_value</b>: No check of the return value of &quot;stat(path, &amp;st)&quot;.

<a name='def351'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def351'>[#def351]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:87: <b>cond_false</b>: Condition &quot;__s == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:87: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:87: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:87: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:106: <b>cond_true</b>: Condition &quot;cpu_model == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:121: <b>cond_true</b>: Condition &quot;dinfo&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:129: <b>cond_true</b>: Condition &quot;i &lt; 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:131: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:129: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:129: <b>cond_true</b>: Condition &quot;i &lt; 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:131: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:129: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:129: <b>cond_false</b>: Condition &quot;i &lt; 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:131: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:134: <b>cond_true</b>: Condition &quot;bios_name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:139: <b>cond_true</b>: Condition &quot;bios_filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist.c:140: <b>check_return</b>: Calling function &quot;load_image_targphys(char const *, target_phys_addr_t, uint64_t)&quot; without checking return value (as is done elsewhere 50 out of 60 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/an5206.c:73: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/an5206.c:77: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:400: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(info-&gt;kernel_filename, entry, info-&gt;ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:404: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/armv7m.c:238: <b>example_assign</b>: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 0UL, flash_size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/armv7m.c:241: <b>example_checked</b>: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cris-boot.c:79: <b>example_assign</b>: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(li-&gt;image_filename, 1073758208U, ram_size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cris-boot.c:84: <b>example_checked</b>: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/dummy_m68k.c:56: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/dummy_m68k.c:61: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/milkymist.c:140: <b>unchecked_value</b>: No check of the return value of &quot;load_image_targphys(bios_filename, 8781824U, 524288UL)&quot;.

<a name='def352'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def352'>[#def352]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:335: <b>cond_true</b>: Condition &quot;(ret = so-&gt;s = qemu_socket(2, SOCK_STREAM, 0)) &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:343: <b>check_return</b>: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:343: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.

<a name='def353'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def353'>[#def353]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:335: <b>cond_true</b>: Condition &quot;(ret = so-&gt;s = qemu_socket(2, SOCK_STREAM, 0)) &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:341: <b>check_return</b>: Calling function &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:341: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot;.

<a name='def354'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def354'>[#def354]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: <b>cond_true</b>: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: <b>cond_false</b>: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:431: <b>check_return</b>: Calling function &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:431: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 1, 10, (char *)&amp;opt, 4U)&quot;.

<a name='def355'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def355'>[#def355]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: <b>cond_true</b>: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: <b>cond_false</b>: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:429: <b>check_return</b>: Calling function &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:429: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 1, 2, (char *)&amp;opt, 4U)&quot;.

<a name='def356'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def356'>[#def356]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: <b>cond_true</b>: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:419: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:423: <b>cond_false</b>: Condition &quot;(s = accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:426: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:433: <b>check_return</b>: Calling function &quot;setsockopt(s, 6, 1, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:433: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(s, 6, 1, (char *)&amp;opt, 4U)&quot;.

<a name='def357'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def357'>[#def357]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tftp.c:105: <b>cond_true</b>: Condition &quot;spt-&gt;fd &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tftp.c:109: <b>cond_false</b>: Condition &quot;spt-&gt;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tftp.c:111: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tftp.c:113: <b>cond_true</b>: Condition &quot;len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tftp.c:114: <b>check_return</b>: Calling function &quot;lseek(spt-&gt;fd, block_nr * 512U, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/tftp.c:114: <b>unchecked_value</b>: No check of the return value of &quot;lseek(spt-&gt;fd, block_nr * 512U, 0)&quot;.

<a name='def358'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def358'>[#def358]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>cond_true</b>: Condition &quot;channel != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>cond_true</b>: Condition &quot;({...})&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:35: <b>cond_false</b>: Condition &quot;client_fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:38: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:39: <b>check_return</b>: Calling function &quot;fcntl(client_fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/qga/channel-posix.c:39: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(client_fd, 4, 2048)&quot;.

<a name='def359'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def359'>[#def359]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;115&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:349: <b>switch_case</b>: Reached case &quot;115&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:351: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;110&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:352: <b>switch_case</b>: Reached case &quot;110&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:356: <b>cond_false</b>: Condition &quot;seen_cache&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:358: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:360: <b>cond_false</b>: Condition &quot;bdrv_parse_cache_flags(optarg, &amp;flags) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:362: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:363: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:365: <b>switch_case</b>: Reached case &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:366: <b>cond_false</b>: Condition &quot;seen_aio&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:368: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:370: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(optarg, &quot;native&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:372: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:376: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:377: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;115&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:349: <b>switch_case</b>: Reached case &quot;115&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:351: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;98&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:379: <b>switch_case</b>: Reached case &quot;98&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:381: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;112&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:382: <b>switch_case</b>: Reached case &quot;112&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:384: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:387: <b>cond_false</b>: Condition &quot;li &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:387: <b>cond_false</b>: Condition &quot;li &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:389: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:391: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;111&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:392: <b>switch_case</b>: Reached case &quot;111&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:394: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:396: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:397: <b>cond_false</b>: Condition &quot;dev_offset &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:399: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:400: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;114&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:401: <b>switch_case</b>: Reached case &quot;114&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:404: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;114&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:401: <b>switch_case</b>: Reached case &quot;114&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:404: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_true</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:348: <b>switch</b>: Switch case value &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:405: <b>switch_case</b>: Reached case &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:407: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:408: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:409: <b>cond_false</b>: Condition &quot;partition &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:409: <b>cond_false</b>: Condition &quot;partition &gt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:410: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:411: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:449: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:347: <b>cond_false</b>: Condition &quot;(ch = getopt_long(argc, argv, sopt, lopt, &amp;opt_ind)) != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:450: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:452: <b>cond_false</b>: Condition &quot;argc - optind != 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:458: <b>cond_false</b>: Condition &quot;disconnect&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:470: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:472: <b>cond_false</b>: Condition &quot;device&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:522: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:524: <b>cond_false</b>: Condition &quot;device != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:527: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:534: <b>cond_false</b>: Condition &quot;(ret = bdrv_open(bs, srcpath, flags, NULL)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:537: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:541: <b>cond_true</b>: Condition &quot;partition != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:543: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:546: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:551: <b>cond_true</b>: Condition &quot;sockpath&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:555: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:557: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:559: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:561: <b>cond_false</b>: Condition &quot;device&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:569: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:580: <b>cond_false</b>: Condition &quot;chdir(&quot;/&quot;) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:582: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:585: <b>check_return</b>: Calling function &quot;main_loop_wait(0)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:478:5: <b>cond_true</b>: Condition &quot;nonblocking&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:480:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:482:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:496:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;os_host_main_loop_wait(timeout)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:298:5: <b>cond_true</b>: Condition &quot;timeout &lt; 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:304:5: <b>cond_true</b>: Condition &quot;timeout &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:308:5: <b>return_wrapper</b>: The function wraps and returns the value of &quot;select(nfds + 1, &amp;rfds, &amp;wfds, &amp;xfds, tvarg)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:310:5: <b>cond_true</b>: Condition &quot;timeout &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:314:5: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:314:5: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/main-loop.c:499:5: <b>cond_true</b>: Condition &quot;ret &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/qemu-nbd.c:585: <b>unchecked_value</b>: No check of the return value of &quot;main_loop_wait(0)&quot;.

<a name='def360'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def360'>[#def360]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:460: <b>cond_false</b>: Condition &quot;qemu_rbd_parsename(filename, pool, 128 /* sizeof (pool) */, snap_buf, 128 /* sizeof (snap_buf) */, s-&gt;name, 96 /* sizeof (s-&gt;name) */, conf, 1024 /* sizeof (conf) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:465: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:469: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:472: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:475: <b>cond_true</b>: Condition &quot;snap_buf[0] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:486: <b>cond_true</b>: Condition &quot;flags &amp; 0x20&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:488: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:496: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:498: <b>cond_false</b>: Condition &quot;strstr(conf, &quot;conf=&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:501: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:503: <b>cond_true</b>: Condition &quot;conf[0] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:505: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:508: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:512: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:515: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:518: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:521: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:524: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:527: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:529: <b>cond_true</b>: Condition &quot;s-&gt;snap != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:533: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:537: <b>check_return</b>: Calling function &quot;fcntl(s-&gt;fds[0], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/block/rbd.c:537: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(s-&gt;fds[0], 4, 2048)&quot;.

<a name='def361'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def361'>[#def361]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:460: <b>cond_false</b>: Condition &quot;qemu_rbd_parsename(filename, pool, 128 /* sizeof (pool) */, snap_buf, 128 /* sizeof (snap_buf) */, s-&gt;name, 96 /* sizeof (s-&gt;name) */, conf, 1024 /* sizeof (conf) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:465: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:469: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:472: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:475: <b>cond_true</b>: Condition &quot;snap_buf[0] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:486: <b>cond_true</b>: Condition &quot;flags &amp; 0x20&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:488: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:496: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:498: <b>cond_false</b>: Condition &quot;strstr(conf, &quot;conf=&quot;) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:501: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:503: <b>cond_true</b>: Condition &quot;conf[0] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:505: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:508: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:512: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:515: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:518: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:521: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:524: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:527: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:529: <b>cond_true</b>: Condition &quot;s-&gt;snap != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:533: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:538: <b>check_return</b>: Calling function &quot;fcntl(s-&gt;fds[1], 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/block/rbd.c:538: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(s-&gt;fds[1], 4, 2048)&quot;.

<a name='def362'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def362'>[#def362]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-aio.c:209: <b>cond_false</b>: Condition &quot;s-&gt;efd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-aio.c:210: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-aio.c:211: <b>check_return</b>: Calling function &quot;fcntl(s-&gt;efd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/linux-aio.c:211: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(s-&gt;efd, 4, 2048)&quot;.

<a name='def363'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def363'>[#def363]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1225y.c:56: <b>cond_true</b>: Condition &quot;s-&gt;file&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1225y.c:57: <b>check_return</b>: Calling function &quot;fseek(s-&gt;file, addr, 0)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/ds1225y.c:57: <b>unchecked_value</b>: No check of the return value of &quot;fseek(s-&gt;file, addr, 0)&quot;.

<a name='def364'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def364'>[#def364]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:161: <b>cond_false</b>: Condition &quot;__s == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:161: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:161: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:161: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:163: <b>cond_false</b>: Condition &quot;__s == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:163: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:163: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:163: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:176: <b>cond_true</b>: Condition &quot;cpu_model == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:184: <b>cond_false</b>: Condition &quot;cpu == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:187: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:196: <b>cond_false</b>: Condition &quot;ram_size &gt; (268435456UL /* 0x100 &lt;&lt; 20 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:201: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:214: <b>cond_true</b>: Condition &quot;bios_name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:217: <b>cond_true</b>: Condition &quot;filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:219: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:221: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:227: <b>cond_true</b>: Condition &quot;bios_size &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:227: <b>cond_true</b>: Condition &quot;bios_size &lt;= 4194304 /* 4 * 1024 * 1024 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:228: <b>cond_false</b>: Condition &quot;__s == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:228: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:228: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:228: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mips_r4k.c:234: <b>check_return</b>: Calling function &quot;load_image_targphys(char const *, target_phys_addr_t, uint64_t)&quot; without checking return value (as is done elsewhere 50 out of 60 times).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/an5206.c:73: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/an5206.c:77: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:400: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(info-&gt;kernel_filename, entry, info-&gt;ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:404: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/armv7m.c:238: <b>example_assign</b>: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 0UL, flash_size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/armv7m.c:241: <b>example_checked</b>: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cris-boot.c:79: <b>example_assign</b>: Assigning: &quot;image_size&quot; = return value from &quot;load_image_targphys(li-&gt;image_filename, 1073758208U, ram_size)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cris-boot.c:84: <b>example_checked</b>: &quot;image_size&quot; has its value checked in &quot;image_size &lt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/dummy_m68k.c:56: <b>example_assign</b>: Assigning: &quot;kernel_size&quot; = return value from &quot;load_image_targphys(kernel_filename, 65536U, ram_size - 65536UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/dummy_m68k.c:61: <b>example_checked</b>: &quot;kernel_size&quot; has its value checked in &quot;kernel_size &lt; 0&quot;.</span>
qemu-kvm-1.2.0/hw/mips_r4k.c:234: <b>unchecked_value</b>: No check of the return value of &quot;load_image_targphys(filename, 532676608UL, 4194304UL)&quot;.

<a name='def365'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def365'>[#def365]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:361: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:363: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:372: <b>cond_false</b>: Condition &quot;bind(so-&gt;s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:375: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:378: <b>check_return</b>: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/udp.c:378: <b>unchecked_value</b>: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.

<a name='def366'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def366'>[#def366]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:361: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:363: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:372: <b>cond_false</b>: Condition &quot;bind(so-&gt;s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:375: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:376: <b>check_return</b>: Calling function &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/udp.c:376: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot;.

<a name='def367'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def367'>[#def367]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:297: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:299: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:303: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:304: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:306: <b>check_return</b>: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:306: <b>unchecked_value</b>: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot;.

<a name='def368'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def368'>[#def368]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:297: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:299: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:303: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:304: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:309: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:314: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:316: <b>cond_true</b>: Condition &quot;src.sin_addr.s_addr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:318: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:318: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:320: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:320: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:322: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:297: <b>cond_false</b>: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:299: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:299: <b>cond_true</b>: Condition &quot;so-&gt;so_tcpcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:301: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:303: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:304: <b>cond_false</b>: Condition &quot;so-&gt;so_state &amp; (12288 /* 0x1000 | 0x2000 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:309: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:316: <b>cond_false</b>: Condition &quot;src.sin_addr.s_addr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:318: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:318: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:320: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:320: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:322: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:296: <b>cond_false</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:322: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:324: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;udb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:325: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; 0x1000&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:328: <b>check_return</b>: Calling function &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:328: <b>unchecked_value</b>: No check of the return value of &quot;getsockname(so-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;src}), &amp;src_len)&quot;.

<a name='def369'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def369'>[#def369]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:146: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:152: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:156: <b>check_return</b>: Calling function &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:156: <b>unchecked_value</b>: No check of the return value of &quot;getsockname(s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot;.

<a name='def370'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def370'>[#def370]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:146: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:201: <b>switch_default</b>: Reached default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:212: <b>cond_true</b>: Condition &quot;so-&gt;s &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:212: <b>cond_false</b>: Condition &quot;*__errno_location() == 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:217: <b>check_return</b>: Calling function &quot;setsockopt(so-&gt;s, 1, 10, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:217: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 10, (char *)&amp;opt, 4U)&quot;.

<a name='def371'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def371'>[#def371]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:146: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:201: <b>switch_default</b>: Reached default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:212: <b>cond_true</b>: Condition &quot;so-&gt;s &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:212: <b>cond_false</b>: Condition &quot;*__errno_location() == 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:215: <b>check_return</b>: Calling function &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:215: <b>unchecked_value</b>: No check of the return value of &quot;setsockopt(so-&gt;s, 1, 2, (char *)&amp;opt, 4U)&quot;.

<a name='def372'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def372'>[#def372]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:267: <b>check_return</b>: Calling function &quot;select(0, &amp;fdset, &amp;fdset, &amp;fdset, &amp;t)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/slirp/misc.c:267: <b>unchecked_value</b>: No check of the return value of &quot;select(0, &amp;fdset, &amp;fdset, &amp;fdset, &amp;t)&quot;.

<a name='def373'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def373'>[#def373]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:43: <b>cond_true</b>: Condition &quot;(fd = open(&quot;/dev/net/tun&quot;, 2)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:43: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:43: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:44: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:47: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:51: <b>cond_true</b>: Condition &quot;*vnet_hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:54: <b>cond_true</b>: Condition &quot;ioctl(fd, 2147767503UL /* (((2U &lt;&lt; 0 + 8 + 8 + 14) | (0x54 &lt;&lt; 0 + 8)) | (0xcf &lt;&lt; 0)) | (sizeof (unsigned int) &lt;&lt; 0 + 8 + 8) */, &amp;features) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:54: <b>cond_true</b>: Condition &quot;features &amp; 16384&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:58: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:60: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:62: <b>cond_true</b>: Condition &quot;vnet_hdr_required&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:62: <b>cond_false</b>: Condition &quot;!*vnet_hdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:67: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:70: <b>cond_true</b>: Condition &quot;ifname[0] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:71: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:73: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:75: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:83: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/tap-linux.c:85: <b>check_return</b>: Calling function &quot;fcntl(fd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/net/tap-linux.c:85: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(fd, 4, 2048)&quot;.

<a name='def374'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def374'>[#def374]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/sbuf.c:80: <b>cond_false</b>: Condition &quot;m-&gt;m_hdr.mh_len &lt;= 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/sbuf.c:83: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/sbuf.c:90: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/sbuf.c:93: <b>check_return</b>: Calling function &quot;sosendoob(so)&quot; without checking return value. It wraps a library function that may fail and return an error code.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:298:2: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:301:2: <b>cond_true</b>: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:303:3: <b>return_wrapper</b>: The function wraps and returns the value of &quot;slirp_send(so, sb-&gt;sb_rptr, so-&gt;so_urgc, 1)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828:2: <b>cond_true</b>: Condition &quot;so-&gt;s == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828:2: <b>cond_false</b>: Condition &quot;so-&gt;extra&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:831:2: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:833:2: <b>return_wrapper</b>: The function wraps and returns the value of &quot;send(so-&gt;s, buf, len, flags)&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:307:2: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:330:2: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:334:2: <b>cond_true</b>: Condition &quot;sb-&gt;sb_rptr &gt;= sb-&gt;sb_data + sb-&gt;sb_datalen&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/sbuf.c:93: <b>unchecked_value</b>: No check of the return value of &quot;sosendoob(so)&quot;.

<a name='def375'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def375'>[#def375]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:70: <b>cond_false</b>: Condition &quot;qemu_pipe(notifier_fds) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:73: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:75: <b>cond_false</b>: Condition &quot;!p-&gt;pool&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:78: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:80: <b>cond_false</b>: Condition &quot;!p-&gt;completed&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:87: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:91: <b>check_return</b>: Calling function &quot;fcntl(p-&gt;rfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:91: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(p-&gt;rfd, 4, 2048)&quot;.

<a name='def376'/><b>Error: <span style='background: #C0FF00;'>CHECKED_RETURN</span> (CWE-252):</b> <a href ='#def376'>[#def376]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:70: <b>cond_false</b>: Condition &quot;qemu_pipe(notifier_fds) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:73: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:75: <b>cond_false</b>: Condition &quot;!p-&gt;pool&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:78: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:80: <b>cond_false</b>: Condition &quot;!p-&gt;completed&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:87: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:92: <b>check_return</b>: Calling function &quot;fcntl(p-&gt;wfd, 4, 2048)&quot; without checking return value. This library function may fail and return an error code.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-coth.c:92: <b>unchecked_value</b>: No check of the return value of &quot;fcntl(p-&gt;wfd, 4, 2048)&quot;.

<a name='def377'/><b>Error: <span style='background: #C0FF00;'>CHROOT</span> (CWE-243):</b> <a href ='#def377'>[#def377]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;61&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5714: <b>switch_case</b>: Reached case &quot;61&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5715: <b>cond_false</b>: Condition &quot;!(p = lock_user_string(arg1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5716: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5717: <b>chroot_call</b>: Calling chroot: &quot;chroot(p)&quot;.</span>
qemu-kvm-1.2.0/linux-user/syscall.c:5717: <b>chroot</b>: Calling function &quot;get_errno(abi_long)&quot; after chroot() but before calling chdir(&quot;/&quot;).

<a name='def378'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def378'>[#def378]</a>
qemu-kvm-1.2.0/target-arm/helper.c:565: <b>result_independent_of_operands</b>: (ret &amp; (20 /* 0xa &lt;&lt; 1 */)) &gt;&gt; 5 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def379'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def379'>[#def379]</a>
qemu-kvm-1.2.0/hw/megasas.c:1222: <b>result_independent_of_operands</b>: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def380'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def380'>[#def380]</a>
qemu-kvm-1.2.0/hw/megasas.c:910: <b>result_independent_of_operands</b>: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def381'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def381'>[#def381]</a>
qemu-kvm-1.2.0/qapi/opts-visitor.c:287: <b>result_independent_of_operands</b>: -9223372036854775808LL /* -9223372036854775807L - 1 */ &lt;= val is always true regardless of the values of its operands. This occurs as the logical second operand of &apos;&amp;&amp;&apos;.

<a name='def382'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def382'>[#def382]</a>
qemu-kvm-1.2.0/hw/megasas.c:1105: <b>result_independent_of_operands</b>: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def383'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def383'>[#def383]</a>
qemu-kvm-1.2.0/hw/megasas.c:954: <b>result_independent_of_operands</b>: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def384'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def384'>[#def384]</a>
qemu-kvm-1.2.0/hw/megasas.c:695: <b>result_independent_of_operands</b>: (sdev-&gt;id &amp; 255) &gt;&gt; 8 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def385'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def385'>[#def385]</a>
qemu-kvm-1.2.0/hw/pxa2xx_lcd.c:622: <b>result_independent_of_operands</b>: *((uint16_t *)src) &amp; (16777216 /* 1 &lt;&lt; 24 */) is always 0 regardless of the values of its operands. This occurs as the operand of assignment.

<a name='def386'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def386'>[#def386]</a>
qemu-kvm-1.2.0/target-sh4/translate.c:1414: <b>result_independent_of_operands</b>: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.

<a name='def387'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def387'>[#def387]</a>
qemu-kvm-1.2.0/target-sh4/translate.c:1418: <b>result_independent_of_operands</b>: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.

<a name='def388'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def388'>[#def388]</a>
qemu-kvm-1.2.0/target-sh4/translate.c:1423: <b>result_independent_of_operands</b>: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.

<a name='def389'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def389'>[#def389]</a>
qemu-kvm-1.2.0/target-sh4/translate.c:1430: <b>result_independent_of_operands</b>: ((ctx-&gt;opcode &gt;&gt; 4) &amp; 7) &lt; 8 is always true regardless of the values of its operands. This occurs as the logical first operand of &apos;&amp;&amp;&apos;.

<a name='def390'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def390'>[#def390]</a>
qemu-kvm-1.2.0/target-s390x/int_helper.c:60: <b>result_independent_of_operands</b>: (__uint128_t)env-&gt;regs[r1] &lt;&lt; 64 is 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;.

<a name='def391'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def391'>[#def391]</a>
qemu-kvm-1.2.0/target-s390x/int_helper.c:40: <b>result_independent_of_operands</b>: res &gt;&gt; 64 is 0 regardless of the values of its operands. This occurs as the operand of assignment.

<a name='def392'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def392'>[#def392]</a>
qemu-kvm-1.2.0/hw/imx_ccm.c:156: <b>result_independent_of_operands</b>: (s-&gt;ccmr &amp; (6U /* 3 &lt;&lt; 1 */)) == 1 is always false regardless of the values of its operands. This occurs as the logical operand of if.

<a name='def393'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def393'>[#def393]</a>
qemu-kvm-1.2.0/hw/sun4c_intctl.c:129: <b>result_independent_of_operands</b>: s-&gt;reg &amp; 0x80000000U is always 0 regardless of the values of its operands. This occurs as the logical operand of &apos;!&apos;.

<a name='def394'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def394'>[#def394]</a>
qemu-kvm-1.2.0/hw/max111x.c:76: <b>missing_parentheses</b>: ((value &amp; 4294967279U /* ~(1 &lt;&lt; 4) */) &gt;&gt; 2 /* 2 + 0 */) &amp; 4 is always 0 regardless of the values of its operands. This occurs as the bitwise first operand of &apos;|&apos;. Did you intend to apply &apos;&amp;&apos; to 2 /* 2 + 0 */ and 4? If so, parentheses would be required to force this interpretation.

<a name='def395'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def395'>[#def395]</a>
qemu-kvm-1.2.0/hw/spapr_vscsi.c:574: <b>pointless_expression</b>: The expression cdb[1] &amp; 1 || cdb[1] &amp; 1 does not accomplish anything because it evaluates to either of its identical operands, cdb[1] &amp; 1.  Did you intend the operands to be different?

<a name='def396'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def396'>[#def396]</a>
qemu-kvm-1.2.0/buffered_file.c:226: <b>result_independent_of_operands</b>: new_rate &gt; 18446744073709551615UL is always false regardless of the values of its operands. This occurs as the logical operand of if.

<a name='def397'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def397'>[#def397]</a>
qemu-kvm-1.2.0/sparc-dis.c:3053: <b>result_independent_of_operands</b>: (unsigned int)((insn &gt;&gt; 14) &amp; 31) &lt; 32 is always true regardless of the values of its operands. This occurs as the logical operand of if.

<a name='def398'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def398'>[#def398]</a>
qemu-kvm-1.2.0/sparc-dis.c:3061: <b>result_independent_of_operands</b>: (unsigned int)((insn &gt;&gt; 25) &amp; 31) &lt; 32 is always true regardless of the values of its operands. This occurs as the logical operand of if.

<a name='def399'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def399'>[#def399]</a>
/usr/include/bits/stdio2.h:287: <b>pointless_expression</b>: The expression 1 /* !0 */ || 1 /* !0 */ does not accomplish anything because it evaluates to either of its identical operands, 1 /* !0 */.  Did you intend the operands to be different?

<a name='def400'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def400'>[#def400]</a>
qemu-kvm-1.2.0/target-i386/arch_memory_mapping.c:134: <b>result_independent_of_operands</b>: (pde &amp; 2088960) &lt;&lt; 19 is 0 regardless of the values of its operands. This occurs as the bitwise second operand of &apos;|&apos;.

<a name='def401'/><b>Error: <span style='background: #C0FF00;'>CONSTANT_EXPRESSION_RESULT</span> (CWE-569):</b> <a href ='#def401'>[#def401]</a>
qemu-kvm-1.2.0/hw/qdev-addr.c:52: <b>result_independent_of_operands</b>: (uint64_t)value &lt;= 18446744073709551615UL /* (uint64_t)~((target_phys_addr_t)0) */ is always true regardless of the values of its operands. This occurs as the logical operand of if.

<a name='def402'/><b>Error: <span style='background: #C0FF00;'>COPY_PASTE_ERROR</span>:</b> <a href ='#def402'>[#def402]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/seg_helper.c:128: <b>original</b>: &quot;lduw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + index + 2U) + guest_base))&quot; looks like the original copy.</span>
qemu-kvm-1.2.0/target-i386/seg_helper.c:131: <b>copy_paste_error</b>: &quot;lduw_le_p&quot; in &quot;lduw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + index + 4U) + guest_base))&quot; looks like a copy-paste error.  Should it say &quot;ldl_le_p&quot; instead?

<a name='def403'/><b>Error: <span style='background: #C0FF00;'>COPY_PASTE_ERROR</span>:</b> <a href ='#def403'>[#def403]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/seg_helper.c:352: <b>original</b>: &quot;stw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + (34 + i * 4)) + guest_base), env-&gt;segs[i].selector)&quot; looks like the original copy.</span>
qemu-kvm-1.2.0/target-i386/seg_helper.c:336: <b>copy_paste_error</b>: &quot;stw_le_p&quot; in &quot;stw_le_p((void *)((unsigned long)(target_ulong)(env-&gt;tr.base + (72 + i * 4)) + guest_base), env-&gt;segs[i].selector)&quot; looks like a copy-paste error.  Should it say &quot;stl_le_p&quot; instead?

<a name='def404'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def404'>[#def404]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/migration.c:122: <b>assignment</b>: Assigning: &quot;head&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/migration.c:128: <b>null</b>: At condition &quot;head == NULL&quot;, the value of &quot;head&quot; must be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/migration.c:128: <b>dead_error_condition</b>: The condition &quot;head == NULL&quot; must be true.</span>
qemu-kvm-1.2.0/migration.c:132: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;caps-&gt;next = g_malloc0(16UL);&quot;.

<a name='def405'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def405'>[#def405]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2404: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2403: <b>equality_cond</b>: Jumping to case &quot;6&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2407: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[6,6], [10,10]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2407: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2417: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def406'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def406'>[#def406]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2430: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2429: <b>equality_cond</b>: Jumping to case &quot;7&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2433: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[7,7], [11,11]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2433: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2442: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def407'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def407'>[#def407]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2352: <b>equality_cond</b>: Jumping to case &quot;4&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2353: <b>equality_cond</b>: Jumping to case &quot;8&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2356: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [8,8]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2356: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2366: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def408'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def408'>[#def408]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2377: <b>equality_cond</b>: Jumping to case &quot;5&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2378: <b>equality_cond</b>: Jumping to case &quot;9&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2381: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[5,5], [9,9]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2381: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2391: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def409'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def409'>[#def409]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def410'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def410'>[#def410]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def411'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def411'>[#def411]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2035: <b>assignment</b>: Assigning: &quot;rm&quot; = &quot;modrm &amp; 7&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2152: <b>between</b>: When switching on &quot;rm&quot;, the value of &quot;rm&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2152: <b>dead_error_condition</b>: The switch value &quot;rm&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:2178: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def412'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def412'>[#def412]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2208: <b>assignment</b>: Assigning: &quot;mod&quot; = &quot;(modrm &gt;&gt; 6) &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2222: <b>between</b>: When switching on &quot;mod&quot;, the value of &quot;mod&quot; must be between 0 and 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2209: <b>cond_cannot_single</b>: Condition &quot;mod == 3&quot;, taking false branch. Now the value of &quot;mod&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2222: <b>cannot_single</b>: When switching on &quot;mod&quot;, the value of &quot;mod&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2222: <b>dead_error_condition</b>: The switch value &quot;mod&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:2231: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def413'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def413'>[#def413]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2208: <b>assignment</b>: Assigning: &quot;mod&quot; = &quot;(modrm &gt;&gt; 6) &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2237: <b>between</b>: When switching on &quot;mod&quot;, the value of &quot;mod&quot; must be between 0 and 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2209: <b>cond_cannot_single</b>: Condition &quot;mod == 3&quot;, taking false branch. Now the value of &quot;mod&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2237: <b>cannot_single</b>: When switching on &quot;mod&quot;, the value of &quot;mod&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:2237: <b>dead_error_condition</b>: The switch value &quot;mod&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:2246: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def414'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def414'>[#def414]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:11077: <b>dead_error_condition</b>: The switch value &quot;(ctx-&gt;opcode &gt;&gt; 6) &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-mips/translate.c:11097: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def415'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def415'>[#def415]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:521: <b>assignment</b>: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:522: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:522: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/serial.c:523: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def416'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def416'>[#def416]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:374: <b>assignment</b>: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:376: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/serial.c:376: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/serial.c:377: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def417'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def417'>[#def417]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1305: <b>dead_error_condition</b>: The switch value &quot;(insn &gt;&gt; 25) &amp; 0xfU&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-unicore32/translate.c:1431: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def418'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def418'>[#def418]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/fpu_helper.c:260: <b>dead_error_condition</b>: The switch value &quot;(env-&gt;fpscr &gt;&gt; 0) &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-ppc/fpu_helper.c:273: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def419'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def419'>[#def419]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def420'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def420'>[#def420]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def421'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def421'>[#def421]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:143: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:144: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def422'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def422'>[#def422]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:557: <b>assignment</b>: Assigning: &quot;nslots&quot; = &quot;31&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:565: <b>const</b>: At condition &quot;nslots &lt; 1&quot;, the value of &quot;nslots&quot; must be equal to 31.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:565: <b>dead_error_condition</b>: The condition &quot;nslots &lt; 1&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/shpc.c:566: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return 0;&quot;.

<a name='def423'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def423'>[#def423]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:557: <b>assignment</b>: Assigning: &quot;nslots&quot; = &quot;31&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:568: <b>const</b>: At condition &quot;nslots &gt; 31&quot;, the value of &quot;nslots&quot; must be equal to 31.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:568: <b>dead_error_condition</b>: The condition &quot;nslots &gt; 31&quot; cannot be true.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:568: <b>const</b>: At condition &quot;nslots + 1 &gt; 32&quot;, the value of &quot;nslots&quot; must be equal to 31.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/shpc.c:568: <b>dead_error_condition</b>: The condition &quot;nslots + 1 &gt; 32&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/shpc.c:571: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return -22;&quot;.

<a name='def424'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def424'>[#def424]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4674: <b>assignment</b>: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 23U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 23.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 7U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 20U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 19.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_const</b>: Condition &quot;xop != 14U&quot;, taking false branch. Now the value of &quot;xop&quot; is equal to 14.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4911: <b>cond_const</b>: Condition &quot;xop &gt;= 32U&quot;, taking false branch. Now the value of &quot;xop&quot; is equal to 30.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4966: <b>intervals</b>: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be in one of the following intervals: {[4,7], [14,14], [20,23], [30,30]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4966: <b>dead_error_condition</b>: The switch value &quot;xop&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/translate.c:5056: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def425'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def425'>[#def425]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4674: <b>assignment</b>: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4911: <b>cond_between</b>: Condition &quot;xop &gt;= 32U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4911: <b>cond_between</b>: Condition &quot;xop &lt; 36U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 36 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:5059: <b>cond_between</b>: Condition &quot;xop &lt; 40U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 36 and 39.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:5063: <b>between</b>: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be between 36 and 39.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4683: <b>cond_cannot_single</b>: Condition &quot;xop == 60U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to 60.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4683: <b>cond_cannot_set</b>: Condition &quot;xop == 62U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {60, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_cannot_set</b>: Condition &quot;xop == 31U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_cannot_set</b>: Condition &quot;xop == 61U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4963: <b>cond_cannot_set</b>: Condition &quot;xop == 14U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {14, 31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4963: <b>cond_cannot_set</b>: Condition &quot;xop == 30U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {14, 30, 31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:5063: <b>cannot_set</b>: When switching on &quot;xop&quot;, the value of &quot;xop&quot; cannot be equal to any of {14, 30, 31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:5063: <b>dead_error_condition</b>: The switch value &quot;xop&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/translate.c:5114: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def426'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def426'>[#def426]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4674: <b>assignment</b>: Assigning: &quot;xop&quot; = &quot;(insn &gt;&gt; 19) &amp; 0x3fU&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 4U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 4 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 7U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 8 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt; 20U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 20 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 23U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 24 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &lt;= 29U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 63.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_between</b>: Condition &quot;xop &gt; 44U&quot;, taking false branch. Now the value of &quot;xop&quot; is between 30 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4911: <b>cond_between</b>: Condition &quot;xop &gt;= 32U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 44.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4911: <b>cond_between</b>: Condition &quot;xop &lt; 36U&quot;, taking true branch. Now the value of &quot;xop&quot; is between 32 and 35.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4915: <b>between</b>: When switching on &quot;xop&quot;, the value of &quot;xop&quot; must be between 32 and 35.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4683: <b>cond_cannot_single</b>: Condition &quot;xop == 60U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to 60.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4683: <b>cond_cannot_set</b>: Condition &quot;xop == 62U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {60, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_cannot_set</b>: Condition &quot;xop == 31U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4698: <b>cond_cannot_set</b>: Condition &quot;xop == 61U&quot;, taking false branch. Now the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4915: <b>cannot_set</b>: When switching on &quot;xop&quot;, the value of &quot;xop&quot; cannot be equal to any of {31, 60, 61, 62}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4915: <b>dead_error_condition</b>: The switch value &quot;xop&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/translate.c:4960: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def427'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def427'>[#def427]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def428'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def428'>[#def428]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def429'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def429'>[#def429]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def430'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def430'>[#def430]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def431'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def431'>[#def431]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1355: <b>assignment</b>: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1356: <b>null</b>: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1356: <b>dead_error_condition</b>: The condition &quot;k_platform&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1357: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;len = strlen(k_platform) + ...&quot;.

<a name='def432'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def432'>[#def432]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1355: <b>assignment</b>: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1382: <b>null</b>: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1382: <b>dead_error_condition</b>: The condition &quot;k_platform&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1383: <b>dead_error_line</b>: Execution cannot reach this statement &quot;size += 2;&quot;.

<a name='def433'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def433'>[#def433]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1355: <b>assignment</b>: Assigning: &quot;k_platform&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1420: <b>null</b>: At condition &quot;k_platform&quot;, the value of &quot;k_platform&quot; must be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1420: <b>dead_error_condition</b>: The condition &quot;k_platform&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1421: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;do {
  sp -= 4U;
  ({
    a...&quot;.

<a name='def434'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def434'>[#def434]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1439: <b>assignment</b>: Assigning: &quot;stack_adjust&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1453: <b>const</b>: At condition &quot;stack_adjust == 8&quot;, the value of &quot;stack_adjust&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1453: <b>dead_error_condition</b>: The condition &quot;stack_adjust == 8&quot; cannot be true.</span>
qemu-kvm-1.2.0/tcg/i386/tcg-target.c:1455: <b>dead_error_line</b>: Execution cannot reach this statement &quot;tcg_out_pop(s, 1);&quot;.

<a name='def435'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def435'>[#def435]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5110: <b>dead_error_condition</b>: The condition &quot;({...})&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:5111: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto badframe;&quot;.

<a name='def436'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def436'>[#def436]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5114: <b>dead_error_condition</b>: The condition &quot;({...})&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:5115: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto badframe;&quot;.

<a name='def437'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def437'>[#def437]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:479: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:482: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:482: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:482: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def438'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def438'>[#def438]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:479: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:487: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:487: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:487: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_MigrationStats(m...&quot;.

<a name='def439'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def439'>[#def439]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:479: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:492: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:492: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:492: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_MigrationStats(m...&quot;.

<a name='def440'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def440'>[#def440]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:479: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:497: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:497: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:497: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_XBZRLECacheStats...&quot;.

<a name='def441'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def441'>[#def441]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:479: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:502: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:502: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:502: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def442'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def442'>[#def442]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:29: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:32: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:32: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:32: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def443'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def443'>[#def443]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1331: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1355: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1355: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1355: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_PciDeviceInfoLis...&quot;.

<a name='def444'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def444'>[#def444]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1277: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1284: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1284: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1284: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def445'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def445'>[#def445]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1277: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1289: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1289: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1289: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def446'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def446'>[#def446]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1397: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1409: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1409: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1409: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def447'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def447'>[#def447]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1397: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1441: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1441: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1441: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def448'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def448'>[#def448]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1397: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1447: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1447: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1447: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_PciBridgeInfo(m,...&quot;.

<a name='def449'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def449'>[#def449]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1096: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1096: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1096: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def450'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def450'>[#def450]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1101: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1101: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1101: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def451'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def451'>[#def451]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1106: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1106: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1106: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def452'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def452'>[#def452]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1111: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1111: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1111: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def453'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def453'>[#def453]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1116: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1116: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1116: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def454'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def454'>[#def454]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1091: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1122: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1122: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1122: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_SpiceChannelList...&quot;.

<a name='def455'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def455'>[#def455]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:920: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:926: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:926: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:926: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def456'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def456'>[#def456]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:920: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:931: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:931: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:931: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def457'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def457'>[#def457]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1582: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1587: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1587: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1587: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def458'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def458'>[#def458]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1582: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1592: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1592: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1592: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_NewImageMode(m, ...&quot;.

<a name='def459'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def459'>[#def459]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2737: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2741: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2741: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2741: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def460'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def460'>[#def460]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:678: <b>assignment</b>: Assigning: &quot;fn&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:680: <b>const</b>: At condition &quot;fn&quot;, the value of &quot;fn&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_vscsi.c:680: <b>dead_error_condition</b>: The condition &quot;fn&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/spapr_vscsi.c:682: <b>dead_error_line</b>: Execution cannot reach this statement &quot;;&quot;.

<a name='def461'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def461'>[#def461]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/xilinx_axienet.c:538: <b>assignment</b>: Assigning: &quot;value&quot; &amp;= &quot;0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/xilinx_axienet.c:541: <b>const</b>: At condition &quot;value &amp; 0x40UL&quot;, the value of &quot;value&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/xilinx_axienet.c:541: <b>dead_error_condition</b>: The condition &quot;value &amp; 0x40UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/xilinx_axienet.c:542: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;miiclkdiv = value &amp; 0x3fUL;&quot;.

<a name='def462'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def462'>[#def462]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4921: <b>cond_const</b>: Condition &quot;err&quot;, taking false branch. Now the value of &quot;err&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4932: <b>assignment</b>: Assigning: &quot;err&quot; |= &quot;({...})&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4936: <b>assignment</b>: Assigning: &quot;err&quot; |= &quot;({...})&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4939: <b>const</b>: At condition &quot;err&quot;, the value of &quot;err&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4939: <b>dead_error_condition</b>: The condition &quot;err&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:4940: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.

<a name='def463'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def463'>[#def463]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:4925: <b>dead_error_condition</b>: The condition &quot;({...})&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:4926: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.

<a name='def464'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def464'>[#def464]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5062: <b>cond_const</b>: Condition &quot;err&quot;, taking false branch. Now the value of &quot;err&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5073: <b>assignment</b>: Assigning: &quot;err&quot; |= &quot;({...})&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5077: <b>assignment</b>: Assigning: &quot;err&quot; |= &quot;({...})&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5079: <b>assignment</b>: Assigning: &quot;err&quot; |= &quot;({...})&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5081: <b>const</b>: At condition &quot;err&quot;, the value of &quot;err&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5081: <b>dead_error_condition</b>: The condition &quot;err&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:5082: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.

<a name='def465'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def465'>[#def465]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:5066: <b>dead_error_condition</b>: The condition &quot;({...})&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/signal.c:5067: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto give_sigsegv;&quot;.

<a name='def466'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def466'>[#def466]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:260: <b>assignment</b>: Assigning: &quot;addr&quot; = &quot;(addr &gt;&gt; 9) &amp; 0xfUL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:261: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 15.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:261: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/cuda.c:316: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def467'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def467'>[#def467]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:332: <b>assignment</b>: Assigning: &quot;addr&quot; = &quot;(addr &gt;&gt; 9) &amp; 0xfUL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:335: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 15.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cuda.c:335: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/cuda.c:400: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def468'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def468'>[#def468]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def469'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def469'>[#def469]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def470'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def470'>[#def470]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:143: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:144: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def471'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def471'>[#def471]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat-macros.h:166: <b>cond_at_least</b>: Condition &quot;count &lt; 64L&quot;, taking false branch. Now the value of &quot;count&quot; is at least 64.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: <b>at_least</b>: At condition &quot;count &lt; 64L&quot;, the value of &quot;count&quot; must be at least 64.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat-macros.h:162: <b>cond_cannot_single</b>: Condition &quot;count == 0L&quot;, taking false branch. Now the value of &quot;count&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: <b>cannot_single</b>: At condition &quot;count &lt; 64L&quot;, the value of &quot;count&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: <b>dead_error_condition</b>: The condition &quot;count &lt; 64L&quot; cannot be true.</span>
qemu-kvm-1.2.0/fpu/softfloat-macros.h:171: <b>dead_error_line</b>: Execution cannot reach this expression &quot;a0 &gt;&gt; (count &amp; 0x3fL)&quot; inside statement &quot;z1 = ((count &lt; 64L) ? a0 &gt;&gt;...&quot;.

<a name='def472'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def472'>[#def472]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/helper.c:2030: <b>dead_error_condition</b>: The switch value &quot;desc &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/helper.c:2059: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def473'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def473'>[#def473]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/helper.c:2139: <b>dead_error_condition</b>: The switch value &quot;desc &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/helper.c:2153: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def474'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def474'>[#def474]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/cpus.c:944: <b>cond_null</b>: Condition &quot;penv&quot;, taking false branch. Now the value of &quot;penv&quot; is NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cpus.c:953: <b>null</b>: At condition &quot;penv&quot;, the value of &quot;penv&quot; must be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cpus.c:953: <b>dead_error_condition</b>: The condition &quot;penv&quot; cannot be true.</span>
qemu-kvm-1.2.0/cpus.c:954: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;penv-&gt;stop = 0U;&quot;.

<a name='def475'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def475'>[#def475]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:4375: <b>dead_error_condition</b>: The condition &quot;flags &amp; 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/syscall.c:4376: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return -22;&quot;.

<a name='def476'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def476'>[#def476]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def477'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def477'>[#def477]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def478'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def478'>[#def478]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def479'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def479'>[#def479]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:4957: <b>assignment</b>: Assigning: &quot;disp&quot; = &quot;0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5063: <b>cond_const</b>: Condition &quot;disp&quot;, taking false branch. Now the value of &quot;disp&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5063: <b>cond_at_least</b>: Condition &quot;disp&quot;, taking true branch. Now the value of &quot;disp&quot; is at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5066: <b>at_least</b>: At condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot;, the value of &quot;disp&quot; must be at least 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5066: <b>dead_error_condition</b>: The condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot; must be true.</span>
qemu-kvm-1.2.0/i386-dis.c:5071: <b>dead_error_line</b>: Execution cannot reach this statement &quot;if (modrm.mod != 1){
  *obu...&quot;.

<a name='def480'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def480'>[#def480]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:4957: <b>assignment</b>: Assigning: &quot;disp&quot; = &quot;0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5139: <b>cond_const</b>: Condition &quot;disp&quot;, taking false branch. Now the value of &quot;disp&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5139: <b>cond_at_least</b>: Condition &quot;disp&quot;, taking true branch. Now the value of &quot;disp&quot; is at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5142: <b>at_least</b>: At condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot;, the value of &quot;disp&quot; must be at least 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:5142: <b>dead_error_condition</b>: The condition &quot;(bfd_signed_vma)disp &gt;= 0L&quot; must be true.</span>
qemu-kvm-1.2.0/i386-dis.c:5147: <b>dead_error_line</b>: Execution cannot reach this statement &quot;if (modrm.mod != 1){
  *obu...&quot;.

<a name='def481'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def481'>[#def481]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc.c:826: <b>dead_error_condition</b>: The switch value &quot;(env-&gt;spr[986] &gt;&gt; 24) &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/ppc.c:839: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def482'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def482'>[#def482]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc.c:916: <b>dead_error_condition</b>: The switch value &quot;(env-&gt;spr[986] &gt;&gt; 30) &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/ppc.c:929: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def483'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def483'>[#def483]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/cc_helper.c:373: <b>cond_at_least</b>: Condition &quot;(int64_t)r == 0L&quot;, taking false branch. Now the value of &quot;r&quot; is at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: <b>at_least</b>: At condition &quot;(int64_t)r &lt; 0L&quot;, the value of &quot;r&quot; must be at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/cc_helper.c:373: <b>cond_cannot_single</b>: Condition &quot;(int64_t)r == 0L&quot;, taking false branch. Now the value of &quot;r&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: <b>cannot_single</b>: At condition &quot;(int64_t)r &lt; 0L&quot;, the value of &quot;r&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/cc_helper.c:375: <b>dead_error_condition</b>: The condition &quot;(int64_t)r &lt; 0L&quot; cannot be true.</span>
qemu-kvm-1.2.0/target-s390x/cc_helper.c:376: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return 1U;&quot;.

<a name='def484'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def484'>[#def484]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6629: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6631: <b>equality_cond</b>: Jumping to case &quot;0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6632: <b>equality_cond</b>: Jumping to case &quot;1U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6633: <b>equality_cond</b>: Jumping to case &quot;2U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6634: <b>equality_cond</b>: Jumping to case &quot;3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6646: <b>between</b>: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6646: <b>dead_error_condition</b>: The switch value &quot;i&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:6651: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def485'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def485'>[#def485]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6629: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6630: <b>between</b>: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6630: <b>dead_error_condition</b>: The switch value &quot;i&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:6635: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def486'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def486'>[#def486]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6671: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6673: <b>equality_cond</b>: Jumping to case &quot;0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6674: <b>equality_cond</b>: Jumping to case &quot;1U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6675: <b>equality_cond</b>: Jumping to case &quot;2U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6676: <b>equality_cond</b>: Jumping to case &quot;3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6687: <b>between</b>: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6687: <b>dead_error_condition</b>: The switch value &quot;i&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:6692: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def487'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def487'>[#def487]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6671: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;(insn &gt;&gt; 23) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6672: <b>between</b>: When switching on &quot;i&quot;, the value of &quot;i&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6672: <b>dead_error_condition</b>: The switch value &quot;i&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:6677: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def488'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def488'>[#def488]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6949: <b>assignment</b>: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 0xfU&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6980: <b>cond_const</b>: Condition &quot;op1 != 13U&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 13.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6980: <b>cond_const</b>: Condition &quot;op1 != 15U&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 15.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6987: <b>between</b>: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 15.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:6987: <b>dead_error_condition</b>: The switch value &quot;op1&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:7113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def489'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def489'>[#def489]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7201: <b>assignment</b>: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7202: <b>cond_const</b>: Condition &quot;op1&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7202: <b>cond_between</b>: Condition &quot;op1&quot;, taking true branch. Now the value of &quot;op1&quot; is between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7209: <b>between</b>: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7209: <b>dead_error_condition</b>: The switch value &quot;op1&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:7222: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def490'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def490'>[#def490]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7201: <b>assignment</b>: Assigning: &quot;op1&quot; = &quot;(insn &gt;&gt; 21) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7202: <b>cond_const</b>: Condition &quot;op1&quot;, taking false branch. Now the value of &quot;op1&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7202: <b>cond_between</b>: Condition &quot;op1&quot;, taking true branch. Now the value of &quot;op1&quot; is between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7227: <b>between</b>: When switching on &quot;op1&quot;, the value of &quot;op1&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7227: <b>dead_error_condition</b>: The switch value &quot;op1&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:7240: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def491'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def491'>[#def491]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7132: <b>assignment</b>: Assigning: &quot;sh&quot; = &quot;(insn &gt;&gt; 5) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7133: <b>cond_between</b>: Condition &quot;sh == 0U&quot;, taking false branch. Now the value of &quot;sh&quot; is between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7277: <b>between</b>: When switching on &quot;sh&quot;, the value of &quot;sh&quot; must be between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7133: <b>cond_cannot_single</b>: Condition &quot;sh == 0U&quot;, taking false branch. Now the value of &quot;sh&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7277: <b>cannot_single</b>: When switching on &quot;sh&quot;, the value of &quot;sh&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7277: <b>dead_error_condition</b>: The switch value &quot;sh&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:7284: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def492'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def492'>[#def492]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:475: <b>assignment</b>: Assigning: &quot;saddr&quot; = &quot;(addr &gt;&gt; serial-&gt;it_shift) &amp; 1UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:478: <b>between</b>: When switching on &quot;saddr&quot;, the value of &quot;saddr&quot; must be between 0 and 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:478: <b>dead_error_condition</b>: The switch value &quot;saddr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/escc.c:563: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def493'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def493'>[#def493]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:577: <b>assignment</b>: Assigning: &quot;saddr&quot; = &quot;(addr &gt;&gt; serial-&gt;it_shift) &amp; 1UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:580: <b>between</b>: When switching on &quot;saddr&quot;, the value of &quot;saddr&quot; must be between 0 and 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/escc.c:580: <b>dead_error_condition</b>: The switch value &quot;saddr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/escc.c:597: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def494'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def494'>[#def494]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3939: <b>assignment</b>: Assigning: &quot;nregs&quot; = &quot;((insn &gt;&gt; 8) &amp; 3U) + 1U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3941: <b>between</b>: When switching on &quot;nregs&quot;, the value of &quot;nregs&quot; must be between 1 and 4.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3941: <b>dead_error_condition</b>: The switch value &quot;nregs&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:3963: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def495'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def495'>[#def495]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3870: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;(insn &gt;&gt; 10) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3924: <b>equality_cond</b>: Jumping to case &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3978: <b>equality_cond</b>: Jumping to case &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3928: <b>equality_cond</b>: Jumping to case &quot;1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3981: <b>equality_cond</b>: Jumping to case &quot;1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3932: <b>equality_cond</b>: Jumping to case &quot;2&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3984: <b>equality_cond</b>: Jumping to case &quot;2&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3977: <b>between</b>: When switching on &quot;size&quot;, the value of &quot;size&quot; must be between 0 and 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3977: <b>dead_error_condition</b>: The switch value &quot;size&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:3987: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def496'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def496'>[#def496]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3870: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;(insn &gt;&gt; 10) &amp; 3U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3923: <b>between</b>: When switching on &quot;size&quot;, the value of &quot;size&quot; must be between 0 and 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3871: <b>cond_cannot_single</b>: Condition &quot;size == 3&quot;, taking false branch. Now the value of &quot;size&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3923: <b>cannot_single</b>: When switching on &quot;size&quot;, the value of &quot;size&quot; cannot be equal to 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:3923: <b>dead_error_condition</b>: The switch value &quot;size&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:3936: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def497'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def497'>[#def497]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def498'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def498'>[#def498]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def499'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def499'>[#def499]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def500'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def500'>[#def500]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def501'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def501'>[#def501]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1590: <b>assignment</b>: Assigning: &quot;addr&quot; = &quot;addr1 &amp; 7U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1594: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1594: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1645: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def502'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def502'>[#def502]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1593: <b>assignment</b>: Assigning: &quot;hob&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1602: <b>const</b>: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1602: <b>dead_error_condition</b>: The condition &quot;!hob&quot; must be true.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1605: <b>dead_error_line</b>: Execution cannot reach this statement &quot;ret = s-&gt;hob_feature;&quot;.

<a name='def503'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def503'>[#def503]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1593: <b>assignment</b>: Assigning: &quot;hob&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1610: <b>const</b>: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1610: <b>dead_error_condition</b>: The condition &quot;!hob&quot; must be true.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1613: <b>dead_error_line</b>: Execution cannot reach this statement &quot;ret = s-&gt;hob_nsector;&quot;.

<a name='def504'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def504'>[#def504]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1593: <b>assignment</b>: Assigning: &quot;hob&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1618: <b>const</b>: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1618: <b>dead_error_condition</b>: The condition &quot;!hob&quot; must be true.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1621: <b>dead_error_line</b>: Execution cannot reach this statement &quot;ret = s-&gt;hob_sector;&quot;.

<a name='def505'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def505'>[#def505]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1593: <b>assignment</b>: Assigning: &quot;hob&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1626: <b>const</b>: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1626: <b>dead_error_condition</b>: The condition &quot;!hob&quot; must be true.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1629: <b>dead_error_line</b>: Execution cannot reach this statement &quot;ret = s-&gt;hob_lcyl;&quot;.

<a name='def506'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def506'>[#def506]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1593: <b>assignment</b>: Assigning: &quot;hob&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1634: <b>const</b>: At condition &quot;hob&quot;, the value of &quot;hob&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:1634: <b>dead_error_condition</b>: The condition &quot;!hob&quot; must be true.</span>
qemu-kvm-1.2.0/hw/ide/core.c:1637: <b>dead_error_line</b>: Execution cannot reach this statement &quot;ret = s-&gt;hob_hcyl;&quot;.

<a name='def507'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def507'>[#def507]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:914: <b>assignment</b>: Assigning: &quot;addr&quot; &amp;= &quot;7U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:917: <b>cond_const</b>: Condition &quot;addr != 7U&quot;, taking false branch. Now the value of &quot;addr&quot; is equal to 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:920: <b>between</b>: When switching on &quot;addr&quot;, the value of &quot;addr&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/core.c:920: <b>dead_error_condition</b>: The switch value &quot;addr&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/ide/core.c:966: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def508'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def508'>[#def508]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1168: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1168: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1168: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def509'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def509'>[#def509]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1173: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1173: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1173: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def510'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def510'>[#def510]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1178: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1178: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1178: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def511'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def511'>[#def511]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1183: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1183: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1183: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def512'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def512'>[#def512]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1188: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1188: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1188: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def513'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def513'>[#def513]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1164: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1193: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1193: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1193: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def514'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def514'>[#def514]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:699: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:705: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:705: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:705: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def515'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def515'>[#def515]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:761: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:768: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:768: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:768: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockDeviceInfo(...&quot;.

<a name='def516'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def516'>[#def516]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:761: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:773: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:773: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:773: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def517'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def517'>[#def517]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:761: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:778: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:778: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:778: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockDeviceIoSta...&quot;.

<a name='def518'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def518'>[#def518]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:869: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:872: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:872: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:872: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def519'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def519'>[#def519]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:869: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:878: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:878: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:878: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_BlockStats(m, (o...&quot;.

<a name='def520'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def520'>[#def520]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:635: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:641: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:641: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:641: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def521'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def521'>[#def521]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:635: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:646: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:646: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:646: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def522'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def522'>[#def522]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:635: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:651: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:651: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:651: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def523'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def523'>[#def523]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:635: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:656: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:656: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:656: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int(m, (obj ? &amp;(...&quot;.

<a name='def524'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def524'>[#def524]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:973: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:977: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:977: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:977: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def525'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def525'>[#def525]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:973: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:982: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:982: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:982: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def526'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def526'>[#def526]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:973: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:987: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:987: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:987: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def527'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def527'>[#def527]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:973: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:992: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:992: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:992: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def528'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def528'>[#def528]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:973: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:997: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:997: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:997: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_VncClientInfoLis...&quot;.

<a name='def529'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def529'>[#def529]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1854: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1857: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1857: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1857: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def530'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def530'>[#def530]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1854: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1862: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1862: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1862: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def531'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def531'>[#def531]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1854: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1867: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1867: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1867: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def532'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def532'>[#def532]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1854: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1872: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1872: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1872: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def533'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def533'>[#def533]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1854: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1877: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1877: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1877: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint32(m, (obj ?...&quot;.

<a name='def534'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def534'>[#def534]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2335: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2338: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2338: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2338: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def535'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def535'>[#def535]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2335: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2343: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2343: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2343: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def536'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def536'>[#def536]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2285: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2288: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2288: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2288: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_size(m, (obj ? &amp;...&quot;.

<a name='def537'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def537'>[#def537]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2285: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2293: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2293: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2293: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def538'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def538'>[#def538]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2158: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2158: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2158: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def539'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def539'>[#def539]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2163: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2163: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2163: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def540'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def540'>[#def540]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2168: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2168: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2168: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def541'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def541'>[#def541]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2173: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2173: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2173: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def542'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def542'>[#def542]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2178: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2178: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2178: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def543'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def543'>[#def543]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2155: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2183: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2183: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2183: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def544'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def544'>[#def544]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2068: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2068: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2068: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def545'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def545'>[#def545]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2073: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2073: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2073: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def546'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def546'>[#def546]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2078: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2078: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2078: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def547'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def547'>[#def547]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2083: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2083: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2083: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def548'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def548'>[#def548]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2088: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2088: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2088: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def549'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def549'>[#def549]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2093: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2093: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2093: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_size(m, (obj ? &amp;...&quot;.

<a name='def550'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def550'>[#def550]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2098: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2098: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2098: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def551'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def551'>[#def551]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2103: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2103: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2103: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def552'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def552'>[#def552]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2108: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2108: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2108: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def553'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def553'>[#def553]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2065: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2113: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2113: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2113: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def554'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def554'>[#def554]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1963: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1963: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1963: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def555'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def555'>[#def555]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1968: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1968: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1968: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def556'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def556'>[#def556]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1973: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1973: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1973: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def557'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def557'>[#def557]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1978: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1978: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1978: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def558'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def558'>[#def558]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1983: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1983: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1983: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def559'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def559'>[#def559]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1988: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1988: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1988: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def560'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def560'>[#def560]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1993: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1993: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1993: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def561'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def561'>[#def561]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1998: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1998: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:1998: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def562'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def562'>[#def562]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2003: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2003: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2003: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def563'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def563'>[#def563]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2008: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2008: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2008: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def564'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def564'>[#def564]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2013: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2013: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2013: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def565'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def565'>[#def565]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2018: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2018: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2018: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_StringList(m, (o...&quot;.

<a name='def566'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def566'>[#def566]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:1960: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2023: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2023: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2023: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_StringList(m, (o...&quot;.

<a name='def567'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def567'>[#def567]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2225: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2228: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2228: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2228: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def568'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def568'>[#def568]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2225: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2233: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2233: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2233: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint16(m, (obj ?...&quot;.

<a name='def569'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def569'>[#def569]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2225: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2238: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2238: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2238: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def570'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def570'>[#def570]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2225: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2243: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2243: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2243: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_uint16(m, (obj ?...&quot;.

<a name='def571'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def571'>[#def571]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2505: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2508: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2508: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2508: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_int32(m, (obj ? ...&quot;.

<a name='def572'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def572'>[#def572]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2505: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2513: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2513: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2513: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def573'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def573'>[#def573]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2505: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2518: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2518: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2518: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def574'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def574'>[#def574]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2603: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2607: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2607: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2607: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def575'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def575'>[#def575]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2603: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2612: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qapi-visit.c:2612: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qapi-visit.c:2612: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_bool(m, (obj ? &amp;...&quot;.

<a name='def576'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def576'>[#def576]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1494: <b>assignment</b>: Assigning: &quot;fpu_insn&quot; = &quot;(dc-&gt;ir &gt;&gt; 7) &amp; 7U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1496: <b>between</b>: When switching on &quot;fpu_insn&quot;, the value of &quot;fpu_insn&quot; must be between 0 and 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1496: <b>dead_error_condition</b>: The switch value &quot;fpu_insn&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-microblaze/translate.c:1578: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def577'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def577'>[#def577]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:650: <b>assignment</b>: Assigning: &quot;subcode&quot; = &quot;dc-&gt;imm &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:661: <b>cond_const</b>: Condition &quot;subcode &gt;= 1U&quot;, taking false branch. Now the value of &quot;subcode&quot; is equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:661: <b>cond_between</b>: Condition &quot;subcode &gt;= 1U&quot;, taking true branch. Now the value of &quot;subcode&quot; is between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:666: <b>between</b>: When switching on &quot;subcode&quot;, the value of &quot;subcode&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:666: <b>dead_error_condition</b>: The switch value &quot;subcode&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-microblaze/translate.c:683: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def578'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def578'>[#def578]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3082: <b>equality_cond</b>: Jumping to case &quot;14&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3083: <b>equality_cond</b>: Jumping to case &quot;30&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3084: <b>equality_cond</b>: Jumping to case &quot;31&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3089: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[14,14], [30,31]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3089: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3099: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def579'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def579'>[#def579]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3173: <b>equality_cond</b>: Jumping to case &quot;148&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3174: <b>equality_cond</b>: Jumping to case &quot;149&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3175: <b>equality_cond</b>: Jumping to case &quot;150&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3178: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 148 and 150.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3178: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3188: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def580'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def580'>[#def580]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3194: <b>equality_cond</b>: Jumping to case &quot;152&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3195: <b>equality_cond</b>: Jumping to case &quot;153&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3196: <b>equality_cond</b>: Jumping to case &quot;154&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3200: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 152 and 154.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3200: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3210: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def581'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def581'>[#def581]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3218: <b>equality_cond</b>: Jumping to case &quot;164&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3219: <b>equality_cond</b>: Jumping to case &quot;165&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3222: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 164 and 165.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3222: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3229: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def582'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def582'>[#def582]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1522: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1523: <b>equality_cond</b>: Jumping to case &quot;24&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1524: <b>equality_cond</b>: Jumping to case &quot;26&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1521: <b>equality_cond</b>: Jumping to case &quot;8&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1539: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[8,8], [10,10], [24,24], [26,26]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1539: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1548: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def583'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def583'>[#def583]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1556: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1557: <b>equality_cond</b>: Jumping to case &quot;25&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1558: <b>equality_cond</b>: Jumping to case &quot;27&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1555: <b>equality_cond</b>: Jumping to case &quot;9&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1571: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[9,9], [11,11], [25,25], [27,27]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1571: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1580: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def584'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def584'>[#def584]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1760: <b>equality_cond</b>: Jumping to case &quot;118&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1761: <b>equality_cond</b>: Jumping to case &quot;119&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1764: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 118 and 119.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1764: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1773: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def585'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def585'>[#def585]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1784: <b>equality_cond</b>: Jumping to case &quot;128&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1785: <b>equality_cond</b>: Jumping to case &quot;129&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1786: <b>equality_cond</b>: Jumping to case &quot;130&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1789: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 128 and 130.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1789: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1799: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def586'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def586'>[#def586]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1637: <b>equality_cond</b>: Jumping to case &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1643: <b>equality_cond</b>: Jumping to case &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1638: <b>equality_cond</b>: Jumping to case &quot;33&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1644: <b>equality_cond</b>: Jumping to case &quot;33&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1639: <b>equality_cond</b>: Jumping to case &quot;48&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1647: <b>equality_cond</b>: Jumping to case &quot;48&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1640: <b>equality_cond</b>: Jumping to case &quot;49&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1650: <b>equality_cond</b>: Jumping to case &quot;49&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1656: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[32,33], [48,49]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1656: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1665: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def587'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def587'>[#def587]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1637: <b>equality_cond</b>: Jumping to case &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1638: <b>equality_cond</b>: Jumping to case &quot;33&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1639: <b>equality_cond</b>: Jumping to case &quot;48&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1640: <b>equality_cond</b>: Jumping to case &quot;49&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1642: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[32,33], [48,49]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1642: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1653: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def588'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def588'>[#def588]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1709: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1719: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1710: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1722: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1729: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 90 and 91.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1729: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1736: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def589'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def589'>[#def589]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1709: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1710: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1718: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 90 and 91.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1718: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:1725: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def590'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def590'>[#def590]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1978: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1979: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1976: <b>equality_cond</b>: Jumping to case &quot;12&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1977: <b>equality_cond</b>: Jumping to case &quot;13&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1980: <b>equality_cond</b>: Jumping to case &quot;28&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1987: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[10,13], [28,28]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:1987: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2012: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def591'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def591'>[#def591]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2049: <b>equality_cond</b>: Jumping to case &quot;150&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2062: <b>equality_cond</b>: Jumping to case &quot;150&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2045: <b>equality_cond</b>: Jumping to case &quot;36&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2075: <b>equality_cond</b>: Jumping to case &quot;36&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2048: <b>equality_cond</b>: Jumping to case &quot;38&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2078: <b>equality_cond</b>: Jumping to case &quot;38&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2044: <b>equality_cond</b>: Jumping to case &quot;4&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2059: <b>equality_cond</b>: Jumping to case &quot;4&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2058: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [36,36], [38,38], [150,150]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2058: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2084: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def592'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def592'>[#def592]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2021: <b>equality_cond</b>: Jumping to case &quot;29&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2031: <b>const</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be equal to 29.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:2031: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:2035: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def593'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def593'>[#def593]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def594'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def594'>[#def594]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def595'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def595'>[#def595]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:288: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:289: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def596'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def596'>[#def596]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qdev-monitor.c:434: <b>cond_notnull</b>: Condition &quot;bus&quot;, taking true branch. Now the value of &quot;bus&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qdev-monitor.c:455: <b>notnull</b>: At condition &quot;bus&quot;, the value of &quot;bus&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qdev-monitor.c:455: <b>dead_error_condition</b>: The condition &quot;!bus&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/qdev-monitor.c:456: <b>dead_error_line</b>: Execution cannot reach this statement &quot;bus = sysbus_get_default();&quot;.

<a name='def597'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def597'>[#def597]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:524: <b>dead_error_condition</b>: The switch value &quot;idx &amp; 3&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:534: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def598'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def598'>[#def598]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvmvapic.c:513: <b>assignment</b>: Assigning: &quot;patches&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvmvapic.c:546: <b>const</b>: At condition &quot;patches != 0&quot;, the value of &quot;patches&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvmvapic.c:546: <b>dead_error_condition</b>: The condition &quot;patches != 0&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/kvmvapic.c:546: <b>dead_error_line</b>: Execution cannot reach this expression &quot;patches != 2&quot; inside statement &quot;if (patches != 0 &amp;&amp; patches...&quot;.

<a name='def599'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def599'>[#def599]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:563: <b>dead_error_condition</b>: The switch value &quot;idx &amp; 3&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:573: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def600'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def600'>[#def600]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3538: <b>cond_const</b>: Condition &quot;op != 37&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 37.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3538: <b>cond_const</b>: Condition &quot;op != 42&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 42.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3538: <b>cond_const</b>: Condition &quot;op != 47&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 47.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3542: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[37,37], [42,42], [47,47]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3542: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/monitor.c:3543: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def601'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def601'>[#def601]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3569: <b>cond_const</b>: Condition &quot;op != 124&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 124.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3569: <b>cond_const</b>: Condition &quot;op != 38&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 38.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3569: <b>cond_const</b>: Condition &quot;op != 94&quot;, taking false branch. Now the value of &quot;op&quot; is equal to 94.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3573: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[38,38], [94,94], [124,124]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:3573: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/monitor.c:3574: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def602'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def602'>[#def602]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8385: <b>equality_cond</b>: Jumping to case &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8386: <b>equality_cond</b>: Jumping to case &quot;1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8400: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8389: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8403: <b>equality_cond</b>: Jumping to case &quot;12&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8404: <b>equality_cond</b>: Jumping to case &quot;13&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8407: <b>equality_cond</b>: Jumping to case &quot;14&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8387: <b>equality_cond</b>: Jumping to case &quot;2&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8388: <b>equality_cond</b>: Jumping to case &quot;3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8392: <b>equality_cond</b>: Jumping to case &quot;4&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8393: <b>equality_cond</b>: Jumping to case &quot;5&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8394: <b>equality_cond</b>: Jumping to case &quot;6&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8395: <b>equality_cond</b>: Jumping to case &quot;7&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8398: <b>equality_cond</b>: Jumping to case &quot;8&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8399: <b>equality_cond</b>: Jumping to case &quot;9&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8479: <b>between</b>: When switching on &quot;aregs&quot;, the value of &quot;aregs&quot; must be between 0 and 14.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:8479: <b>dead_error_condition</b>: The switch value &quot;aregs&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-mips/translate.c:8505: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def603'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def603'>[#def603]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2740: <b>equality_cond</b>: Jumping to case &quot;1342177280U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2772: <b>equality_cond</b>: Jumping to case &quot;134217728U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2742: <b>equality_cond</b>: Jumping to case &quot;1409286144U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2759: <b>equality_cond</b>: Jumping to case &quot;1476395008U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2757: <b>equality_cond</b>: Jumping to case &quot;1543503872U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2774: <b>equality_cond</b>: Jumping to case &quot;1946157056U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2776: <b>equality_cond</b>: Jumping to case &quot;1946157061U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2773: <b>equality_cond</b>: Jumping to case &quot;201326592U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2775: <b>equality_cond</b>: Jumping to case &quot;201326597U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2739: <b>equality_cond</b>: Jumping to case &quot;268435456U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2782: <b>equality_cond</b>: Jumping to case &quot;329U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2741: <b>equality_cond</b>: Jumping to case &quot;335544320U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2783: <b>equality_cond</b>: Jumping to case &quot;336U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2758: <b>equality_cond</b>: Jumping to case &quot;402653184U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2756: <b>equality_cond</b>: Jumping to case &quot;469762048U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2760: <b>equality_cond</b>: Jumping to case &quot;67108864U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2751: <b>equality_cond</b>: Jumping to case &quot;67174400U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2764: <b>equality_cond</b>: Jumping to case &quot;67239936U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2755: <b>equality_cond</b>: Jumping to case &quot;67305472U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2761: <b>equality_cond</b>: Jumping to case &quot;68157440U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2762: <b>equality_cond</b>: Jumping to case &quot;68157445U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2752: <b>equality_cond</b>: Jumping to case &quot;68222976U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2753: <b>equality_cond</b>: Jumping to case &quot;68222981U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2763: <b>equality_cond</b>: Jumping to case &quot;68288512U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2754: <b>equality_cond</b>: Jumping to case &quot;68354048U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2780: <b>equality_cond</b>: Jumping to case &quot;8U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2781: <b>equality_cond</b>: Jumping to case &quot;9U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2801: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[8,9], [329,329], [336,336], [67108864,67108864], [67174400,67174400], [67239936,67239936], [67305472,67305472], [68157440,68157440], [68157445,68157445], [68222976,68222976], [68222981,68222981], [68288512,68288512], [68354048,68354048], [134217728,134217728], [201326592,201326592], [201326597,201326597], [268435456,268435456], [335544320,335544320], [402653184,402653184], [469762048,469762048], [1342177280,1342177280], [1409286144,1409286144], [1476395008,1476395008], [1543503872,1543503872], [1946157056,1946157056], [1946157061,1946157061]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2801: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-mips/translate.c:2887: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def604'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def604'>[#def604]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2740: <b>equality_cond</b>: Jumping to case &quot;1342177280U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2742: <b>equality_cond</b>: Jumping to case &quot;1409286144U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2759: <b>equality_cond</b>: Jumping to case &quot;1476395008U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2757: <b>equality_cond</b>: Jumping to case &quot;1543503872U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2739: <b>equality_cond</b>: Jumping to case &quot;268435456U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2741: <b>equality_cond</b>: Jumping to case &quot;335544320U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2758: <b>equality_cond</b>: Jumping to case &quot;402653184U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2756: <b>equality_cond</b>: Jumping to case &quot;469762048U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2760: <b>equality_cond</b>: Jumping to case &quot;67108864U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2751: <b>equality_cond</b>: Jumping to case &quot;67174400U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2764: <b>equality_cond</b>: Jumping to case &quot;67239936U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2755: <b>equality_cond</b>: Jumping to case &quot;67305472U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2761: <b>equality_cond</b>: Jumping to case &quot;68157440U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2762: <b>equality_cond</b>: Jumping to case &quot;68157445U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2752: <b>equality_cond</b>: Jumping to case &quot;68222976U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2753: <b>equality_cond</b>: Jumping to case &quot;68222981U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2763: <b>equality_cond</b>: Jumping to case &quot;68288512U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2754: <b>equality_cond</b>: Jumping to case &quot;68354048U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2893: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[67108864,67108864], [67174400,67174400], [67239936,67239936], [67305472,67305472], [68157440,68157440], [68157445,68157445], [68222976,68222976], [68222981,68222981], [68288512,68288512], [68354048,68354048], [268435456,268435456], [335544320,335544320], [402653184,402653184], [469762048,469762048], [1342177280,1342177280], [1409286144,1409286144], [1476395008,1476395008], [1543503872,1543503872]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:2893: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-mips/translate.c:2978: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def605'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def605'>[#def605]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:3609: <b>equality_cond</b>: Jumping to case &quot;298&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:3608: <b>equality_cond</b>: Jumping to case &quot;42&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:3622: <b>intervals</b>: When switching on &quot;b &gt;&gt; 8&quot;, the value of &quot;b&quot; must be in one of the following intervals: {[42,42], [298,298]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:3622: <b>dead_error_condition</b>: The switch value &quot;b &gt;&gt; 8&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-i386/translate.c:3626: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def606'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def606'>[#def606]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3337: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3336: <b>equality_cond</b>: Jumping to case &quot;8&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3343: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[8,8], [10,10]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3343: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3350: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def607'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def607'>[#def607]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3358: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3360: <b>equality_cond</b>: Jumping to case &quot;25&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3369: <b>equality_cond</b>: Jumping to case &quot;25&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3359: <b>equality_cond</b>: Jumping to case &quot;27&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3363: <b>equality_cond</b>: Jumping to case &quot;27&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3357: <b>equality_cond</b>: Jumping to case &quot;9&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3382: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[9,9], [11,11], [25,25], [27,27]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3382: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3391: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def608'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def608'>[#def608]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3521: <b>equality_cond</b>: Jumping to case &quot;128&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3522: <b>equality_cond</b>: Jumping to case &quot;129&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3523: <b>equality_cond</b>: Jumping to case &quot;130&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3526: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 128 and 130.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3526: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3536: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def609'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def609'>[#def609]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3718: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3719: <b>equality_cond</b>: Jumping to case &quot;13&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3717: <b>equality_cond</b>: Jumping to case &quot;7&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3721: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[7,7], [11,11], [13,13]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3721: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3731: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def610'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def610'>[#def610]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3780: <b>equality_cond</b>: Jumping to case &quot;10&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3779: <b>equality_cond</b>: Jumping to case &quot;4&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3784: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[4,4], [10,10]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3784: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3793: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def611'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def611'>[#def611]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3802: <b>equality_cond</b>: Jumping to case &quot;11&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3801: <b>equality_cond</b>: Jumping to case &quot;5&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3806: <b>intervals</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be in one of the following intervals: {[5,5], [11,11]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:3806: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:3815: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def612'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def612'>[#def612]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def613'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def613'>[#def613]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def614'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def614'>[#def614]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6578: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6593: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6608: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6623: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6976: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6992: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:7008: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:7024: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;BINOP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6561: <b>assignment</b>: Assigning: &quot;optype&quot; = &quot;OTHEROP&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:7746: <b>intervals</b>: When switching on &quot;optype&quot;, the value of &quot;optype&quot; must be in one of the following intervals: {[0,0], [2,2]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:7750: <b>dead_error_condition</b>: The switch value &quot;optype&quot; cannot be &quot;CMPOP&quot;.</span>
qemu-kvm-1.2.0/target-mips/translate.c:7750: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case CMPOP:&quot;.

<a name='def615'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def615'>[#def615]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:587: <b>dead_error_condition</b>: The switch value &quot;(insn &gt;&gt; 3) &amp; 7&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-m68k/translate.c:677: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return NULL_QREG;&quot;.

<a name='def616'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def616'>[#def616]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:1142: <b>assignment</b>: Assigning: &quot;op&quot; = &quot;(insn &gt;&gt; 6) &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:1173: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 1 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:1151: <b>cond_cannot_single</b>: Condition &quot;op&quot;, taking true branch. Now the value of &quot;op&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:1173: <b>cannot_single</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:1173: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-m68k/translate.c:1183: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def617'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def617'>[#def617]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:510: <b>dead_error_condition</b>: The switch value &quot;(insn &gt;&gt; 3) &amp; 7&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-m68k/translate.c:554: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return NULL_QREG;&quot;.

<a name='def618'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def618'>[#def618]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def619'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def619'>[#def619]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def620'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def620'>[#def620]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:143: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:144: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def621'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def621'>[#def621]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def622'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def622'>[#def622]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def623'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def623'>[#def623]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:288: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:289: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def624'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def624'>[#def624]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:791: <b>assignment</b>: Assigning: &quot;memory_map_mode&quot; = &quot;(s-&gt;gr[6] &gt;&gt; 2) &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:793: <b>between</b>: When switching on &quot;memory_map_mode&quot;, the value of &quot;memory_map_mode&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:793: <b>dead_error_condition</b>: The switch value &quot;memory_map_mode&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/vga.c:806: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def625'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def625'>[#def625]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:851: <b>assignment</b>: Assigning: &quot;memory_map_mode&quot; = &quot;(s-&gt;gr[6] &gt;&gt; 2) &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:853: <b>between</b>: When switching on &quot;memory_map_mode&quot;, the value of &quot;memory_map_mode&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:853: <b>dead_error_condition</b>: The switch value &quot;memory_map_mode&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/vga.c:866: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def626'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def626'>[#def626]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:901: <b>assignment</b>: Assigning: &quot;write_mode&quot; = &quot;s-&gt;gr[5] &amp; 3&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:902: <b>between</b>: When switching on &quot;write_mode&quot;, the value of &quot;write_mode&quot; must be between 0 and 3.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vga.c:902: <b>dead_error_condition</b>: The switch value &quot;write_mode&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/vga.c:903: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def627'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def627'>[#def627]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def628'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def628'>[#def628]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def629'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def629'>[#def629]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8733: <b>equality_cond</b>: Jumping to case &quot;251&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8736: <b>equality_cond</b>: Jumping to case &quot;315&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8753: <b>intervals</b>: When switching on &quot;num&quot;, the value of &quot;num&quot; must be in one of the following intervals: {[251,251], [315,315]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8753: <b>dead_error_condition</b>: The switch value &quot;num&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8782: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def630'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def630'>[#def630]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:613: <b>assignment</b>: Assigning: &quot;cert_count&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:616: <b>incr</b>: Incrementing &quot;cert_count&quot;. The value of &quot;cert_count&quot; is now 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:616: <b>incr</b>: Incrementing &quot;cert_count&quot;. The value of &quot;cert_count&quot; is now 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:619: <b>at_least</b>: At condition &quot;cert_count == 0&quot;, the value of &quot;cert_count&quot; must be at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:619: <b>dead_error_condition</b>: The condition &quot;cert_count == 0&quot; cannot be true.</span>
qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:620: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;PK11_DestroyGenericObjects(...&quot;.

<a name='def631'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def631'>[#def631]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:452: <b>dead_error_condition</b>: The switch value &quot;(tlb-&gt;tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/mmu_helper.c:453: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def632'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def632'>[#def632]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4563: <b>equality_cond</b>: Jumping to case &quot;136&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4564: <b>equality_cond</b>: Jumping to case &quot;137&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4565: <b>equality_cond</b>: Jumping to case &quot;138&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4573: <b>between</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be between 136 and 138.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4573: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4584: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def633'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def633'>[#def633]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4666: <b>equality_cond</b>: Jumping to case &quot;148&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4667: <b>equality_cond</b>: Jumping to case &quot;150&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4668: <b>equality_cond</b>: Jumping to case &quot;151&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4673: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[148,148], [150,151]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4673: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4683: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def634'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def634'>[#def634]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4967: <b>equality_cond</b>: Jumping to case &quot;192&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4968: <b>equality_cond</b>: Jumping to case &quot;194&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4973: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[192,192], [194,194]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4973: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4980: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def635'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def635'>[#def635]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4984: <b>equality_cond</b>: Jumping to case &quot;210&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4985: <b>equality_cond</b>: Jumping to case &quot;212&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4986: <b>equality_cond</b>: Jumping to case &quot;213&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4987: <b>equality_cond</b>: Jumping to case &quot;214&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4988: <b>equality_cond</b>: Jumping to case &quot;215&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4989: <b>equality_cond</b>: Jumping to case &quot;220&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4990: <b>equality_cond</b>: Jumping to case &quot;243&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4999: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[210,210], [212,215], [220,220], [243,243]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4999: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:5030: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def636'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def636'>[#def636]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4238: <b>equality_cond</b>: Jumping to case &quot;74&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4239: <b>equality_cond</b>: Jumping to case &quot;75&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4240: <b>equality_cond</b>: Jumping to case &quot;76&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4250: <b>between</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be between 74 and 76.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4250: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4262: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def637'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def637'>[#def637]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4361: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4373: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4362: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4377: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4363: <b>equality_cond</b>: Jumping to case &quot;94&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4374: <b>equality_cond</b>: Jumping to case &quot;94&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4364: <b>equality_cond</b>: Jumping to case &quot;95&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4378: <b>equality_cond</b>: Jumping to case &quot;95&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4385: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[90,91], [94,95]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4385: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4398: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def638'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def638'>[#def638]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4361: <b>equality_cond</b>: Jumping to case &quot;90&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4362: <b>equality_cond</b>: Jumping to case &quot;91&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4363: <b>equality_cond</b>: Jumping to case &quot;94&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4364: <b>equality_cond</b>: Jumping to case &quot;95&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4372: <b>intervals</b>: When switching on &quot;opc&quot;, the value of &quot;opc&quot; must be in one of the following intervals: {[90,91], [94,95]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:4372: <b>dead_error_condition</b>: The switch value &quot;opc&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-s390x/translate.c:4381: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def639'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def639'>[#def639]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def640'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def640'>[#def640]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def641'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def641'>[#def641]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:288: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0UL) != 0UL&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:289: <b>dead_error_line</b>: Execution cannot reach this statement &quot;do_unaligned_access(env, ad...&quot;.

<a name='def642'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def642'>[#def642]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:170: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:171: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def643'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def643'>[#def643]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:112: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:113: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def644'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def644'>[#def644]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:165: <b>assignment</b>: Assigning: &quot;op&quot; = &quot;(insn &gt;&gt; 7) &amp; 0xfU&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:170: <b>between</b>: When switching on &quot;op&quot;, the value of &quot;op&quot; must be between 0 and 15.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/milkymist-pfpu.c:170: <b>dead_error_condition</b>: The switch value &quot;op&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/milkymist-pfpu.c:304: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def645'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def645'>[#def645]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/cmd646.c:135: <b>dead_error_condition</b>: The switch value &quot;addr &amp; 3UL&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/ide/cmd646.c:152: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def646'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def646'>[#def646]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:7977: <b>dead_error_condition</b>: The switch value &quot;(insn &gt;&gt; 25) &amp; 0xfU&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-arm/translate.c:8969: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def647'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def647'>[#def647]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def648'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def648'>[#def648]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:288: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:292: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_str(m, (obj ? &amp;(...&quot;.

<a name='def649'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def649'>[#def649]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:288: <b>cond_notnull</b>: Condition &quot;obj&quot;, taking true branch. Now the value of &quot;obj&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: <b>notnull</b>: At condition &quot;obj&quot;, the value of &quot;obj&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: <b>dead_error_condition</b>: The condition &quot;obj&quot; must be true.</span>
qemu-kvm-1.2.0/qga/qapi-generated/qga-qapi-visit.c:297: <b>dead_error_line</b>: Execution cannot reach this expression &quot;NULL&quot; inside statement &quot;visit_type_GuestIpAddressLi...&quot;.

<a name='def650'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def650'>[#def650]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:313: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:314: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def651'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def651'>[#def651]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_template.h:258: <b>dead_error_condition</b>: The condition &quot;(addr &amp; 0U) != 0U&quot; cannot be true.</span>
qemu-kvm-1.2.0/softmmu_template.h:259: <b>dead_error_line</b>: Execution cannot reach this statement &quot;goto do_unaligned_access;&quot;.

<a name='def652'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def652'>[#def652]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/esp-pci.c:108: <b>dead_error_condition</b>: The switch value &quot;val &amp; 3U&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/hw/esp-pci.c:121: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def653'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def653'>[#def653]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:3874: <b>assignment</b>: Assigning: &quot;is_data&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:4012: <b>const</b>: At condition &quot;is_data&quot;, the value of &quot;is_data&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:4012: <b>dead_error_condition</b>: The condition &quot;is_data&quot; cannot be true.</span>
qemu-kvm-1.2.0/arm-dis.c:4014: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;int i;&quot;.

<a name='def654'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def654'>[#def654]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2320: <b>assignment</b>: Assigning: &quot;length&quot; = &quot;((given &gt;&gt; 8) &amp; 3L) + 1L&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2324: <b>cond_const</b>: Condition &quot;length &gt; 1&quot;, taking false branch. Now the value of &quot;length&quot; is equal to 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2324: <b>cond_between</b>: Condition &quot;length &gt; 1&quot;, taking true branch. Now the value of &quot;length&quot; is between 2 and 4.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2327: <b>between</b>: When switching on &quot;length&quot;, the value of &quot;length&quot; must be between 1 and 4.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2327: <b>dead_error_condition</b>: The switch value &quot;length&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/arm-dis.c:2367: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def655'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def655'>[#def655]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2466: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;16&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2460: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2473: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2511: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;32&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2493: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2499: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;8&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2520: <b>intervals</b>: When switching on &quot;size&quot;, the value of &quot;size&quot; must be in one of the following intervals: {[8,8], [16,16], [32,32], [64,64]}.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arm-dis.c:2520: <b>dead_error_condition</b>: The switch value &quot;size&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/arm-dis.c:2558: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def656'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def656'>[#def656]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mcf_uart.c:145: <b>dead_error_condition</b>: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;4&quot;.</span>
qemu-kvm-1.2.0/hw/mcf_uart.c:145: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 4:&quot;.

<a name='def657'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def657'>[#def657]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mcf_uart.c:147: <b>dead_error_condition</b>: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;5&quot;.</span>
qemu-kvm-1.2.0/hw/mcf_uart.c:147: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 5:&quot;.

<a name='def658'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def658'>[#def658]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mcf_uart.c:150: <b>dead_error_condition</b>: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;6&quot;.</span>
qemu-kvm-1.2.0/hw/mcf_uart.c:150: <b>dead_error_line</b>: Execution cannot reach this statement &quot;case 6:&quot;.

<a name='def659'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def659'>[#def659]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/mcf_uart.c:151: <b>dead_error_condition</b>: The switch value &quot;(cmd &gt;&gt; 4) &amp; 3&quot; cannot be &quot;7&quot;.</span>
qemu-kvm-1.2.0/hw/mcf_uart.c:151: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 7:&quot;.

<a name='def660'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def660'>[#def660]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:387: <b>assignment</b>: Assigning: &quot;lma&quot; = &quot;false&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:394: <b>const</b>: At condition &quot;lma&quot;, the value of &quot;lma&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:394: <b>dead_error_condition</b>: The condition &quot;lma&quot; cannot be true.</span>
qemu-kvm-1.2.0/target-i386/arch_dump.c:395: <b>dead_error_line</b>: Execution cannot reach this statement &quot;info-&gt;d_machine = 62;&quot;.

<a name='def661'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def661'>[#def661]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:387: <b>assignment</b>: Assigning: &quot;lma&quot; = &quot;false&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:401: <b>const</b>: At condition &quot;lma&quot;, the value of &quot;lma&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/arch_dump.c:401: <b>dead_error_condition</b>: The condition &quot;lma&quot; cannot be true.</span>
qemu-kvm-1.2.0/target-i386/arch_dump.c:402: <b>dead_error_line</b>: Execution cannot reach this statement &quot;info-&gt;d_class = 2;&quot;.

<a name='def662'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def662'>[#def662]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/sparc-dis.c:3053: <b>dead_error_condition</b>: The condition &quot;(unsigned int)((insn &gt;&gt; 14) &amp; 0x1fUL) &lt; 32U&quot; must be true.</span>
qemu-kvm-1.2.0/sparc-dis.c:3057: <b>dead_error_line</b>: Execution cannot reach this statement &quot;(*info-&gt;fprintf_func)(strea...&quot;.

<a name='def663'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def663'>[#def663]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/sparc-dis.c:3061: <b>dead_error_condition</b>: The condition &quot;(unsigned int)((insn &gt;&gt; 25) &amp; 0x1fUL) &lt; 32U&quot; must be true.</span>
qemu-kvm-1.2.0/sparc-dis.c:3065: <b>dead_error_line</b>: Execution cannot reach this statement &quot;(*info-&gt;fprintf_func)(strea...&quot;.

<a name='def664'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def664'>[#def664]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/arm-semi.c:226: <b>dead_error_condition</b>: The condition &quot;({...})&quot; cannot be true.</span>
qemu-kvm-1.2.0/target-arm/arm-semi.c:228: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return 4294967295U;&quot;.

<a name='def665'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def665'>[#def665]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:178: <b>assignment</b>: Assigning: &quot;nextchr&quot; = &quot;-1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:215: <b>assignment</b>: Assigning: &quot;nextchr&quot; = &quot;-1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:181: <b>const</b>: At condition &quot;nextchr == -1&quot;, the value of &quot;nextchr&quot; must be equal to -1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:181: <b>dead_error_condition</b>: The condition &quot;nextchr == -1&quot; must be true.</span>
qemu-kvm-1.2.0/ui/curses.c:184: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;chr = nextchr;&quot;.

<a name='def666'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def666'>[#def666]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppce500_pci.c:120: <b>dead_error_condition</b>: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.</span>
qemu-kvm-1.2.0/hw/ppce500_pci.c:120: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 16UL:&quot;.

<a name='def667'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def667'>[#def667]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppce500_pci.c:142: <b>dead_error_condition</b>: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.</span>
qemu-kvm-1.2.0/hw/ppce500_pci.c:142: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 16UL:&quot;.

<a name='def668'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def668'>[#def668]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppce500_pci.c:191: <b>dead_error_condition</b>: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.</span>
qemu-kvm-1.2.0/hw/ppce500_pci.c:191: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 16UL:&quot;.

<a name='def669'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def669'>[#def669]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppce500_pci.c:213: <b>dead_error_condition</b>: The switch value &quot;addr &amp; 0xcUL&quot; cannot be &quot;16UL&quot;.</span>
qemu-kvm-1.2.0/hw/ppce500_pci.c:213: <b>dead_error_begin</b>: Execution cannot reach this statement &quot;case 16UL:&quot;.

<a name='def670'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def670'>[#def670]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1338.c:73: <b>cond_at_most</b>: Condition &quot;data &lt; 8&quot;, taking true branch. Now the value of &quot;data&quot; is at most 7.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1338.c:83: <b>equality_cond</b>: Jumping to case &quot;2&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1338.c:84: <b>const</b>: At condition &quot;data &amp; 0x40&quot;, the value of &quot;data&quot; must be equal to 2.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ds1338.c:84: <b>dead_error_condition</b>: The condition &quot;data &amp; 0x40&quot; cannot be true.</span>
qemu-kvm-1.2.0/hw/ds1338.c:85: <b>dead_error_line</b>: Execution cannot reach this statement &quot;if (data &amp; 0x20){
  data = ...&quot;.

<a name='def671'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def671'>[#def671]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:253: <b>cond_notnull</b>: Condition &quot;reader != NULL&quot;, taking true branch. Now the value of &quot;reader&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:255: <b>notnull</b>: At condition &quot;reader&quot;, the value of &quot;reader&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:255: <b>dead_error_condition</b>: The condition &quot;reader&quot; must be true.</span>
qemu-kvm-1.2.0/libcacard/vscclient.c:255: <b>dead_error_line</b>: Execution cannot reach this expression &quot;&quot;invalid reader&quot;&quot; inside statement &quot;printf(&quot;insert %s, returned...&quot;.

<a name='def672'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def672'>[#def672]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:266: <b>cond_notnull</b>: Condition &quot;reader != NULL&quot;, taking true branch. Now the value of &quot;reader&quot; is not NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:268: <b>notnull</b>: At condition &quot;reader&quot;, the value of &quot;reader&quot; cannot be NULL.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:268: <b>dead_error_condition</b>: The condition &quot;reader&quot; must be true.</span>
qemu-kvm-1.2.0/libcacard/vscclient.c:268: <b>dead_error_line</b>: Execution cannot reach this expression &quot;&quot;invalid reader&quot;&quot; inside statement &quot;printf(&quot;remove %s, returned...&quot;.

<a name='def673'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def673'>[#def673]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/aes.c:740: <b>cond_const</b>: Condition &quot;bits != 256&quot;, taking false branch. Now the value of &quot;bits&quot; is equal to 256.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/aes.c:798: <b>const</b>: At condition &quot;bits == 256&quot;, the value of &quot;bits&quot; must be equal to 256.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/aes.c:798: <b>dead_error_condition</b>: The condition &quot;bits == 256&quot; must be true.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/aes.c:799: <b>dead_error_condition</b>: The condition &quot;1&quot; must be true.</span>
qemu-kvm-1.2.0/aes.c:826: <b>dead_error_line</b>: Execution cannot reach this statement &quot;return 0;&quot;.

<a name='def674'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def674'>[#def674]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: <b>cond_at_least</b>: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:195: <b>cond_at_least</b>: Condition &quot;quot &gt; 65535U&quot;, taking true branch. Now the value of &quot;quot&quot; is at least 65536.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: <b>cond_at_least</b>: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is at least 65536.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:195: <b>cond_at_most</b>: Condition &quot;quot &gt; 65535U&quot;, taking false branch. Now the value of &quot;quot&quot; is at most 65535.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: <b>cond_between</b>: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; is between 1 and 65535.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: <b>at_least</b>: At condition &quot;(int32_t)quot &lt; 0&quot;, the value of &quot;quot&quot; must be at least 1.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:197: <b>cond_cannot_single</b>: Condition &quot;quot == 0U&quot;, taking false branch. Now the value of &quot;quot&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: <b>cannot_single</b>: At condition &quot;(int32_t)quot &lt; 0&quot;, the value of &quot;quot&quot; cannot be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/op_helper.c:199: <b>dead_error_condition</b>: The condition &quot;(int32_t)quot &lt; 0&quot; cannot be true.</span>
qemu-kvm-1.2.0/target-m68k/op_helper.c:200: <b>dead_error_line</b>: Execution cannot reach this statement &quot;flags |= 8U;&quot;.

<a name='def675'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def675'>[#def675]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:616: <b>assignment</b>: Assigning: &quot;persistent&quot; = &quot;0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:626: <b>const</b>: At condition &quot;persistent&quot;, the value of &quot;persistent&quot; must be equal to 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:626: <b>dead_error_condition</b>: The condition &quot;persistent&quot; cannot be true.</span>
qemu-kvm-1.2.0/linux-user/flatload.c:627: <b>dead_error_line</b>: Execution cannot reach this statement &quot;continue;&quot;.

<a name='def676'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def676'>[#def676]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:741: <b>dead_error_condition</b>: The switch value &quot;(env-&gt;dtlb[i].tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/mmu_helper.c:742: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def677'/><b>Error: <span style='background: #C0FF00;'>DEADCODE</span> (CWE-561):</b> <a href ='#def677'>[#def677]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/mmu_helper.c:778: <b>dead_error_condition</b>: The switch value &quot;(env-&gt;itlb[i].tte &gt;&gt; 61) &amp; 3ULL&quot; cannot reach the default case.</span>
qemu-kvm-1.2.0/target-sparc/mmu_helper.c:779: <b>dead_error_line</b>: Execution cannot reach this statement &quot;default:&quot;.

<a name='def678'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def678'>[#def678]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:626: <b>assign_zero</b>: Assigning: &quot;ioeventfds&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:630: <b>cond_true</b>: Condition &quot;fr &lt; as-&gt;current_map.ranges + as-&gt;current_map.nr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:631: <b>cond_true</b>: Condition &quot;i &lt; fr-&gt;mr-&gt;ioeventfd_nb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:635: <b>cond_false</b>: Condition &quot;addrrange_intersects(fr-&gt;addr, tmp)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:641: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:642: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:631: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:631: <b>cond_false</b>: Condition &quot;i &lt; fr-&gt;mr-&gt;ioeventfd_nb&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:642: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:643: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:630: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:630: <b>cond_false</b>: Condition &quot;fr &lt; as-&gt;current_map.ranges + as-&gt;current_map.nr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:643: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:645: <b>var_deref_model</b>: Passing null pointer &quot;ioeventfds&quot; to function &quot;address_space_add_del_ioeventfds(AddressSpace *, MemoryRegionIoeventfd *, unsigned int, MemoryRegionIoeventfd *, unsigned int)&quot;, which dereferences it.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:588:5: <b>cond_true</b>: Condition &quot;iold &lt; fds_old_nb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:589:9: <b>cond_true</b>: Condition &quot;iold &lt; fds_old_nb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/memory.c:589:9: <b>cond_false</b>: Condition &quot;inew == fds_new_nb&quot;, taking false branch</span>
qemu-kvm-1.2.0/memory.c:589:9: <b>deref_parm</b>: Directly dereferencing parameter &quot;fds_new&quot;.

<a name='def679'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def679'>[#def679]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:285: <b>cond_false</b>: Condition &quot;req-&gt;dev&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:287: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:285: <b>var_compare_op</b>: Comparing &quot;req-&gt;dev&quot; to null implies that &quot;req-&gt;dev&quot; might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:287: <b>cond_true</b>: Condition &quot;req-&gt;bus-&gt;unit_attention.key == 6&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:288: <b>var_deref_model</b>: Passing &quot;req&quot; to function &quot;scsi_req_build_sense(SCSIRequest *, SCSISense)&quot;, which dereferences null &quot;req-&gt;dev&quot;.</span>
qemu-kvm-1.2.0/hw/scsi-bus.c:664:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;req-&gt;dev&quot;.

<a name='def680'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def680'>[#def680]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:464: <b>assign_zero</b>: Assigning: &quot;buf&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:465: <b>cond_true</b>: Condition &quot;virtqueue_pop(vq, &amp;elem)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:473: <b>cond_false</b>: Condition &quot;cur_len &gt; len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:478: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/virtio-serial-bus.c:479: <b>var_deref_model</b>: Passing null pointer &quot;buf&quot; to function &quot;iov_to_buf(struct iovec const *, unsigned int const, size_t, void *, size_t)&quot;, which dereferences it.
<span style='color: #808080;'>qemu-kvm-1.2.0/iov.c:53:5: <b>cond_true</b>: Condition &quot;offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/iov.c:53:5: <b>cond_true</b>: Condition &quot;i &lt; iov_cnt&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/iov.c:54:9: <b>cond_true</b>: Condition &quot;offset &lt; (iov + i).iov_len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/iov.c:56:13: <b>deref_parm_field_in_call</b>: Function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; dereferences an offset off &quot;buf&quot;.</span>

<a name='def681'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def681'>[#def681]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:420: <b>assign_zero</b>: Assigning: &quot;refcount_block&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:428: <b>cond_false</b>: Condition &quot;length &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:430: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:430: <b>cond_false</b>: Condition &quot;length == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:432: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:434: <b>cond_true</b>: Condition &quot;addend &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:441: <b>cond_true</b>: Condition &quot;cluster_offset &lt;= last&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:450: <b>cond_false</b>: Condition &quot;table_index != old_table_index&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:463: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block/qcow2-refcount.c:472: <b>var_deref_op</b>: Dereferencing null pointer &quot;refcount_block&quot;.

<a name='def682'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def682'>[#def682]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:1047: <b>cond_true</b>: Condition &quot;l1_size2 == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:1048: <b>assign_zero</b>: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:1049: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:1056: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:1059: <b>cond_true</b>: Condition &quot;i &lt; l1_size&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/qcow2-refcount.c:1060: <b>var_deref_op</b>: Dereferencing null pointer &quot;l1_table&quot;.

<a name='def683'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def683'>[#def683]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: <b>assign_zero</b>: Assigning: &quot;q&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: <b>switch</b>: Switch case value &quot;1009&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2259: <b>switch_case</b>: Reached case &quot;1009&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2260: <b>var_deref_model</b>: Passing null pointer &quot;q&quot; to function &quot;ehci_state_advqueue(EHCIQueue *)&quot;, which dereferences it.</span>
qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:1963:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;q&quot;.

<a name='def684'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def684'>[#def684]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: <b>assign_zero</b>: Assigning: &quot;q&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: <b>switch</b>: Switch case value &quot;1011&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2271: <b>switch_case</b>: Reached case &quot;1011&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2272: <b>var_deref_model</b>: Passing null pointer &quot;q&quot; to function &quot;ehci_state_execute(EHCIQueue *)&quot;, which dereferences it.</span>
qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2100:19: <b>deref_parm</b>: Directly dereferencing parameter &quot;q&quot;.

<a name='def685'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def685'>[#def685]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: <b>assign_zero</b>: Assigning: &quot;q&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: <b>switch</b>: Switch case value &quot;1010&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2263: <b>switch_case</b>: Reached case &quot;1010&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2264: <b>var_deref_model</b>: Passing null pointer &quot;q&quot; to function &quot;ehci_state_fetchqtd(EHCIQueue *)&quot;, which dereferences it.</span>
qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:1992:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;q&quot;.

<a name='def686'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def686'>[#def686]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2228: <b>assign_zero</b>: Assigning: &quot;q&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2232: <b>switch</b>: Switch case value &quot;1013&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2267: <b>switch_case</b>: Reached case &quot;1013&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2268: <b>var_deref_model</b>: Passing null pointer &quot;q&quot; to function &quot;ehci_state_horizqh(EHCIQueue *)&quot;, which dereferences it.</span>
qemu-kvm-1.2.0/hw/usb/hcd-ehci.c:2054:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;q&quot;.

<a name='def687'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def687'>[#def687]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1740: <b>cond_false</b>: Condition &quot;class_id == 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1741: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: <b>cond_true</b>: Condition &quot;s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_true</b>: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_true</b>: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1747: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: <b>cond_true</b>: Condition &quot;s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_true</b>: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_false</b>: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_true</b>: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_false</b>: Condition &quot;f-&gt;addr != addr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: <b>cond_true</b>: Condition &quot;f-&gt;port != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: <b>cond_true</b>: Condition &quot;port == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: <b>var_compare_op</b>: Comparing &quot;port&quot; to null implies that &quot;port&quot; might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1753: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: <b>cond_true</b>: Condition &quot;s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_true</b>: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_false</b>: Condition &quot;f-&gt;bus_num != bus_num&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_true</b>: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_false</b>: Condition &quot;f-&gt;addr != addr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: <b>cond_false</b>: Condition &quot;f-&gt;port != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1754: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: <b>cond_true</b>: Condition &quot;f-&gt;vendor_id &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: <b>cond_true</b>: Condition &quot;f-&gt;vendor_id != vendor_id&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1757: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1779: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1743: <b>cond_true</b>: Condition &quot;s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1746: <b>cond_false</b>: Condition &quot;f-&gt;bus_num &gt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1748: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_true</b>: Condition &quot;f-&gt;addr &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1749: <b>cond_false</b>: Condition &quot;f-&gt;addr != addr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1752: <b>cond_false</b>: Condition &quot;f-&gt;port != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1754: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: <b>cond_true</b>: Condition &quot;f-&gt;vendor_id &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1756: <b>cond_false</b>: Condition &quot;f-&gt;vendor_id != vendor_id&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1758: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1760: <b>cond_true</b>: Condition &quot;f-&gt;product_id &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1760: <b>cond_false</b>: Condition &quot;f-&gt;product_id != product_id&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1765: <b>cond_false</b>: Condition &quot;s-&gt;errcount &gt;= 3&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1767: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1770: <b>cond_false</b>: Condition &quot;s-&gt;fd != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1772: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/usb/host-linux.c:1775: <b>var_deref_model</b>: Passing null pointer &quot;port&quot; to function &quot;usb_host_open(USBHostDevice *, int, int, char const *, char const *, int)&quot;, which dereferences it.
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1293:5: <b>cond_false</b>: Condition &quot;dev-&gt;fd != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1295:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1298:5: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1300:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1305:5: <b>deref_parm_in_call</b>: Function &quot;strcpy(char * restrict, char const * restrict)&quot; dereferences &quot;port&quot;.</span>

<a name='def688'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def688'>[#def688]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1957: <b>cond_true</b>: Condition &quot;index &lt; s-&gt;mapping.next&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1957: <b>cond_false</b>: Condition &quot;mapping = array_get(&amp;s-&gt;mapping, index)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1962: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1957: <b>var_compare_op</b>: Comparing &quot;mapping&quot; to null implies that &quot;mapping&quot; might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:1963: <b>cond_false</b>: Condition &quot;index &gt;= s-&gt;mapping.next&quot;, taking false branch</span>
qemu-kvm-1.2.0/block/vvfat.c:1963: <b>var_deref_op</b>: Dereferencing null pointer &quot;mapping&quot;.

<a name='def689'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def689'>[#def689]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: <b>cond_true</b>: Condition &quot;*args == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1146: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: <b>cond_true</b>: Condition &quot;*args != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1143: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: <b>cond_false</b>: Condition &quot;*args == &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1147: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1150: <b>cond_true</b>: Condition &quot;__coverity_strncmp(args, &quot;soft=&quot;, 5) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1163: <b>cond_false</b>: Condition &quot;*args != &apos;(&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1165: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1171: <b>cond_true</b>: Condition &quot;type_params_length &lt; 99UL /* sizeof (type_str) - 1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1178: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1180: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1182: <b>cond_true</b>: Condition &quot;opts-&gt;vreader_count &gt;= reader_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1186: <b>cond_false</b>: Condition &quot;vreaderOpt == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1188: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: <b>cond_true</b>: Condition &quot;i &lt; count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1205: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1200: <b>cond_false</b>: Condition &quot;i &lt; count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1205: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1206: <b>cond_true</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1211: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1247: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1248: <b>cond_true</b>: Condition &quot;*args != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1143: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1145: <b>cond_false</b>: Condition &quot;*args == &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1147: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1150: <b>cond_true</b>: Condition &quot;__coverity_strncmp(args, &quot;soft=&quot;, 5) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1160: <b>assign_zero</b>: Assigning: &quot;vreaderOpt&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1163: <b>cond_false</b>: Condition &quot;*args != &apos;(&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1165: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1168: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1169: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1170: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1171: <b>cond_true</b>: Condition &quot;type_params_length &lt; 99UL /* sizeof (type_str) - 1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>cond_false</b>: Condition &quot;*args == &apos;)&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1176: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1178: <b>cond_false</b>: Condition &quot;*args == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1180: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1182: <b>cond_false</b>: Condition &quot;opts-&gt;vreader_count &gt;= reader_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1189: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1191: <b>alias_transfer</b>: Assigning: &quot;vreaderOpt&quot; = &quot;vreaderOpt + opts-&gt;vreader_count&quot;.</span>
qemu-kvm-1.2.0/libcacard/vcard_emul_nss.c:1192: <b>var_deref_op</b>: Dereferencing null pointer &quot;vreaderOpt&quot;.

<a name='def690'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def690'>[#def690]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:405: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:407: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:416: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:418: <b>switch</b>: Switch case value &quot;128&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:444: <b>switch_case</b>: Reached case &quot;128&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:445: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def691'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def691'>[#def691]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:405: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:407: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:416: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:418: <b>switch</b>: Switch case value &quot;132&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:447: <b>switch_case</b>: Reached case &quot;132&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:448: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def692'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def692'>[#def692]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:405: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:407: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:416: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:418: <b>switch</b>: Switch case value &quot;144&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:454: <b>switch_case</b>: Reached case &quot;144&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:455: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def693'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def693'>[#def693]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:405: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:407: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:416: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:418: <b>switch</b>: Switch case value &quot;152&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:460: <b>switch_case</b>: Reached case &quot;152&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:461: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def694'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def694'>[#def694]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:405: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:407: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:416: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:418: <b>switch</b>: Switch case value &quot;156&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:463: <b>switch_case</b>: Reached case &quot;156&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:464: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def695'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def695'>[#def695]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:486: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:488: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:497: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:499: <b>switch</b>: Switch case value &quot;132&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:535: <b>switch_case</b>: Reached case &quot;132&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:536: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def696'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def696'>[#def696]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:486: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:488: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:497: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:499: <b>switch</b>: Switch case value &quot;136&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:541: <b>switch_case</b>: Reached case &quot;136&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:542: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def697'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def697'>[#def697]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:486: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:488: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:497: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:499: <b>switch</b>: Switch case value &quot;140&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:547: <b>switch_case</b>: Reached case &quot;140&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:548: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def698'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def698'>[#def698]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:486: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:488: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:497: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:499: <b>switch</b>: Switch case value &quot;144&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:551: <b>switch_case</b>: Reached case &quot;144&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:552: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def699'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def699'>[#def699]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:486: <b>assign_zero</b>: Assigning: &quot;bank&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:488: <b>cond_false</b>: Condition &quot;(offset &amp; 0xf80) == 0x80&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:497: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:499: <b>switch</b>: Switch case value &quot;148&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_intc.c:557: <b>switch_case</b>: Reached case &quot;148&quot;</span>
qemu-kvm-1.2.0/hw/omap_intc.c:558: <b>var_deref_op</b>: Dereferencing null pointer &quot;bank&quot;.

<a name='def700'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def700'>[#def700]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:659: <b>cond_true</b>: Condition &quot;s-&gt;sizearg == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:660: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:663: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:669: <b>cond_true</b>: Condition &quot;ivshmem_has_feature(s, 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:669: <b>cond_false</b>: Condition &quot;!ivshmem_has_feature(s, 1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:676: <b>cond_true</b>: Condition &quot;s-&gt;role&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:677: <b>cond_true</b>: Condition &quot;__coverity_strncmp(s-&gt;role, &quot;peer&quot;, 5) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:679: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:684: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:685: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:687: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:689: <b>cond_true</b>: Condition &quot;s-&gt;role_val == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:711: <b>cond_true</b>: Condition &quot;s-&gt;server_chr != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:711: <b>cond_false</b>: Condition &quot;__coverity_strncmp(s-&gt;server_chr-&gt;filename, &quot;unix:&quot;, 5) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:741: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:745: <b>cond_true</b>: Condition &quot;s-&gt;shmobj == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ivshmem.c:745: <b>var_compare_op</b>: Comparing &quot;s-&gt;shmobj&quot; to null implies that &quot;s-&gt;shmobj&quot; might be null.</span>
qemu-kvm-1.2.0/hw/ivshmem.c:753: <b>var_deref_model</b>: Passing null pointer &quot;s-&gt;shmobj&quot; to function &quot;shm_open(char const *, int, mode_t)&quot;, which dereferences it.

<a name='def701'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def701'>[#def701]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3538: <b>cond_true</b>: Condition &quot;info-&gt;mach == 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3540: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3544: <b>cond_true</b>: Condition &quot;intel_syntax == -1 /* (char)-1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3545: <b>cond_false</b>: Condition &quot;info-&gt;mach == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3545: <b>cond_true</b>: Condition &quot;info-&gt;mach == 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3548: <b>cond_false</b>: Condition &quot;info-&gt;mach == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3548: <b>cond_false</b>: Condition &quot;info-&gt;mach == 3&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3548: <b>cond_false</b>: Condition &quot;info-&gt;mach == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3548: <b>cond_true</b>: Condition &quot;info-&gt;mach == 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3552: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3556: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3558: <b>cond_true</b>: Condition &quot;p != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3560: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p, &quot;x86-64&quot;, 6) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3564: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3608: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3611: <b>cond_false</b>: Condition &quot;p != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3612: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3613: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3558: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3558: <b>cond_false</b>: Condition &quot;p != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3613: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3615: <b>cond_true</b>: Condition &quot;intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3628: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3642: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3653: <b>cond_true</b>: Condition &quot;i &lt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3657: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3653: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3653: <b>cond_true</b>: Condition &quot;i &lt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3657: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3653: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3653: <b>cond_false</b>: Condition &quot;i &lt; 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3657: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3664: <b>cond_false</b>: Condition &quot;_setjmp(priv.bailout) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3687: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3696: <b>cond_true</b>: Condition &quot;*codep == 98&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3698: <b>cond_false</b>: Condition &quot;prefixes &amp; 0x800&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3698: <b>cond_true</b>: Condition &quot;rex&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3698: <b>cond_false</b>: Condition &quot;rex_used&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3711: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3714: <b>cond_false</b>: Condition &quot;*codep == 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3748: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3754: <b>cond_false</b>: Condition &quot;*codep == 144&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3759: <b>cond_true</b>: Condition &quot;!uses_REPZ_prefix&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3759: <b>cond_true</b>: Condition &quot;prefixes &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3764: <b>cond_true</b>: Condition &quot;!uses_REPNZ_prefix&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3764: <b>cond_true</b>: Condition &quot;prefixes &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3770: <b>cond_true</b>: Condition &quot;!uses_LOCK_prefix&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3770: <b>cond_true</b>: Condition &quot;prefixes &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3776: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3779: <b>cond_true</b>: Condition &quot;dp-&gt;op[2].bytemode != 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3781: <b>cond_false</b>: Condition &quot;sizeflag &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3781: <b>cond_true</b>: Condition &quot;address_mode == mode_64bit&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3782: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3784: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3789: <b>cond_true</b>: Condition &quot;!uses_DATA_prefix&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3789: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3792: <b>cond_true</b>: Condition &quot;dp-&gt;op[2].bytemode == 9&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3792: <b>cond_true</b>: Condition &quot;dp-&gt;op[0].bytemode == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3792: <b>cond_false</b>: Condition &quot;!intel_syntax&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3801: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3804: <b>cond_true</b>: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3804: <b>cond_true</b>: Condition &quot;dp-&gt;op[0].bytemode == 5&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3810: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3817: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3819: <b>cond_true</b>: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3819: <b>cond_false</b>: Condition &quot;dp-&gt;op[0].bytemode == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3824: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3826: <b>cond_true</b>: Condition &quot;dp-&gt;name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3826: <b>var_compare_op</b>: Comparing &quot;dp-&gt;name&quot; to null implies that &quot;dp-&gt;name&quot; might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3828: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3861: <b>switch_default</b>: Reached default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3863: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:3864: <b>switch_end</b>: Reached end of switch</span>
qemu-kvm-1.2.0/i386-dis.c:3867: <b>var_deref_model</b>: Passing null pointer &quot;dp-&gt;name&quot; to function &quot;putop(char const *, int)&quot;, which dereferences it.
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:4340:8: <b>var_assign_parm</b>: Assigning: &quot;p&quot; = &quot;template&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:4340:3: <b>deref_var</b>: Dereferencing &quot;p&quot; (which is a copy of &quot;template&quot;).</span>

<a name='def702'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def702'>[#def702]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:738: <b>cond_true</b>: Condition &quot;l1_table_offset != s-&gt;l1_table_offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:739: <b>cond_false</b>: Condition &quot;l1_size2 != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:741: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:742: <b>assign_zero</b>: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:745: <b>cond_false</b>: Condition &quot;bdrv_pread(bs-&gt;file, l1_table_offset, l1_table, l1_size2) != l1_size2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:750: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:752: <b>cond_true</b>: Condition &quot;i &lt; l1_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:753: <b>var_deref_model</b>: Passing null pointer &quot;l1_table + i&quot; to function &quot;be64_to_cpus(uint64_t *)&quot;, which dereferences it.</span>
qemu-kvm-1.2.0/bswap.h:130:1: <b>deref_parm</b>: Directly dereferencing parameter &quot;p&quot;.

<a name='def703'/><b>Error: <span style='background: #C0FF00;'>FORWARD_NULL</span> (CWE-476):</b> <a href ='#def703'>[#def703]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:738: <b>cond_true</b>: Condition &quot;l1_table_offset != s-&gt;l1_table_offset&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:739: <b>cond_false</b>: Condition &quot;l1_size2 != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:741: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qcow2-refcount.c:742: <b>assign_zero</b>: Assigning: &quot;l1_table&quot; = &quot;NULL&quot;.</span>
qemu-kvm-1.2.0/block/qcow2-refcount.c:745: <b>var_deref_model</b>: Passing null pointer &quot;l1_table&quot; to function &quot;bdrv_pread(BlockDriverState *, int64_t, void *, int)&quot;, which dereferences it.
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1707:5: <b>cond_true</b>: Condition &quot;len &gt; count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1710:5: <b>cond_true</b>: Condition &quot;len &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1711:9: <b>cond_false</b>: Condition &quot;(ret = bdrv_read(bs, sector_num, tmp_buf, 1)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1712:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1713:9: <b>deref_parm_in_call</b>: Function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; dereferences &quot;buf&quot;.</span>

<a name='def704'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def704'>[#def704]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3623: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3625: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block.c:3623: <b>loop_condition</b>: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.

<a name='def705'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def705'>[#def705]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:389: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:391: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block.c:389: <b>loop_condition</b>: If &quot;cco.ret == 2147483647&quot; is initially true then it will remain true.

<a name='def706'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def706'>[#def706]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1626: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:1628: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block.c:1626: <b>loop_condition</b>: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.

<a name='def707'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def707'>[#def707]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3684: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3686: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block.c:3684: <b>loop_condition</b>: If &quot;rwco.ret == 2147483647&quot; is initially true then it will remain true.

<a name='def708'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def708'>[#def708]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-io.c:298: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-io.c:300: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/qemu-io.c:298: <b>loop_condition</b>: If &quot;async_ret == 2147483647&quot; is initially true then it will remain true.

<a name='def709'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def709'>[#def709]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-io.c:312: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-io.c:314: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/qemu-io.c:312: <b>loop_condition</b>: If &quot;async_ret == 2147483647&quot; is initially true then it will remain true.

<a name='def710'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def710'>[#def710]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:270: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:272: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block/qed-table.c:270: <b>loop_condition</b>: If &quot;ret == -115&quot; is initially true then it will remain true.

<a name='def711'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def711'>[#def711]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:197: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:199: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block/qed-table.c:197: <b>loop_condition</b>: If &quot;ret == -115&quot; is initially true then it will remain true.

<a name='def712'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def712'>[#def712]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:292: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:294: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block/qed-table.c:292: <b>loop_condition</b>: If &quot;ret == -115&quot; is initially true then it will remain true.

<a name='def713'/><b>Error: <span style='background: #C0FF00;'>INFINITE_LOOP</span>:</b> <a href ='#def713'>[#def713]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:176: <b>loop_top</b>: Top of the loop.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/qed-table.c:178: <b>loop_bottom</b>: Bottom of the loop.</span>
qemu-kvm-1.2.0/block/qed-table.c:176: <b>loop_condition</b>: If &quot;ret == -115&quot; is initially true then it will remain true.

<a name='def714'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def714'>[#def714]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_dma.c:1712: <b>unterminated_case</b>: This case (value 16) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/omap_dma.c:1714: <b>fallthrough</b>: The above case falls through to this one.

<a name='def715'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def715'>[#def715]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_dma.c:1710: <b>unterminated_case</b>: This case (value 20) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/omap_dma.c:1712: <b>fallthrough</b>: The above case falls through to this one.

<a name='def716'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def716'>[#def716]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_dma.c:1721: <b>unterminated_case</b>: This case (value 32) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/omap_dma.c:1723: <b>fallthrough</b>: The above case falls through to this one.

<a name='def717'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def717'>[#def717]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_dma.c:1719: <b>unterminated_case</b>: This case (value 36) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/omap_dma.c:1721: <b>fallthrough</b>: The above case falls through to this one.

<a name='def718'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def718'>[#def718]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/translate.c:4067: <b>unterminated_case</b>: This case (value 46) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/target-sparc/translate.c:4073: <b>fallthrough</b>: The above case falls through to this one.

<a name='def719'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def719'>[#def719]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap1.c:634: <b>unterminated_case</b>: This case (value 44) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/omap1.c:636: <b>fallthrough</b>: The above case falls through to this one.

<a name='def720'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def720'>[#def720]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:571: <b>unterminated_case</b>: This case (value 2) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/qemu-ga.c:576: <b>fallthrough</b>: The above case falls through to this one.

<a name='def721'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def721'>[#def721]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cirrus_vga.c:1308: <b>unterminated_case</b>: This case (value 7) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/cirrus_vga.c:1310: <b>fallthrough</b>: The above case falls through to this one.

<a name='def722'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def722'>[#def722]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pflash_cfi02.c:145: <b>unterminated_default</b>: The default case is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/pflash_cfi02.c:150: <b>fallthrough</b>: The above case falls through to this one.

<a name='def723'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def723'>[#def723]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/stellaris.c:182: <b>unterminated_case</b>: This case (value 72) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/stellaris.c:185: <b>fallthrough</b>: The above case falls through to this one.

<a name='def724'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def724'>[#def724]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:4406: <b>unterminated_case</b>: This case (value 130) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/target-i386/translate.c:4409: <b>fallthrough</b>: The above case falls through to this one.

<a name='def725'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def725'>[#def725]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7766: <b>unterminated_case</b>: This case (value 271) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/target-i386/translate.c:7769: <b>fallthrough</b>: The above case falls through to this one.

<a name='def726'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def726'>[#def726]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pxa2xx.c:414: <b>unterminated_case</b>: This case (value 100) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/pxa2xx.c:418: <b>fallthrough</b>: The above case falls through to this one.

<a name='def727'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def727'>[#def727]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:3793: <b>unterminated_case</b>: This case (value 312) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/target-i386/translate.c:3796: <b>fallthrough</b>: The above case falls through to this one.

<a name='def728'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def728'>[#def728]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12282: <b>unterminated_case</b>: This case (value 1155530752) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/target-mips/translate.c:12284: <b>fallthrough</b>: The above case falls through to this one.

<a name='def729'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def729'>[#def729]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/twl92230.c:282: <b>unterminated_case</b>: This case (value 17) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/twl92230.c:283: <b>fallthrough</b>: The above case falls through to this one.

<a name='def730'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def730'>[#def730]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/twl92230.c:388: <b>unterminated_case</b>: This case (value 56) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/twl92230.c:389: <b>fallthrough</b>: The above case falls through to this one.

<a name='def731'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def731'>[#def731]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/twl92230.c:489: <b>unterminated_case</b>: This case (value 19) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/twl92230.c:490: <b>fallthrough</b>: The above case falls through to this one.

<a name='def732'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def732'>[#def732]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:873: <b>unterminated_case</b>: This case (value 10) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/scsi-bus.c:878: <b>fallthrough</b>: The above case falls through to this one.

<a name='def733'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def733'>[#def733]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:887: <b>unterminated_case</b>: This case (value 15) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/scsi-bus.c:892: <b>fallthrough</b>: The above case falls through to this one.

<a name='def734'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def734'>[#def734]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cadence_ttc.c:341: <b>unterminated_case</b>: This case (value 56) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/cadence_ttc.c:344: <b>fallthrough</b>: The above case falls through to this one.

<a name='def735'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def735'>[#def735]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/cadence_ttc.c:346: <b>unterminated_case</b>: This case (value 68) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/cadence_ttc.c:349: <b>fallthrough</b>: The above case falls through to this one.

<a name='def736'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def736'>[#def736]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/m68k-dis.c:1627: <b>unterminated_case</b>: This case (value 88) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/m68k-dis.c:1629: <b>fallthrough</b>: The above case falls through to this one.

<a name='def737'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def737'>[#def737]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/hid.c:168: <b>unterminated_case</b>: This case (value 224) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/hid.c:173: <b>fallthrough</b>: The above case falls through to this one.

<a name='def738'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def738'>[#def738]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/hid.c:173: <b>unterminated_case</b>: This case (value 231) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/hid.c:178: <b>fallthrough</b>: The above case falls through to this one.

<a name='def739'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def739'>[#def739]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/jazz_led.c:164: <b>unterminated_case</b>: This case (value 16) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/jazz_led.c:167: <b>fallthrough</b>: The above case falls through to this one.

<a name='def740'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def740'>[#def740]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/sh_timer.c:73: <b>unterminated_case</b>: This case (value 3) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/sh_timer.c:76: <b>fallthrough</b>: The above case falls through to this one.

<a name='def741'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def741'>[#def741]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-ohci.c:1704: <b>unterminated_case</b>: This case (value 24) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/usb/hcd-ohci.c:1707: <b>fallthrough</b>: The above case falls through to this one.

<a name='def742'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def742'>[#def742]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/es1370.c:540: <b>unterminated_case</b>: This case (value 40) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/es1370.c:542: <b>fallthrough</b>: The above case falls through to this one.

<a name='def743'/><b>Error: <span style='background: #C0FF00;'>MISSING_BREAK</span> (CWE-484):</b> <a href ='#def743'>[#def743]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/es1370.c:538: <b>unterminated_case</b>: This case (value 44) is not terminated by a &apos;break&apos; statement.</span>
qemu-kvm-1.2.0/hw/es1370.c:540: <b>fallthrough</b>: The above case falls through to this one.

<a name='def744'/><b>Error: <span style='background: #C0FF00;'>MISSING_LOCK</span> (CWE-366):</b> <a href ='#def744'>[#def744]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1113: <b>missing_lock</b>: Accessing &quot;d-&gt;current_async&quot; without holding lock &quot;QemuMutex.lock&quot;. Elsewhere, &quot;d-&gt;current_async&quot; is accessed with &quot;QemuMutex.lock&quot; held 4 out of 5 times.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:834: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:836: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1500: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1507: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1650: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:1651: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.

<a name='def745'/><b>Error: <span style='background: #C0FF00;'>MISSING_LOCK</span> (CWE-366):</b> <a href ='#def745'>[#def745]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:436: <b>missing_lock</b>: Accessing &quot;aiocb-&gt;ret&quot; without holding lock &quot;lock&quot;. Elsewhere, &quot;aiocb-&gt;ret&quot; is accessed with &quot;lock&quot; held 3 out of 3 times.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:376: <b>example_lock</b>: Locking &quot;lock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:377: <b>example_access</b>: &quot;qemu_paiocb.ret&quot; is accessed with lock &quot;lock&quot; held.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/posix-aio-compat.c:571: <b>example_lock</b>: Locking &quot;lock&quot;.</span>
qemu-kvm-1.2.0/posix-aio-compat.c:574: <b>example_access</b>: &quot;qemu_paiocb.ret&quot; is accessed with lock &quot;lock&quot; held.

<a name='def746'/><b>Error: <span style='background: #C0FF00;'>MISSING_LOCK</span> (CWE-366):</b> <a href ='#def746'>[#def746]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1923: <b>missing_lock</b>: Accessing &quot;qxl-&gt;current_async&quot; without holding lock &quot;QemuMutex.lock&quot;. Elsewhere, &quot;qxl-&gt;current_async&quot; is accessed with &quot;QemuMutex.lock&quot; held 4 out of 5 times.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:834: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:836: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1500: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1507: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/qxl.c:1650: <b>example_lock</b>: Locking &quot;QemuMutex.lock&quot;.</span>
qemu-kvm-1.2.0/hw/qxl.c:1651: <b>example_access</b>: &quot;PCIQXLDevice.current_async&quot; is accessed with lock &quot;QemuMutex.lock&quot; held.

<a name='def747'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def747'>[#def747]</a>
/tmp/tmp1Mua9_.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def748'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def748'>[#def748]</a>
/tmp/tmpmaaBfZ.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def749'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def749'>[#def749]</a>
/tmp/tmpxPCDO7.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def750'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def750'>[#def750]</a>
/tmp/tmp3md0Bm.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def751'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def751'>[#def751]</a>
/tmp/tmpVT2CXq.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def752'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def752'>[#def752]</a>
/tmp/tmpC9diCp.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def753'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def753'>[#def753]</a>
/tmp/tmp73vcGp.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def754'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def754'>[#def754]</a>
/tmp/tmpyrOepY.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def755'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def755'>[#def755]</a>
/tmp/tmplmBPNf.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def756'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def756'>[#def756]</a>
/tmp/tmpud3PK9.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def757'/><b>Error: <span style='background: #C0FF00;'>MISSING_RETURN</span>:</b> <a href ='#def757'>[#def757]</a>
/tmp/tmp6xy3SA.c:1: <b>missing_return</b>: Arriving at the end of a function without returning a value.

<a name='def758'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def758'>[#def758]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:974: <b>cond_true</b>: Condition &quot;__coverity_strcmp(protocol, &quot;spice&quot;) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:975: <b>negative_return_fn</b>: Function &quot;monitor_get_fd(mon, fdname)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:2391:5: <b>cond_true</b>: Condition &quot;monfd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:2394:9: <b>cond_true</b>: Condition &quot;__coverity_strcmp(monfd-&gt;name, fdname) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:2395:13: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:2391:5: <b>cond_false</b>: Condition &quot;monfd&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:2408:5: <b>return_negative_constant</b>: Explicitly returning negative value &quot;-1&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:975: <b>var_assign</b>: Assigning: signed variable &quot;fd&quot; = &quot;monitor_get_fd(Monitor *, char const *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:978: <b>cond_false</b>: Condition &quot;!using_spice&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:982: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:983: <b>cond_true</b>: Condition &quot;qemu_spice_display_add_client(fd, skipauth, tls) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/monitor.c:984: <b>negative_returns</b>: &quot;fd&quot; is passed to a parameter that cannot be negative.

<a name='def759'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def759'>[#def759]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7902: <b>cond_true</b>: Condition &quot;flags &amp; (4UL /* 1 &lt;&lt; 2 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7903: <b>cond_true</b>: Condition &quot;dc-&gt;cpl == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7904: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7906: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7917: <b>cond_false</b>: Condition &quot;dc-&gt;tf&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7917: <b>cond_false</b>: Condition &quot;env-&gt;singlestep_enabled&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7917: <b>cond_false</b>: Condition &quot;flags &amp; (8UL /* 1 &lt;&lt; 3 */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7917: <b>cond_true</b>: Condition &quot;flags &amp; (4UL /* 1 &lt;&lt; 2 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7947: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7950: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7954: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7955: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7955: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7956: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7957: <b>cond_true</b>: Condition &quot;bp-&gt;pc == pc_ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7957: <b>cond_false</b>: Condition &quot;bp-&gt;flags &amp; 0x20&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7960: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7962: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7964: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7966: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/translate.c:7970: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-i386/translate.c:7971: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def760'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def760'>[#def760]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:10626: <b>negative_returns</b>: Passing negative constant &quot;-1&quot; to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6564:5: <b>switch</b>: Switch case value &quot;OPC_ADD_S&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6565:10: <b>switch_case</b>: Reached case &quot;OPC_ADD_S&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:6571:13: <b>index</b>: Function &quot;gen_load_fpr32(TCGv_i32, int)&quot; uses &quot;ft&quot; as an array index.</span>
qemu-kvm-1.2.0/target-mips/translate.c:666:5: <b>index</b>: Indexing &quot;NULL-&gt;active_fpu.fpr&quot; with &quot;reg&quot;.

<a name='def761'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def761'>[#def761]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:577: <b>cond_true</b>: Condition &quot;rom-&gt;path == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:582: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:586: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:588: <b>cond_true</b>: Condition &quot;fw_dir&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:593: <b>negative_return_fn</b>: Function &quot;lseek(fd, 0L, 2)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:593: <b>var_assign</b>: Assigning: unsigned variable &quot;rom-&gt;romsize&quot; = &quot;lseek(int, __off64_t, int)&quot;.</span>
qemu-kvm-1.2.0/hw/loader.c:596: <b>negative_returns</b>: &quot;rom-&gt;romsize&quot; is passed to a parameter that cannot be negative.

<a name='def762'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def762'>[#def762]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:77: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:78: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:79: <b>negative_return_fn</b>: Function &quot;lseek(fd, 0L, 2)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:79: <b>var_assign</b>: Assigning: signed variable &quot;size&quot; = &quot;lseek(int, __off64_t, int)&quot;.</span>
qemu-kvm-1.2.0/hw/loader.c:81: <b>negative_returns</b>: &quot;size&quot; is passed to a parameter that cannot be negative.

<a name='def763'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def763'>[#def763]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2569: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2576: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2585: <b>cond_true</b>: Condition &quot;tb-&gt;flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2590: <b>cond_true</b>: Condition &quot;tb-&gt;flags &amp; 16&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2591: <b>cond_true</b>: Condition &quot;tb-&gt;flags &amp; 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2596: <b>cond_true</b>: Condition &quot;dc.icount&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2602: <b>cond_true</b>: Condition &quot;env-&gt;singlestep_enabled&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2602: <b>cond_true</b>: Condition &quot;env-&gt;exception_taken&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2611: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2613: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-xtensa/translate.c:2618: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-xtensa/translate.c:2619: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def764'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def764'>[#def764]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:839: <b>cond_false</b>: Condition &quot;addr &amp; 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:840: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:843: <b>switch</b>: Switch case value &quot;176UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:866: <b>switch_case</b>: Reached case &quot;176UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:874: <b>negative_return_fn</b>: Function &quot;IRQ_get_next(opp, &amp;dst-&gt;raised)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:313:5: <b>cond_true</b>: Condition &quot;q-&gt;next == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:313:5: <b>var_tested_neg</b>: Variable &quot;q-&gt;next&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:318:5: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;q-&gt;next&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openpic.c:874: <b>var_assign</b>: Assigning: signed variable &quot;n_IRQ&quot; = &quot;IRQ_get_next(openpic_t *, IRQ_queue_t *)&quot;.</span>
qemu-kvm-1.2.0/hw/openpic.c:875: <b>negative_returns</b>: Using variable &quot;n_IRQ&quot; as an index to array &quot;opp-&gt;src&quot;.

<a name='def765'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def765'>[#def765]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:657: <b>negative_return_fn</b>: Function &quot;ftell(f)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:657: <b>var_assign</b>: Assigning: signed variable &quot;where&quot; = &quot;ftell(FILE *)&quot;.</span>
qemu-kvm-1.2.0/hw/pc.c:660: <b>negative_returns</b>: &quot;where&quot; is passed to a parameter that cannot be negative.

<a name='def766'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def766'>[#def766]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9615: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9627: <b>cond_true</b>: Condition &quot;env-&gt;hflags &amp; (1UL /* 1 &lt;&lt; 0 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9630: <b>cond_true</b>: Condition &quot;!!(env-&gt;flags &amp; POWERPC_FLAG_CFAR)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9633: <b>cond_true</b>: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_SPE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9633: <b>cond_true</b>: Condition &quot;(env-&gt;msr &gt;&gt; 25) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9634: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9636: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9637: <b>cond_true</b>: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_VRE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9637: <b>cond_true</b>: Condition &quot;(env-&gt;msr &gt;&gt; 25) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9638: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9640: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9641: <b>cond_true</b>: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_SE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9641: <b>cond_true</b>: Condition &quot;(env-&gt;msr &gt;&gt; 10) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9642: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9644: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9645: <b>cond_true</b>: Condition &quot;env-&gt;flags &amp; POWERPC_FLAG_BE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9645: <b>cond_true</b>: Condition &quot;(env-&gt;msr &gt;&gt; 9) &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9647: <b>cond_true</b>: Condition &quot;!!env-&gt;singlestep_enabled&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9647: <b>cond_true</b>: Condition &quot;!!env-&gt;singlestep_enabled&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9655: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9660: <b>cond_true</b>: Condition &quot;ctx.exception == POWERPC_EXCP_NONE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9660: <b>cond_true</b>: Condition &quot;gen_opc_ptr &lt; gen_opc_end&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9661: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9661: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9662: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9663: <b>cond_true</b>: Condition &quot;bp-&gt;pc == ctx.nip&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9665: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9667: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9669: <b>cond_true</b>: Condition &quot;!!search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9669: <b>cond_true</b>: Condition &quot;!!search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9671: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-ppc/translate.c:9675: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-ppc/translate.c:9676: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def767'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def767'>[#def767]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828: <b>cond_true</b>: Condition &quot;so-&gt;s == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828: <b>var_tested_neg</b>: Variable &quot;so-&gt;s&quot; tests negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:828: <b>cond_false</b>: Condition &quot;so-&gt;extra&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:831: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/slirp/slirp.c:833: <b>negative_returns</b>: &quot;so-&gt;s&quot; is passed to a parameter that cannot be negative.

<a name='def768'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def768'>[#def768]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1215: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[0] &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1218: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_false</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1237: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1244: <b>var_tested_neg</b>: Assigning: &quot;s-&gt;xmit_pos&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1245: <b>goto</b>: Jumping to label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1275: <b>label</b>: Reached label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_false</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1237: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1246: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1247: <b>cond_true</b>: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>negative_returns</b>: Using variable &quot;s-&gt;xmit_pos&quot; as an index to array &quot;s-&gt;buffer&quot;.

<a name='def769'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def769'>[#def769]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1215: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[0] &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1218: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_true</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1234: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1235: <b>cond_true</b>: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1245: <b>goto</b>: Jumping to label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1275: <b>label</b>: Reached label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_true</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1234: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1235: <b>cond_true</b>: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1245: <b>goto</b>: Jumping to label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1275: <b>label</b>: Reached label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_true</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1234: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1235: <b>cond_true</b>: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1245: <b>goto</b>: Jumping to label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1275: <b>label</b>: Reached label &quot;txdone&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_true</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1234: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1235: <b>cond_true</b>: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1246: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1247: <b>cond_true</b>: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>cond_true</b>: Condition &quot;!!(s-&gt;csr[3] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1252: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1273: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_false</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1237: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1246: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1247: <b>cond_false</b>: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1252: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1252: <b>cond_true</b>: Condition &quot;s-&gt;xmit_pos &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1254: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1254: <b>cond_true</b>: Condition &quot;!!(s-&gt;csr[3] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1260: <b>cond_true</b>: Condition &quot;!!(s-&gt;csr[15] &amp; 4)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1261: <b>cond_false</b>: Condition &quot;(s-&gt;bcr[20] &amp; 0xff) == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1263: <b>cond_true</b>: Condition &quot;add_crc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1266: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1268: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1272: <b>var_tested_neg</b>: Assigning: &quot;s-&gt;xmit_pos&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1277: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1278: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[5] &amp; 0x8000)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1281: <b>cond_true</b>: Condition &quot;s-&gt;csr[74] &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1282: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1285: <b>cond_true</b>: Condition &quot;count--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1286: <b>goto</b>: Jumping to label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1222: <b>label</b>: Reached label &quot;txagain&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1223: <b>cond_true</b>: Condition &quot;pcnet_tdte_poll(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1226: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1232: <b>cond_false</b>: Condition &quot;(tmd.status &amp; 0x200) &gt;&gt; 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1237: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;s-&gt;lnkst == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_true</b>: Condition &quot;!!!(s-&gt;csr[15] &amp; 0x40)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1238: <b>cond_false</b>: Condition &quot;!!!(s-&gt;bcr[2] &amp; 0x4000)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1246: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1247: <b>cond_true</b>: Condition &quot;!((tmd.status &amp; 0x100) &gt;&gt; 8)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>cond_true</b>: Condition &quot;!!(s-&gt;bcr[20] &amp; 0x100)&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/pcnet.c:1249: <b>negative_returns</b>: Using variable &quot;s-&gt;xmit_pos&quot; as an index to array &quot;s-&gt;buffer&quot;.

<a name='def770'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def770'>[#def770]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3370: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3395: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3400: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3400: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3401: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3402: <b>cond_true</b>: Condition &quot;bp-&gt;pc == ctx.pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3404: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3406: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3408: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3410: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-alpha/translate.c:3414: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-alpha/translate.c:3415: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def771'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def771'>[#def771]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:326: <b>var_tested_neg</b>: Assigning: &quot;rZ&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:328: <b>cond_false</b>: Condition &quot;dc-&gt;format == OP_FMT_RI&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:331: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/target-lm32/translate.c:332: <b>negative_returns</b>: Using variable &quot;rZ&quot; as an index to array &quot;cpu_R&quot;.

<a name='def772'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def772'>[#def772]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1747: <b>cond_true</b>: Condition &quot;!!(dc-&gt;tb_flags &amp; (524288U /* 1 &lt;&lt; 19 */))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1748: <b>cond_true</b>: Condition &quot;dc-&gt;delayed_branch&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1757: <b>cond_false</b>: Condition &quot;pc_start &amp; 3&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1758: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1760: <b>cond_true</b>: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1768: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1771: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1785: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1787: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-microblaze/translate.c:1791: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-microblaze/translate.c:1792: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def773'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def773'>[#def773]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;46&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7675: <b>switch_case</b>: Reached case &quot;46&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7676: <b>negative_return_fn</b>: Function &quot;low2highgid(arg1)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:4604:5: <b>cond_true</b>: Condition &quot;(int16_t)gid == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:4605:9: <b>return_negative_constant</b>: Explicitly returning negative value &quot;-1&quot;.</span>
qemu-kvm-1.2.0/linux-user/syscall.c:7676: <b>negative_returns</b>: &quot;low2highgid(arg1)&quot; is passed to a parameter that cannot be negative.

<a name='def774'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def774'>[#def774]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7672: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7673: <b>negative_return_fn</b>: Function &quot;low2highuid(arg1)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:4596:5: <b>cond_true</b>: Condition &quot;(int16_t)uid == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:4597:9: <b>return_negative_constant</b>: Explicitly returning negative value &quot;-1&quot;.</span>
qemu-kvm-1.2.0/linux-user/syscall.c:7673: <b>negative_returns</b>: &quot;low2highuid(arg1)&quot; is passed to a parameter that cannot be negative.

<a name='def775'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def775'>[#def775]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5123: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5130: <b>cond_true</b>: Condition &quot;!(tb-&gt;flags &amp; (1ULL /* 0x100000000ULL &gt;&gt; 32 */))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5145: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5152: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5152: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5153: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5154: <b>cond_true</b>: Condition &quot;bp-&gt;pc == dc.pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5156: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5158: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5160: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5162: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/translate.c:5167: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-s390x/translate.c:5168: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def776'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def776'>[#def776]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:602: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:607: <b>cond_false</b>: Condition &quot;(so-&gt;so_tcpcb = tcp_newtcpcb(so)) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:610: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:616: <b>cond_true</b>: Condition &quot;flags &amp; 0x200&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>negative_return_fn</b>: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>var_tested_neg</b>: Variable &quot;ret&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;*__errno_location() != 22&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>var_assign</b>: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:628: <b>cond_true</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/socket.c:634: <b>negative_returns</b>: &quot;s&quot; is passed to a parameter that cannot be negative.

<a name='def777'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def777'>[#def777]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:664: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:671: <b>cond_false</b>: Condition &quot;path&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:673: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:675: <b>cond_true</b>: Condition &quot;tmpdir&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:684: <b>negative_return_fn</b>: Function &quot;mkstemp(un.sun_path)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:684: <b>var_assign</b>: Assigning: signed variable &quot;fd&quot; = &quot;mkstemp(char *)&quot;.</span>
qemu-kvm-1.2.0/qemu-sockets.c:684: <b>negative_returns</b>: &quot;fd&quot; is passed to a parameter that cannot be negative.

<a name='def778'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def778'>[#def778]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9708: <b>cond_true</b>: Condition &quot;((tb-&gt;flags &amp; (64UL /* 1 &lt;&lt; 6 */)) &gt;&gt; 6) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9722: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9725: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9765: <b>cond_true</b>: Condition &quot;dc-&gt;condexec_mask&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9782: <b>cond_true</b>: Condition &quot;dc-&gt;pc &gt;= 4294967280U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9782: <b>cond_false</b>: Condition &quot;arm_feature(env, ARM_FEATURE_M)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9788: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9791: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9791: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9792: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9793: <b>cond_false</b>: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9800: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9801: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9792: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9792: <b>cond_false</b>: Condition &quot;bp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9801: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9803: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9805: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-arm/translate.c:9809: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-arm/translate.c:9810: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def779'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def779'>[#def779]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:2989: <b>cond_true</b>: Condition &quot;(env-&gt;sr &amp; 8192) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:2992: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:2995: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3002: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3002: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3003: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3004: <b>cond_false</b>: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3008: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3009: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3003: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3003: <b>cond_false</b>: Condition &quot;bp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3009: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3010: <b>cond_false</b>: Condition &quot;dc-&gt;is_jmp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3011: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3013: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3015: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/translate.c:3019: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-m68k/translate.c:3020: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def780'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def780'>[#def780]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:404: <b>cond_false</b>: Condition &quot;inso-&gt;so_state &amp; 0x200&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:407: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:408: <b>cond_true</b>: Condition &quot;(so = socreate(slirp)) == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/tcp_subr.c:410: <b>negative_return_fn</b>: Function &quot;accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; returns a negative number.</span>
qemu-kvm-1.2.0/slirp/tcp_subr.c:410: <b>negative_returns</b>: &quot;accept(inso-&gt;s, __SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), &amp;addrlen)&quot; is passed to a parameter that cannot be negative.

<a name='def781'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def781'>[#def781]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1928: <b>cond_true</b>: Condition &quot;(env-&gt;sr &amp; (1073741824U /* 1 &lt;&lt; 30 */)) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1937: <b>var_tested_neg</b>: Assigning: &quot;ii&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1940: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1943: <b>cond_true</b>: Condition &quot;ctx.bstate == BS_NONE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1943: <b>cond_true</b>: Condition &quot;gen_opc_ptr &lt; gen_opc_end&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1944: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1944: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1945: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1946: <b>cond_true</b>: Condition &quot;ctx.pc == bp-&gt;pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1951: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1953: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1955: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1957: <b>cond_false</b>: Condition &quot;ii &lt; i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sh4/translate.c:1961: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-sh4/translate.c:1962: <b>negative_returns</b>: Using variable &quot;ii&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def782'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def782'>[#def782]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:526: <b>negative_return_fn</b>: Function &quot;target_mprotect(start, len, prot)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:94:5: <b>cond_true</b>: Condition &quot;(start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:95:9: <b>return_negative_constant</b>: Explicitly returning negative value &quot;-22&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:526: <b>var_assign</b>: Assigning: unsigned variable &quot;ret&quot; = &quot;target_mprotect(abi_ulong, abi_ulong, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527: <b>cond_true</b>: Condition &quot;ret != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:528: <b>var_assign</b>: Assigning: unsigned variable &quot;start&quot; = &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:529: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:584: <b>negative_returns</b>: &quot;start&quot; is passed to a parameter that cannot be negative.</span>
qemu-kvm-1.2.0/exec.c:1076:5: <b>parm_loop_bound</b>: Using unsigned parameter &quot;start&quot; in a loop exit test.

<a name='def783'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def783'>[#def783]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:253: <b>cond_true</b>: Condition &quot;status &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:255: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:257: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:263: <b>negative_return_fn</b>: Function &quot;v9fs_marshal(iovec, 1, 0UL, 0, &quot;ddd&quot;, header.type, header.size, status)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: <b>cond_true</b>: Condition &quot;fmt[i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: <b>switch</b>: Switch case value &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: <b>switch_case</b>: Reached case &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: <b>cond_false</b>: Condition &quot;copied &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:317:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:319:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: <b>cond_true</b>: Condition &quot;fmt[i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: <b>switch</b>: Switch case value &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: <b>switch_case</b>: Reached case &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: <b>cond_false</b>: Condition &quot;copied &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:317:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:319:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:229:5: <b>cond_true</b>: Condition &quot;fmt[i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:230:9: <b>switch</b>: Switch case value &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:231:14: <b>switch_case</b>: Reached case &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:234:13: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:313:9: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: <b>cond_true</b>: Condition &quot;copied &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:314:9: <b>var_tested_neg</b>: Variable &quot;copied&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtio-9p-marshal.c:316:13: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;copied&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:263: <b>var_assign</b>: Assigning: signed variable &quot;msg_size&quot; = &quot;v9fs_marshal(struct iovec *, int, size_t, int, char const *, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:265: <b>negative_returns</b>: &quot;msg_size&quot; is passed to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:159:5: <b>cond_true</b>: Condition &quot;size&quot;, taking true branch</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:160:9: <b>neg_sink_parm_call</b>: Passing &quot;size&quot; to &quot;write(int, void const *, size_t)&quot;, which cannot accept a negative number.

<a name='def784'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def784'>[#def784]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12428: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12434: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12454: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12456: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12458: <b>cond_true</b>: Condition &quot;ctx.bstate == BS_NONE&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12459: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12459: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12460: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12461: <b>cond_false</b>: Condition &quot;bp-&gt;pc == ctx.pc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12469: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12460: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12460: <b>cond_false</b>: Condition &quot;bp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12470: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12473: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12475: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-mips/translate.c:12479: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-mips/translate.c:12480: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def785'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def785'>[#def785]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1662: <b>negative_returns</b>: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: <b>cond_false</b>: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>neg_sink_parm_call</b>: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.

<a name='def786'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def786'>[#def786]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1228: <b>negative_returns</b>: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: <b>cond_false</b>: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>neg_sink_parm_call</b>: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.

<a name='def787'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def787'>[#def787]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2026: <b>negative_returns</b>: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: <b>cond_false</b>: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>neg_sink_parm_call</b>: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.

<a name='def788'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def788'>[#def788]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3189: <b>cond_true</b>: Condition &quot;env-&gt;pregs[1] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3192: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3195: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3224: <b>cond_true</b>: Condition &quot;!!(tb-&gt;flags &amp; 7)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3225: <b>cond_true</b>: Condition &quot;dc-&gt;delayed_branch&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3226: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3228: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3232: <b>cond_true</b>: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3256: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3259: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3267: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3269: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3273: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3274: <b>cond_true</b>: Condition &quot;dc-&gt;delayed_branch == 1&quot;, taking true branch</span>
qemu-kvm-1.2.0/target-cris/translate.c:3275: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def789'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def789'>[#def789]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3189: <b>cond_true</b>: Condition &quot;env-&gt;pregs[1] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3192: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3195: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3224: <b>cond_false</b>: Condition &quot;!!(tb-&gt;flags &amp; 7)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3225: <b>cond_false</b>: Condition &quot;dc-&gt;delayed_branch&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3228: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3232: <b>cond_true</b>: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3256: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3259: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3267: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3269: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3273: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3274: <b>cond_false</b>: Condition &quot;dc-&gt;delayed_branch == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:3277: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/target-cris/translate.c:3277: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def790'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def790'>[#def790]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1968: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1971: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1985: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1985: <b>cond_true</b>: Condition &quot;!!!(env-&gt;breakpoints.tqh_first == NULL)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: <b>cond_true</b>: Condition &quot;bp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1987: <b>cond_false</b>: Condition &quot;bp-&gt;pc == dc-&gt;pc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1996: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1997: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1986: <b>cond_false</b>: Condition &quot;bp&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1997: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:1999: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:2001: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-unicore32/translate.c:2006: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-unicore32/translate.c:2007: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def791'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def791'>[#def791]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:361: <b>cond_false</b>: Condition &quot;!so&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:363: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:364: <b>negative_return_fn</b>: Function &quot;qemu_socket(2, 2, 0)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>var_tested_neg</b>: Variable &quot;ret&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;*__errno_location() != 22&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/udp.c:364: <b>var_assign</b>: Assigning: signed variable &quot;so-&gt;s&quot; = &quot;qemu_socket(int, int, int)&quot;.</span>
qemu-kvm-1.2.0/slirp/udp.c:372: <b>negative_returns</b>: &quot;so-&gt;s&quot; is passed to a parameter that cannot be negative.

<a name='def792'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def792'>[#def792]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>negative_return_fn</b>: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>var_tested_neg</b>: Variable &quot;ret&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;*__errno_location() != 22&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>var_assign</b>: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_true</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/misc.c:139: <b>negative_returns</b>: &quot;s&quot; is passed to a parameter that cannot be negative.

<a name='def793'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def793'>[#def793]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:146: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:152: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:162: <b>negative_return_fn</b>: Function &quot;qemu_socket(2, 1, 0)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>var_tested_neg</b>: Variable &quot;ret&quot; is negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;*__errno_location() != 22&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_negative_variable</b>: Explicitly returning negative variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:162: <b>var_assign</b>: Assigning: signed variable &quot;s&quot; = &quot;qemu_socket(int, int, int)&quot;.</span>
qemu-kvm-1.2.0/slirp/misc.c:165: <b>negative_returns</b>: &quot;s&quot; is passed to a parameter that cannot be negative.

<a name='def794'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def794'>[#def794]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1685: <b>cond_true</b>: Condition &quot;!!(dc-&gt;tb_flags &amp; 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1687: <b>cond_true</b>: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1693: <b>var_tested_neg</b>: Assigning: &quot;k&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1697: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1705: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1707: <b>cond_false</b>: Condition &quot;k &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-openrisc/translate.c:1712: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-openrisc/translate.c:1713: <b>negative_returns</b>: Using variable &quot;k&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def795'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def795'>[#def795]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:462: <b>negative_returns</b>: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: <b>cond_false</b>: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>neg_sink_parm_call</b>: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:496: <b>negative_returns</b>: A negative constant &quot;-1&quot; is passed as an argument to a parameter that cannot be negative.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:431:9: <b>cond_false</b>: Condition &quot;start == 4294967295U /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:434:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>neg_sink_parm_call</b>: Passing &quot;fd&quot; to &quot;fstat(int, struct stat *)&quot;, which cannot accept a negative number.

<a name='def796'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def796'>[#def796]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>cond_true</b>: Condition &quot;s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>cond_true</b>: Condition &quot;parser&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>cond_true</b>: Condition &quot;({...})&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:507: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:511: <b>cond_false</b>: Condition &quot;err&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:511: <b>cond_false</b>: Condition &quot;!obj&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:511: <b>cond_false</b>: Condition &quot;qobject_type(obj) != QTYPE_QDICT&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:522: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:526: <b>cond_false</b>: Condition &quot;qdict&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:526: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:526: <b>cond_true</b>: Condition &quot;({...})&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:526: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:526: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:529: <b>cond_false</b>: Condition &quot;qdict_haskey(qdict, &quot;execute&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:531: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:532: <b>cond_false</b>: Condition &quot;!qdict_haskey(qdict, &quot;error&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:539: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:540: <b>negative_return_fn</b>: Function &quot;send_response(s, &amp;qdict-&gt;base)&quot; returns a negative number.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>cond_true</b>: Condition &quot;payload&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>cond_true</b>: Condition &quot;s-&gt;channel&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>cond_true</b>: Condition &quot;({...})&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:453:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:456:5: <b>cond_false</b>: Condition &quot;!payload_qstr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:458:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:460:5: <b>cond_true</b>: Condition &quot;s-&gt;delimit_response&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:465:9: <b>cond_true</b>: Condition &quot;payload_qstr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:466:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:468:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:473:5: <b>cond_true</b>: Condition &quot;response_qstr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:474:5: <b>cond_true</b>: Condition &quot;status != G_IO_STATUS_NORMAL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:475:9: <b>return_negative_constant</b>: Explicitly returning negative value &quot;-5&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:540: <b>var_assign</b>: Assigning: signed variable &quot;ret&quot; = &quot;send_response(GAState *, QObject *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:541: <b>cond_true</b>: Condition &quot;ret&quot;, taking true branch</span>
qemu-kvm-1.2.0/qemu-ga.c:542: <b>negative_returns</b>: &quot;ret&quot; is passed to a parameter that cannot be negative.

<a name='def797'/><b>Error: <span style='background: #C0FF00;'>NEGATIVE_RETURNS</span> (CWE-394):</b> <a href ='#def797'>[#def797]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1028: <b>cond_false</b>: Condition &quot;pc_start &amp; 3&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1030: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1032: <b>cond_true</b>: Condition &quot;qemu_loglevel_mask(2 /* 1 &lt;&lt; 1 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1038: <b>var_tested_neg</b>: Assigning: &quot;lj&quot; = a negative value.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1041: <b>cond_true</b>: Condition &quot;max_insns == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1049: <b>cond_true</b>: Condition &quot;search_pc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1051: <b>cond_false</b>: Condition &quot;lj &lt; j&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-lm32/translate.c:1056: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-lm32/translate.c:1057: <b>negative_returns</b>: Using variable &quot;lj&quot; as an index to array &quot;gen_opc_pc&quot;.

<a name='def798'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def798'>[#def798]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_true</b>: Condition &quot;*p&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:848: <b>cond_true</b>: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_true</b>: Condition &quot;*p&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:848: <b>cond_true</b>: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_false</b>: Condition &quot;*p&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:856: <b>cond_true</b>: Condition &quot;nr_sep &gt;= 2&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/sheepdog.c:858: <b>returned_null</b>: Function &quot;__coverity_strchr(char const *, int)&quot; returns null (checked 51 out of 53 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/arch_init.c:952: <b>example_assign</b>: Assigning: &quot;e&quot; = return value from &quot;__coverity_strchr(p, 44)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arch_init.c:953: <b>example_checked</b>: &quot;e&quot; has its value checked in &quot;e&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkdebug.c:281: <b>example_assign</b>: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkdebug.c:282: <b>example_checked</b>: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkverify.c:85: <b>example_assign</b>: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkverify.c:86: <b>example_checked</b>: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:214: <b>example_assign</b>: Assigning: &quot;end&quot; = return value from &quot;__coverity_strchr(p, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:216: <b>example_checked</b>: &quot;end&quot; has its value checked in &quot;end&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:871: <b>example_assign</b>: Assigning: &quot;p&quot; = return value from &quot;__coverity_strchr(vdi, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:872: <b>example_checked</b>: &quot;p&quot; has its value checked in &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:858: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;__coverity_strchr(char const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:859: <b>dereference</b>: Incrementing a pointer which might be null: &quot;p&quot;.</span>

<a name='def799'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def799'>[#def799]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_true</b>: Condition &quot;*p&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:848: <b>cond_true</b>: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_true</b>: Condition &quot;*p&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:848: <b>cond_true</b>: Condition &quot;*p == &apos;:&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:847: <b>cond_false</b>: Condition &quot;*p&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:852: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:856: <b>cond_true</b>: Condition &quot;nr_sep &gt;= 2&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/sheepdog.c:862: <b>returned_null</b>: Function &quot;__coverity_strchr(char const *, int)&quot; returns null (checked 51 out of 53 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/arch_init.c:952: <b>example_assign</b>: Assigning: &quot;e&quot; = return value from &quot;__coverity_strchr(p, 44)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/arch_init.c:953: <b>example_checked</b>: &quot;e&quot; has its value checked in &quot;e&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkdebug.c:281: <b>example_assign</b>: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkdebug.c:282: <b>example_checked</b>: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkverify.c:85: <b>example_assign</b>: Assigning: &quot;c&quot; = return value from &quot;__coverity_strchr(filename, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/blkverify.c:86: <b>example_checked</b>: &quot;c&quot; has its value checked in &quot;c == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:214: <b>example_assign</b>: Assigning: &quot;end&quot; = return value from &quot;__coverity_strchr(p, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/rbd.c:216: <b>example_checked</b>: &quot;end&quot; has its value checked in &quot;end&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:871: <b>example_assign</b>: Assigning: &quot;p&quot; = return value from &quot;__coverity_strchr(vdi, 58)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:872: <b>example_checked</b>: &quot;p&quot; has its value checked in &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:862: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;__coverity_strchr(char const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/sheepdog.c:863: <b>dereference</b>: Incrementing a pointer which might be null: &quot;p&quot;.</span>

<a name='def800'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def800'>[#def800]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:853: <b>cond_false</b>: Condition &quot;!nc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:856: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/net.c:859: <b>returned_null</b>: Function &quot;qemu_opts_find(QemuOptsList *, char const *)&quot; returns null (checked 9 out of 10 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:717:5: <b>cond_true</b>: Condition &quot;opts&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:718:9: <b>cond_true</b>: Condition &quot;!opts-&gt;id&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:719:13: <b>cond_false</b>: Condition &quot;!id&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:721:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:722:13: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:728:5: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:717:5: <b>cond_false</b>: Condition &quot;opts&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:728:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:729:5: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/device_tree.c:243: <b>example_assign</b>: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/device_tree.c:244: <b>example_checked</b>: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2482: <b>example_assign</b>: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2483: <b>example_checked</b>: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:354: <b>example_assign</b>: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_boot.c:355: <b>example_checked</b>: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/microblaze_boot.c:111: <b>example_assign</b>: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/microblaze_boot.c:112: <b>example_checked</b>: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc/e500.c:145: <b>example_assign</b>: Assigning: &quot;machine_opts&quot; = return value from &quot;qemu_opts_find(qemu_find_opts(&quot;machine&quot;), NULL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc/e500.c:146: <b>example_checked</b>: &quot;machine_opts&quot; has its value checked in &quot;machine_opts&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:859: <b>dereference</b>: Dereferencing a pointer that might be null &quot;qemu_opts_find(qemu_find_opts_err(&quot;netdev&quot;, errp), id)&quot; when calling &quot;qemu_opts_del(QemuOpts *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:822:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:823:9: <b>deref_parm</b>: Directly dereferencing parameter &quot;opts&quot;.</span>

<a name='def801'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def801'>[#def801]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:594: <b>cond_false</b>: Condition &quot;!ad-&gt;res_fis&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:594: <b>cond_false</b>: Condition &quot;!(pr-&gt;cmd &amp; (16U /* 1 &lt;&lt; 4 */))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:596: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:598: <b>cond_true</b>: Condition &quot;!cmd_fis&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/ide/ahci.c:601: <b>returned_null</b>: Function &quot;dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot; returns null (checked 4 out of 5 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:178:5: <b>cond_false</b>: Condition &quot;!dma_has_iommu(dma)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:186:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:187:9: <b>null_return</b>: Calling &quot;iommu_dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot; which might return null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:397:5: <b>cond_false</b>: Condition &quot;dma-&gt;map&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:399:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:403:5: <b>cond_true</b>: Condition &quot;err&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:404:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:187:9: <b>return_null_fn</b>: Returning the return value of &quot;iommu_dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot;, which might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:158: <b>example_assign</b>: Assigning: &quot;mem&quot; = return value from &quot;dma_memory_map(dbs-&gt;sg-&gt;dma, cur_addr, &amp;cur_len, dbs-&gt;dir)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:159: <b>example_checked</b>: &quot;mem&quot; has its value checked in &quot;mem&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:661: <b>example_checked</b>: &quot;dma_memory_map(ad-&gt;hba-&gt;dma, prdt_addr, &amp;prdt_len, DMA_DIRECTION_TO_DEVICE)&quot; has its value checked in &quot;prdt = dma_memory_map(ad-&gt;hba-&gt;dma, prdt_addr, &amp;prdt_len, DMA_DIRECTION_TO_DEVICE)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:840: <b>example_assign</b>: Assigning: &quot;cmd_fis&quot; = return value from &quot;dma_memory_map(s-&gt;dma, tbl_addr, &amp;cmd_len, DMA_DIRECTION_FROM_DEVICE)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:843: <b>example_checked</b>: &quot;cmd_fis&quot; has its value checked in &quot;cmd_fis&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/libhw.c:37: <b>example_assign</b>: Assigning: &quot;mem&quot; = return value from &quot;dma_memory_map(sgl-&gt;dma, (sgl-&gt;sg + i).base, &amp;len, dir)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/libhw.c:38: <b>example_checked</b>: &quot;mem&quot; has its value checked in &quot;mem&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:601: <b>var_assigned</b>: Assigning: &quot;cmd_fis&quot; = null return value from &quot;dma_memory_map(DMAContext *, dma_addr_t, dma_addr_t *, DMADirection)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:609: <b>cond_true</b>: Condition &quot;ad-&gt;hba-&gt;control_regs.irqstatus&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ide/ahci.c:613: <b>dereference</b>: Dereferencing a null pointer &quot;cmd_fis&quot;.</span>

<a name='def802'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def802'>[#def802]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;273&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8547: <b>switch_case</b>: Reached case &quot;273&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8551: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8551: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8552: <b>cond_false</b>: Condition &quot;arg5 != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8558: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8558: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_send(mqd_t, char const *, size_t, unsigned int)&quot;.</span>

<a name='def803'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def803'>[#def803]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;273&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8547: <b>switch_case</b>: Reached case &quot;273&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8551: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8551: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8552: <b>cond_true</b>: Condition &quot;arg5 != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8554: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_timedsend(mqd_t, char const *, size_t, unsigned int, struct timespec const *)&quot;.</span>

<a name='def804'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def804'>[#def804]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;274&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8563: <b>switch_case</b>: Reached case &quot;274&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8568: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8568: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8569: <b>cond_false</b>: Condition &quot;arg5 != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8575: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8575: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_receive(mqd_t, char *, size_t, unsigned int *)&quot;.</span>

<a name='def805'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def805'>[#def805]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;274&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8563: <b>switch_case</b>: Reached case &quot;274&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8568: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8568: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8569: <b>cond_true</b>: Condition &quot;arg5 != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8571: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_timedreceive(mqd_t, char * restrict, size_t, unsigned int * restrict, struct timespec const * restrict)&quot;.</span>

<a name='def806'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def806'>[#def806]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;271&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8529: <b>switch_case</b>: Reached case &quot;271&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8533: <b>returned_null</b>: Function &quot;lock_user_string(abi_ulong)&quot; returns null (checked 8 out of 9 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: <b>cond_false</b>: Condition &quot;len &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>null_return</b>: Calling &quot;lock_user(int, abi_ulong, long, int)&quot; which might return null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>return_null_fn</b>: Returning the return value of &quot;lock_user(int, abi_ulong, long, int)&quot;, which might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/strace.c:627: <b>example_checked</b>: &quot;lock_user_string(addr)&quot; has its value checked in &quot;(s = lock_user_string(addr)) != NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/strace.c:236: <b>example_checked</b>: &quot;lock_user_string(arg1)&quot; has its value checked in &quot;s = lock_user_string(arg1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: <b>example_checked</b>: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:263: <b>example_assign</b>: Assigning: &quot;p&quot; = return value from &quot;lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:265: <b>example_checked</b>: &quot;p&quot; has its value checked in &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:281: <b>example_checked</b>: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8533: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user_string(abi_ulong)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8534: <b>cond_true</b>: Condition &quot;arg4 != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8536: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_open(char const *, int, ...)&quot;.</span>

<a name='def807'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def807'>[#def807]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;272&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8541: <b>switch_case</b>: Reached case &quot;272&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:8542: <b>returned_null</b>: Function &quot;lock_user_string(abi_ulong)&quot; returns null (checked 8 out of 9 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: <b>cond_false</b>: Condition &quot;len &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>null_return</b>: Calling &quot;lock_user(int, abi_ulong, long, int)&quot; which might return null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>return_null_fn</b>: Returning the return value of &quot;lock_user(int, abi_ulong, long, int)&quot;, which might be null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/strace.c:627: <b>example_checked</b>: &quot;lock_user_string(addr)&quot; has its value checked in &quot;(s = lock_user_string(addr)) != NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/strace.c:236: <b>example_checked</b>: &quot;lock_user_string(arg1)&quot; has its value checked in &quot;s = lock_user_string(arg1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: <b>example_checked</b>: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:263: <b>example_assign</b>: Assigning: &quot;p&quot; = return value from &quot;lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:265: <b>example_checked</b>: &quot;p&quot; has its value checked in &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:281: <b>example_checked</b>: &quot;lock_user_string(({...}))&quot; has its value checked in &quot;p = lock_user_string(({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8542: <b>var_assigned</b>: Assigning: &quot;p&quot; = null return value from &quot;lock_user_string(abi_ulong)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8543: <b>dereference</b>: Dereferencing a pointer that might be null &quot;p&quot; when calling &quot;mq_unlink(char const *)&quot;.</span>

<a name='def808'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def808'>[#def808]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3428: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3431: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3442: <b>cond_false</b>: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3445: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>var_assigned</b>: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3450: <b>switch</b>: Switch case value &quot;3241737481U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3473: <b>switch_case</b>: Reached case &quot;3241737481U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3475: <b>alias</b>: Assigning: &quot;gspec&quot; = &quot;argptr&quot;.  Both pointers are now null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3481: <b>cond_true</b>: Condition &quot;i &lt; host_dm-&gt;target_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3486: <b>dereference</b>: Dereferencing a pointer that might be null &quot;gspec&quot; when calling &quot;thunk_convert(void *, void const *, argtype const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:133:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:134:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:135:9: <b>deref_parm</b>: Directly dereferencing parameter &quot;src&quot;.</span>

<a name='def809'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def809'>[#def809]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3428: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3431: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3442: <b>cond_false</b>: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3445: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>var_assigned</b>: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3450: <b>switch</b>: Switch case value &quot;3241737486U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3469: <b>switch_case</b>: Reached case &quot;3241737486U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3471: <b>dereference</b>: Dereferencing a null pointer &quot;argptr&quot;.</span>

<a name='def810'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def810'>[#def810]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3428: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3431: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3442: <b>cond_false</b>: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3445: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>var_assigned</b>: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3450: <b>switch</b>: Switch case value &quot;3241737477U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3464: <b>switch_case</b>: Reached case &quot;3241737477U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3467: <b>dereference</b>: Dereferencing a pointer that might be null &quot;argptr&quot; when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.</span>

<a name='def811'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def811'>[#def811]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3428: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3431: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3442: <b>cond_false</b>: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3445: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3449: <b>var_assigned</b>: Assigning: &quot;argptr&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3450: <b>switch</b>: Switch case value &quot;3241737486U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3469: <b>switch_case</b>: Reached case &quot;3241737486U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3470: <b>dereference</b>: Dereferencing a pointer that might be null &quot;argptr&quot; when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.</span>

<a name='def812'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def812'>[#def812]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1934: <b>cond_true</b>: Condition &quot;*s == &apos;p&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1937: <b>cond_true</b>: Condition &quot;*s == &apos;m&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1942: <b>cond_false</b>: Condition &quot;*s == &apos;M&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1942: <b>cond_false</b>: Condition &quot;*s == &apos;z&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1953: <b>cond_true</b>: Condition &quot;opcodep-&gt;match != 3583U /* 255 + 13 * 256 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1958: <b>cond_true</b>: Condition &quot;opcodep-&gt;name[0] == &apos;j&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1960: <b>cond_true</b>: Condition &quot;__coverity_strncmp(opcodep-&gt;name, &quot;jsr&quot;, 3UL /* sizeof (&quot;jsr&quot;) - 1 */) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1962: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1965: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;T&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1976: <b>switch_case</b>: Reached case &quot;&apos;T&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1978: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2521: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2522: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;N&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2053: <b>switch_case</b>: Reached case &quot;&apos;N&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2059: <b>cond_true</b>: Condition &quot;insn &amp; 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2059: <b>cond_true</b>: Condition &quot;(insn &amp; 15) == 15&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2059: <b>cond_true</b>: Condition &quot;prefix_opcodep == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2069: <b>cond_false</b>: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_FIX_32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2071: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2071: <b>cond_true</b>: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_SPEC_REG&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2079: <b>cond_true</b>: Condition &quot;sregp == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2081: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2086: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2088: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2097: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2099: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2119: <b>switch_default</b>: Reached default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2125: <b>cond_true</b>: Condition &quot;*cs == &apos;z&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2125: <b>cond_true</b>: Condition &quot;insn &amp; 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2128: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2156: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2157: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2410: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2411: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2521: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2522: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;N&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2053: <b>switch_case</b>: Reached case &quot;&apos;N&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2059: <b>cond_true</b>: Condition &quot;insn &amp; 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2059: <b>cond_false</b>: Condition &quot;(insn &amp; 15) == 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2159: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2162: <b>cond_true</b>: Condition &quot;info-&gt;insn_type != dis_nonbranch&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2171: <b>cond_false</b>: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_FIX_32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2173: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2173: <b>cond_true</b>: Condition &quot;opcodep-&gt;imm_oprnd_size == SIZE_SPEC_REG&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2180: <b>cond_true</b>: Condition &quot;sregp == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2181: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2183: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2184: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2186: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2193: <b>cond_false</b>: Condition &quot;prefix_opcodep&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2400: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2406: <b>cond_true</b>: Condition &quot;insn &amp; 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2411: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2521: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2522: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2423: <b>switch_case</b>: Reached case &quot;&apos;b&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2427: <b>cond_true</b>: Condition &quot;where &gt; 32767&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2430: <b>cond_true</b>: Condition &quot;disdata-&gt;distype == cris_dis_v32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2432: <b>cond_true</b>: Condition &quot;insn == 60927U /* (13 + 14 * 16) * 256 + 255 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2433: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2435: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2446: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2521: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2522: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;o&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2456: <b>switch_case</b>: Reached case &quot;&apos;o&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2461: <b>cond_true</b>: Condition &quot;insn &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2464: <b>cond_true</b>: Condition &quot;opcodep-&gt;match == 57344U /* (0 + 14 * 16) * 256 + 0 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2465: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2467: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2469: <b>cond_true</b>: Condition &quot;disdata-&gt;distype == cris_dis_v32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2521: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2522: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;P&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2500: <b>switch_case</b>: Reached case &quot;&apos;P&apos;&quot;</span>
qemu-kvm-1.2.0/cris-dis.c:2503: <b>returned_null</b>: Function &quot;spec_reg_info(unsigned int, enum cris_disass_family)&quot; returns null (checked 5 out of 6 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1335:3: <b>cond_true</b>: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1337:7: <b>cond_true</b>: Condition &quot;cris_spec_regs[i].number == sreg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1339:4: <b>cond_true</b>: Condition &quot;distype == cris_dis_v32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1340:6: <b>switch</b>: Switch case value &quot;cris_ver_warning&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1342:13: <b>switch_case</b>: Reached case &quot;cris_ver_warning&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1349:3: <b>cond_false</b>: Condition &quot;cris_spec_regs[i].warning == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1350:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1353:8: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1355:6: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1357:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1335:3: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1335:3: <b>cond_true</b>: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1337:7: <b>cond_true</b>: Condition &quot;cris_spec_regs[i].number == sreg&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1339:4: <b>cond_true</b>: Condition &quot;distype == cris_dis_v32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1340:6: <b>switch</b>: Switch case value &quot;cris_ver_warning&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1342:13: <b>switch_case</b>: Reached case &quot;cris_ver_warning&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1349:3: <b>cond_false</b>: Condition &quot;cris_spec_regs[i].warning == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1350:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1353:8: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1355:6: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1357:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1335:3: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1335:3: <b>cond_false</b>: Condition &quot;cris_spec_regs[i].name != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1357:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1359:3: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1850: <b>example_assign</b>: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, distype)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1854: <b>example_checked</b>: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1671: <b>example_assign</b>: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info(spec_reg, disdata-&gt;distype)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1675: <b>example_checked</b>: &quot;sregp&quot; has its value checked in &quot;sregp&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1700: <b>example_assign</b>: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1714: <b>example_checked</b>: &quot;sregp&quot; has its value checked in &quot;sregp != NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2074: <b>example_assign</b>: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2079: <b>example_checked</b>: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2176: <b>example_assign</b>: Assigning: &quot;sregp&quot; = return value from &quot;spec_reg_info((insn &gt;&gt; 12) &amp; 0xfU, disdata-&gt;distype)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2180: <b>example_checked</b>: &quot;sregp&quot; has its value checked in &quot;sregp == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2503: <b>var_assigned</b>: Assigning: &quot;sregp&quot; = null return value from &quot;spec_reg_info(unsigned int, enum cris_disass_family)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2505: <b>dereference</b>: Dereferencing a null pointer &quot;sregp&quot;.</span>

<a name='def813'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def813'>[#def813]</a>
qemu-kvm-1.2.0/block/vpc.c:665: <b>returned_null</b>: Function &quot;get_option_parameter(QEMUOptionParameter *, char const *)&quot; returns null (checked 10 out of 11 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:162:5: <b>cond_true</b>: Condition &quot;list&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:162:5: <b>cond_true</b>: Condition &quot;list-&gt;name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:163:9: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(list-&gt;name, name)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:165:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:167:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:162:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:162:5: <b>cond_true</b>: Condition &quot;list&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:162:5: <b>cond_false</b>: Condition &quot;list-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:167:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:169:5: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:667: <b>example_assign</b>: Assigning: &quot;disk_type_param&quot; = return value from &quot;get_option_parameter(options, &quot;subformat&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:668: <b>example_checked</b>: &quot;disk_type_param&quot; has its value checked in &quot;disk_type_param&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3969: <b>example_assign</b>: Assigning: &quot;backing_file&quot; = return value from &quot;get_option_parameter(param, &quot;backing_file&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:3970: <b>example_checked</b>: &quot;backing_file&quot; has its value checked in &quot;backing_file&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-img.c:827: <b>example_assign</b>: Assigning: &quot;out_baseimg_param&quot; = return value from &quot;get_option_parameter(param, &quot;backing_file&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-img.c:828: <b>example_checked</b>: &quot;out_baseimg_param&quot; has its value checked in &quot;out_baseimg_param&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:393: <b>example_checked</b>: &quot;get_option_parameter(dest, list-&gt;name)&quot; has its value checked in &quot;get_option_parameter(dest, list-&gt;name) == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:267: <b>example_assign</b>: Assigning: &quot;list&quot; = return value from &quot;get_option_parameter(list, name)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-option.c:268: <b>example_checked</b>: &quot;list&quot; has its value checked in &quot;list == NULL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vpc.c:665: <b>dereference</b>: Dereferencing a null pointer &quot;get_option_parameter(options, &quot;size&quot;)&quot;.</span>

<a name='def814'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def814'>[#def814]</a>
qemu-kvm-1.2.0/target-sparc/cpu.c:647: <b>returned_null</b>: Function &quot;strtok(char * restrict, char const * restrict)&quot; returns null (checked 9 out of 10 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/acpi.c:118: <b>example_assign</b>: Assigning: &quot;f&quot; = return value from &quot;strtok(NULL, &quot;:&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/acpi.c:118: <b>example_checked</b>: &quot;f&quot; has its value checked in &quot;f&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-timer.c:190: <b>example_assign</b>: Assigning: &quot;name&quot; = return value from &quot;strtok(arg, &quot;,&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-timer.c:191: <b>example_checked</b>: &quot;name&quot; has its value checked in &quot;name&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/cpu.c:1020: <b>example_assign</b>: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/cpu.c:911: <b>example_checked</b>: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:663: <b>example_assign</b>: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:664: <b>example_checked</b>: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:731: <b>example_assign</b>: Assigning: &quot;featurestr&quot; = return value from &quot;strtok(NULL, &quot;,&quot;)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:664: <b>example_checked</b>: &quot;featurestr&quot; has its value checked in &quot;featurestr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:647: <b>var_assigned</b>: Assigning: &quot;name&quot; = null return value from &quot;strtok(char * restrict, char const * restrict)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:653: <b>cond_true</b>: Condition &quot;i &lt; 22UL /* sizeof (sparc_defs) / sizeof (sparc_defs[0]) */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-sparc/cpu.c:654: <b>dereference</b>: Dereferencing a pointer that might be null &quot;name&quot; when calling &quot;strcasecmp(char const *, char const *)&quot;.</span>

<a name='def815'/><b>Error: <span style='background: #C0FF00;'>NULL_RETURNS</span> (CWE-476):</b> <a href ='#def815'>[#def815]</a>
qemu-kvm-1.2.0/linux-user/flatload.c:102: <b>returned_null</b>: Function &quot;lock_user(int, abi_ulong, long, int)&quot; returns null (checked 253 out of 260 times).
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_true</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>return_null</b>: Explicitly returning null.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:52: <b>example_checked</b>: &quot;lock_user(0, __gaddr, 4L, 1)&quot; has its value checked in &quot;__hptr = lock_user(0, __gaddr, 4L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/fpa11_cpdt.c:198: <b>example_checked</b>: &quot;lock_user(1, __gaddr, 4L, 0)&quot; has its value checked in &quot;__hptr = lock_user(1, __gaddr, 4L, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2416: <b>example_checked</b>: &quot;lock_user(0, target_addr, 64L, 1)&quot; has its value checked in &quot;target_sd = lock_user(0, target_addr, 64L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2717: <b>example_checked</b>: &quot;lock_user(0, target_addr, 88L, 1)&quot; has its value checked in &quot;target_md = lock_user(0, target_addr, 88L, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1784: <b>example_assign</b>: Assigning: &quot;target_vec&quot; = return value from &quot;lock_user(0, target_addr, count * 8UL, 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:1785: <b>example_checked</b>: &quot;target_vec&quot; has its value checked in &quot;target_vec&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:102: <b>var_assigned</b>: Assigning: &quot;buf&quot; = null return value from &quot;lock_user(int, abi_ulong, long, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/flatload.c:103: <b>dereference</b>: Dereferencing a pointer that might be null &quot;buf&quot; when calling &quot;pread(int, void *, size_t, __off64_t)&quot;.</span>

<a name='def816'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def816'>[#def816]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci.c:1322: <b>overrun-buffer-arg</b>: Overrunning struct type evt_encrypt_change of 4 bytes by passing it to a function which accesses it at byte offset 4 using argument &quot;5&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci.c:461:5: <b>cond_false</b>: Condition &quot;!packet&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci.c:462:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci.c:464:5: <b>cond_true</b>: Condition &quot;len&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/bt-hci.c:465:9: <b>access_dbuff_in_call</b>: Calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; indexes array &quot;params&quot; with index &quot;len&quot;.

<a name='def817'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def817'>[#def817]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_false</b>: Condition &quot;offset &lt; 512&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_at_least</b>: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>cond_false</b>: Condition &quot;offset &lt; 768&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>cond_at_least</b>: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>cond_false</b>: Condition &quot;offset &lt; 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>cond_at_least</b>: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>cond_false</b>: Condition &quot;offset &lt; 2048&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:288: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>cond_at_least</b>: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is at least 2048 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:288: <b>cond_true</b>: Condition &quot;offset &lt; 3072&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:288: <b>cond_between</b>: Checking &quot;offset &lt; 3072UL&quot; implies that the value of &quot;offset&quot; is between 2048 and 3071 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:290: <b>cond_false</b>: Condition &quot;s-&gt;num_cpu == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:293: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:294: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:294: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;offset - 2048UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:295: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:297: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:298: <b>cond_true</b>: Condition &quot;irq &gt;= 29&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:298: <b>cond_false</b>: Condition &quot;irq &lt;= 31&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:300: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:301: <b>overrun-local</b>: Overrunning array &quot;s-&gt;irq_target&quot; of 1020 4-byte elements at element index 1055 (byte offset 4220) using index &quot;irq&quot; (which evaluates to 1055).

<a name='def818'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def818'>[#def818]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_false</b>: Condition &quot;offset &lt; 512&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_at_least</b>: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>cond_false</b>: Condition &quot;offset &lt; 768&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:254: <b>cond_at_least</b>: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>cond_false</b>: Condition &quot;offset &lt; 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:270: <b>cond_at_least</b>: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>cond_true</b>: Condition &quot;offset &lt; 2048&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:282: <b>cond_between</b>: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is between 1024 and 2047 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:284: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:284: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;offset - 1024UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:285: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:286: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:287: <b>cond_false</b>: Condition &quot;irq &lt; 32&quot;, taking false branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:287: <b>overrun-local</b>: Overrunning array &quot;s-&gt;priority2&quot; of 988 4-byte elements at element index 1023 (byte offset 4092) using index &quot;irq - 32&quot; (which evaluates to 1023).

<a name='def819'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def819'>[#def819]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:227: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_true</b>: Condition &quot;offset &lt; 512&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:239: <b>cond_between</b>: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is between 256 and 511 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:241: <b>cond_true</b>: Condition &quot;offset &lt; 384&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:241: <b>cond_between</b>: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:242: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL&quot;. The value of &quot;irq&quot; is now between 0 and 1016 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:242: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:244: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:245: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:245: <b>assignment</b>: Assigning: &quot;irq&quot; += &quot;(s-&gt;revision == 4294967295U) ? 32 : 0&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:246: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:247: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:249: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:249: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:250: <b>overrun-local</b>: Overrunning array &quot;s-&gt;irq_state&quot; of 1020 8-byte elements at element index 1048 (byte offset 8384) using index &quot;irq + i&quot; (which evaluates to 1048).

<a name='def820'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def820'>[#def820]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_false</b>: Condition &quot;offset &lt; 384&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:392: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_at_least</b>: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is at least 384 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:392: <b>cond_false</b>: Condition &quot;offset &lt; 512&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:409: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:392: <b>cond_at_least</b>: Checking &quot;offset &lt; 512UL&quot; implies that the value of &quot;offset&quot; is at least 512 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:409: <b>cond_false</b>: Condition &quot;offset &lt; 640&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:422: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:409: <b>cond_at_least</b>: Checking &quot;offset &lt; 640UL&quot; implies that the value of &quot;offset&quot; is at least 640 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:422: <b>cond_false</b>: Condition &quot;offset &lt; 768&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:435: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:422: <b>cond_at_least</b>: Checking &quot;offset &lt; 768UL&quot; implies that the value of &quot;offset&quot; is at least 768 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:435: <b>cond_false</b>: Condition &quot;offset &lt; 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:438: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:435: <b>cond_at_least</b>: Checking &quot;offset &lt; 1024UL&quot; implies that the value of &quot;offset&quot; is at least 1024 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:438: <b>cond_true</b>: Condition &quot;offset &lt; 2048&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:438: <b>cond_between</b>: Checking &quot;offset &lt; 2048UL&quot; implies that the value of &quot;offset&quot; is between 1024 and 2047 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:440: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:440: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;offset - 1024UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1055 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:441: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:442: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:443: <b>cond_false</b>: Condition &quot;irq &lt; 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:445: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:446: <b>overrun-local</b>: Overrunning array &quot;s-&gt;priority2&quot; of 988 4-byte elements at element index 1023 (byte offset 4092) using index &quot;irq - 32&quot; (which evaluates to 1023).

<a name='def821'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def821'>[#def821]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_true</b>: Condition &quot;offset &lt; 384&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_between</b>: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:369: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:369: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:370: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:371: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:372: <b>cond_false</b>: Condition &quot;irq &lt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:373: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:374: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:374: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:375: <b>cond_true</b>: Condition &quot;value &amp; (1 &lt;&lt; i)&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:379: <b>overrun-local</b>: Overrunning array &quot;s-&gt;irq_state&quot; of 1020 8-byte elements at element index 1048 (byte offset 8384) using index &quot;irq + i&quot; (which evaluates to 1048).

<a name='def822'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def822'>[#def822]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_false</b>: Condition &quot;offset &lt; 256&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:356: <b>cond_at_least</b>: Checking &quot;offset &lt; 256UL&quot; implies that the value of &quot;offset&quot; is at least 256 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_true</b>: Condition &quot;offset &lt; 384&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:367: <b>cond_between</b>: Checking &quot;offset &lt; 384UL&quot; implies that the value of &quot;offset&quot; is between 256 and 383 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:369: <b>cond_true</b>: Condition &quot;s-&gt;revision == 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:369: <b>assignment</b>: Assigning: &quot;irq&quot; = &quot;(offset - 256UL) * 8UL + ((s-&gt;revision == 4294967295U) ? 32 : 0)&quot;. The value of &quot;irq&quot; is now between 32 and 1048 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:370: <b>cond_false</b>: Condition &quot;irq &gt;= s-&gt;num_irq&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:371: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:372: <b>cond_false</b>: Condition &quot;irq &lt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:373: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:374: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/arm_gic.c:375: <b>cond_true</b>: Condition &quot;value &amp; (1 &lt;&lt; i)&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/arm_gic.c:376: <b>overrun-local</b>: Overrunning array &quot;s-&gt;irq_target&quot; of 1020 4-byte elements at element index 1048 (byte offset 4192) using index &quot;irq&quot; (which evaluates to 1048).

<a name='def823'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def823'>[#def823]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:195: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:195: <b>cond_at_least</b>: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:195: <b>cond_true</b>: Condition &quot;r &gt; 15&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:195: <b>cond_at_least</b>: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:197: <b>cond_false</b>: Condition &quot;r == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:197: <b>cond_false</b>: Condition &quot;r == 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:197: <b>cond_false</b>: Condition &quot;r == 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:199: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:199: <b>cond_false</b>: Condition &quot;r == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:202: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/target-cris/translate.c:202: <b>overrun-local</b>: Overrunning array &quot;cpu_PR&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).

<a name='def824'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def824'>[#def824]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:272: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:274: <b>cond_false</b>: Condition &quot;c == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:275: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:276: <b>cond_true</b>: Condition &quot;c == 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:279: <b>cond_true</b>: Condition &quot;mon-&gt;outbuf_index &gt;= 1023UL /* sizeof (mon-&gt;outbuf) - 1 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:279: <b>cond_at_least</b>: Checking &quot;mon-&gt;outbuf_index &gt;= 1023UL&quot; implies that the value of &quot;mon-&gt;outbuf_index&quot; is at least 1023 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:282: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:272: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:272: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:274: <b>cond_false</b>: Condition &quot;c == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:275: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:276: <b>cond_true</b>: Condition &quot;c == 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/monitor.c:277: <b>incr</b>: Incrementing &quot;mon-&gt;outbuf_index&quot;. The value of &quot;mon-&gt;outbuf_index&quot; is now at least 1024.</span>
qemu-kvm-1.2.0/monitor.c:278: <b>overrun-local</b>: Overrunning array &quot;mon-&gt;outbuf&quot; of 1024 bytes at byte offset 1024 using index &quot;mon-&gt;outbuf_index++&quot; (which evaluates to 1024).

<a name='def825'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def825'>[#def825]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:56: <b>cond_false</b>: Condition &quot;addr == 1008&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:58: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:60: <b>switch</b>: Switch case value &quot;255&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:69: <b>switch_case</b>: Reached case &quot;255&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:69: <b>equality_cond</b>: Jumping to case &quot;255&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:71: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/vt82c686.c:92: <b>switch_end</b>: Reached end of switch</span>
qemu-kvm-1.2.0/hw/vt82c686.c:93: <b>overrun-local</b>: Overrunning array &quot;superio_conf-&gt;config&quot; of 255 bytes at byte offset 255 using index &quot;superio_conf-&gt;index&quot; (which evaluates to 255).

<a name='def826'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def826'>[#def826]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:242: <b>cond_true</b>: Condition &quot;bytes &gt; s-&gt;prefetch.count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:251: <b>cond_false</b>: Condition &quot;fptr &lt; 64 - bytes&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:254: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:255: <b>cond_true</b>: Condition &quot;fptr &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:255: <b>cond_at_most</b>: Checking &quot;fptr &lt; 64&quot; implies that the value of &quot;fptr&quot; may be up to 63 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:256: <b>cond_true</b>: Condition &quot;is16bit&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/omap_gpmc.c:258: <b>incr</b>: Incrementing &quot;fptr&quot;. The value of &quot;fptr&quot; may now be up to 64.</span>
qemu-kvm-1.2.0/hw/omap_gpmc.c:259: <b>overrun-local</b>: Overrunning array &quot;s-&gt;prefetch.fifo&quot; of 64 bytes at byte offset 64 using index &quot;fptr++&quot; (which evaluates to 64).

<a name='def827'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def827'>[#def827]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/wm8750.c:674: <b>cond_true</b>: Condition &quot;s-&gt;idx_in &gt;= 4096UL /* sizeof (s-&gt;data_in) */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/wm8750.c:674: <b>cond_at_least</b>: Checking &quot;s-&gt;idx_in &gt;= 4096UL&quot; implies that the value of &quot;s-&gt;idx_in&quot; is at least 4096 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/wm8750.c:677: <b>alias</b>: Assigning: &quot;data&quot; = &quot;&amp;s-&gt;data_in[s-&gt;idx_in]&quot;. &quot;data&quot; may now point to element 1024 (and beyond) of &quot;s-&gt;data_in&quot; (which consists of 1024 4-byte elements).</span>
qemu-kvm-1.2.0/hw/wm8750.c:680: <b>overrun-local</b>: Overrunning array of 1024 4-byte elements at element index 1024 (byte offset 4096) by dereferencing pointer &quot;data&quot;.

<a name='def828'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def828'>[#def828]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1157: <b>cond_false</b>: Condition &quot;ptr &amp; 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1159: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1167: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1169: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1172: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1176: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1178: <b>cond_true</b>: Condition &quot;env-&gt;cr[4] &amp; (512U /* 1 &lt;&lt; 9 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1182: <b>cond_true</b>: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1183: <b>assignment</b>: Assigning: &quot;nb_xmm_regs&quot; = &quot;16&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1184: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1186: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1189: <b>cond_true</b>: Condition &quot;!(env-&gt;efer &amp; (16384UL /* 1 &lt;&lt; 14 */))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: <b>cond_true</b>: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1196: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: <b>cond_true</b>: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1192: <b>cond_at_most</b>: Checking &quot;i &lt; nb_xmm_regs&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.</span>
qemu-kvm-1.2.0/target-i386/fpu_helper.c:1193: <b>overrun-local</b>: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).

<a name='def829'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def829'>[#def829]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1095: <b>cond_false</b>: Condition &quot;ptr &amp; 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1097: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1101: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1103: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1121: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1125: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1127: <b>cond_true</b>: Condition &quot;env-&gt;cr[4] &amp; (512U /* 1 &lt;&lt; 9 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1131: <b>cond_true</b>: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1132: <b>assignment</b>: Assigning: &quot;nb_xmm_regs&quot; = &quot;16&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1133: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1135: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1138: <b>cond_true</b>: Condition &quot;!(env-&gt;efer &amp; (16384UL /* 1 &lt;&lt; 14 */))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: <b>cond_true</b>: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1145: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: <b>cond_true</b>: Condition &quot;i &lt; nb_xmm_regs&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/fpu_helper.c:1141: <b>cond_at_most</b>: Checking &quot;i &lt; nb_xmm_regs&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.</span>
qemu-kvm-1.2.0/target-i386/fpu_helper.c:1142: <b>overrun-local</b>: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).

<a name='def830'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def830'>[#def830]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:274: <b>switch</b>: Switch case value &quot;1256UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:303: <b>switch_case</b>: Reached case &quot;1256UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:303: <b>equality_cond</b>: Jumping to case &quot;1256UL&quot;.</span>
qemu-kvm-1.2.0/hw/musicpal.c:304: <b>overrun-local</b>: Overrunning array &quot;s-&gt;tx_queue&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;(offset - 1248UL) / 4UL&quot; (which evaluates to 2).

<a name='def831'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def831'>[#def831]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:316: <b>switch</b>: Switch case value &quot;1256UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:357: <b>switch_case</b>: Reached case &quot;1256UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/musicpal.c:357: <b>equality_cond</b>: Jumping to case &quot;1256UL&quot;.</span>
qemu-kvm-1.2.0/hw/musicpal.c:358: <b>overrun-local</b>: Overrunning array &quot;s-&gt;tx_queue&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;(offset - 1248UL) / 4UL&quot; (which evaluates to 2).

<a name='def832'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def832'>[#def832]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:206: <b>cond_false</b>: Condition &quot;shift &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:208: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:206: <b>cond_at_most</b>: Checking &quot;shift &gt; 16&quot; implies that the value of &quot;shift&quot; may be up to 16 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:209: <b>assignment</b>: Assigning: &quot;i&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:209: <b>cond_true</b>: Condition &quot;i &lt; 16 - shift&quot;, taking true branch</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:210: <b>overrun-local</b>: Overrunning array &quot;d-&gt;_b&quot; of 16 bytes at byte offset 16 using index &quot;i + shift&quot; (which evaluates to 16).

<a name='def833'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def833'>[#def833]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:298: <b>assignment</b>: Assigning: &quot;quality&quot; = &quot;vs-&gt;tight.quality&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:300: <b>cond_false</b>: Condition &quot;!vs-&gt;vd-&gt;lossy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:302: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: <b>cond_false</b>: Condition &quot;ds_get_bytes_per_pixel(vs-&gt;ds) == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: <b>cond_false</b>: Condition &quot;vs-&gt;clientds.pf.bytes_per_pixel == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: <b>cond_false</b>: Condition &quot;w &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:304: <b>cond_false</b>: Condition &quot;h &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:308: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:310: <b>cond_false</b>: Condition &quot;vs-&gt;tight.quality != 255 /* (uint8_t)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:314: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:315: <b>cond_false</b>: Condition &quot;w * h &lt; tight_conf[compression].gradient_min_rect_size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:320: <b>cond_true</b>: Condition &quot;vs-&gt;clientds.pf.bytes_per_pixel == 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:321: <b>cond_false</b>: Condition &quot;vs-&gt;tight.pixel24&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:327: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:330: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:332: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/vnc-enc-tight.c:333: <b>cond_true</b>: Condition &quot;quality != -1&quot;, taking true branch</span>
qemu-kvm-1.2.0/ui/vnc-enc-tight.c:334: <b>overrun-local</b>: Overrunning array &quot;tight_conf&quot; of 10 56-byte elements at element index 255 (byte offset 14280) using index &quot;quality&quot; (which evaluates to 255).

<a name='def834'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def834'>[#def834]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:526: <b>cond_false</b>: Condition &quot;dtype == 536870912&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:546: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:546: <b>cond_true</b>: Condition &quot;dtype == (537919488U /* 0x20000000 | 0x100000 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:548: <b>cond_true</b>: Condition &quot;tp-&gt;size == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:548: <b>cond_const</b>: Checking &quot;tp-&gt;size == 0&quot; implies that the value of &quot;tp-&gt;size&quot; is 0 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:551: <b>cond_true</b>: Condition &quot;txd_lower &amp; 67108864&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:552: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:555: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;vlan_enabled(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;is_vlan_txd(txd_lower)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;tp-&gt;cptse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:567: <b>cond_true</b>: Condition &quot;tp-&gt;tse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:567: <b>cond_true</b>: Condition &quot;tp-&gt;cptse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:572: <b>cond_true</b>: Condition &quot;tp-&gt;size + bytes &gt; msh&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:575: <b>cond_true</b>: Condition &quot;65536UL /* sizeof (tp-&gt;data) */ - tp-&gt;size &lt; bytes&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:575: <b>cond_at_least</b>: Checking &quot;65536UL - tp-&gt;size &lt; bytes&quot; implies that the value of &quot;bytes&quot; is at least 65537 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:575: <b>assignment</b>: Assigning: &quot;bytes&quot; = &quot;(65536UL - tp-&gt;size &lt; bytes) ? 65536UL - tp-&gt;size : bytes&quot;. The value of &quot;bytes&quot; is now 65536.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>assignment</b>: Assigning: &quot;sz&quot; = &quot;tp-&gt;size + bytes&quot;. The value of &quot;sz&quot; is now 65536.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>cond_false</b>: Condition &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:578: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>cond_at_least</b>: Checking &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot; implies that the value of &quot;hdr&quot; is at least 65537 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:581: <b>cond_true</b>: Condition &quot;sz == msh&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/e1000.c:583: <b>overrun-buffer-arg</b>: Overrunning array &quot;tp-&gt;data&quot; of 65536 bytes by passing it to a function which accesses it at byte offset 65536 using argument &quot;hdr&quot; (which evaluates to 65537).

<a name='def835'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def835'>[#def835]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:526: <b>cond_false</b>: Condition &quot;dtype == 536870912&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:546: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:546: <b>cond_true</b>: Condition &quot;dtype == (537919488U /* 0x20000000 | 0x100000 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:548: <b>cond_true</b>: Condition &quot;tp-&gt;size == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:548: <b>cond_const</b>: Checking &quot;tp-&gt;size == 0&quot; implies that the value of &quot;tp-&gt;size&quot; is 0 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:551: <b>cond_true</b>: Condition &quot;txd_lower &amp; 67108864&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:552: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:555: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;vlan_enabled(s)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;is_vlan_txd(txd_lower)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:557: <b>cond_true</b>: Condition &quot;tp-&gt;cptse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:567: <b>cond_true</b>: Condition &quot;tp-&gt;tse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:567: <b>cond_true</b>: Condition &quot;tp-&gt;cptse&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:572: <b>cond_true</b>: Condition &quot;tp-&gt;size + bytes &gt; msh&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:575: <b>cond_true</b>: Condition &quot;65536UL /* sizeof (tp-&gt;data) */ - tp-&gt;size &lt; bytes&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>cond_true</b>: Condition &quot;(sz = tp-&gt;size + bytes) &gt;= hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>cond_true</b>: Condition &quot;tp-&gt;size &lt; hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/e1000.c:577: <b>cond_between</b>: Checking &quot;tp-&gt;size &lt; hdr&quot; implies that the value of &quot;hdr&quot; is between 1 and 65536 (inclusive) on the true branch.</span>
qemu-kvm-1.2.0/hw/e1000.c:578: <b>overrun-buffer-arg</b>: Overrunning array &quot;tp-&gt;header&quot; of 256 bytes by passing it to a function which accesses it at byte offset 65535 using argument &quot;hdr&quot; (which evaluates to 65536).

<a name='def836'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def836'>[#def836]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:756: <b>assignment</b>: Assigning: &quot;size&quot; = &quot;0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:758: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:762: <b>cond_false</b>: Condition &quot;tcb_bytes &gt; 2600&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:765: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:766: <b>cond_false</b>: Condition &quot;tcb_bytes &gt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:766: <b>cond_true</b>: Condition &quot;tbd_array != 4294967295U&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:769: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:770: <b>cond_true</b>: Condition &quot;tcb_bytes &lt;= 2600UL /* sizeof (buf) */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:771: <b>cond_false</b>: Condition &quot;size &lt; tcb_bytes&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:784: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:785: <b>cond_false</b>: Condition &quot;tbd_array == 4294967295U&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:787: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:790: <b>cond_true</b>: Condition &quot;s-&gt;has_extended_tcb_support&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:790: <b>cond_true</b>: Condition &quot;!(s-&gt;configuration[6] &amp; (16 /* 1 &lt;&lt; 4 */))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:792: <b>cond_true</b>: Condition &quot;tbd_count &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:800: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:803: <b>cond_false</b>: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:803: <b>cond_at_least</b>: Checking &quot;tx_buffer_size &lt; 2600UL - size&quot; implies that the value of &quot;tx_buffer_size&quot; is at least 2600 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:803: <b>assignment</b>: Assigning: &quot;tx_buffer_size&quot; = &quot;(tx_buffer_size &lt; 2600UL - size) ? tx_buffer_size : (2600UL - size)&quot;. The value of &quot;tx_buffer_size&quot; is now 2600.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:806: <b>assignment</b>: Assigning: &quot;size&quot; += &quot;tx_buffer_size&quot;. The value of &quot;size&quot; is now 2600.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:807: <b>cond_true</b>: Condition &quot;tx_buffer_el &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:808: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:810: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:813: <b>cond_true</b>: Condition &quot;tbd_count &lt; s-&gt;tx.tbd_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:818: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:821: <b>cond_false</b>: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:821: <b>cond_at_least</b>: Checking &quot;tx_buffer_size &lt; 2600UL - size&quot; implies that the value of &quot;tx_buffer_size&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:821: <b>assignment</b>: Assigning: &quot;tx_buffer_size&quot; = &quot;(tx_buffer_size &lt; 2600UL - size) ? tx_buffer_size : (2600UL - size)&quot;. The value of &quot;tx_buffer_size&quot; is now 0.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:824: <b>assignment</b>: Assigning: &quot;size&quot; += &quot;tx_buffer_size&quot;. The value of &quot;size&quot; is now 2600.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:825: <b>cond_false</b>: Condition &quot;tx_buffer_el &amp; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:827: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:828: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:813: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:813: <b>cond_true</b>: Condition &quot;tbd_count &lt; s-&gt;tx.tbd_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:818: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:821: <b>cond_true</b>: Condition &quot;tx_buffer_size &lt; 2600UL /* sizeof (buf) */ - size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/eepro100.c:822: <b>overrun-local</b>: Overrunning array of 2600 bytes at byte offset 2600 by dereferencing pointer &quot;&amp;buf[size]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pci.h:605:5: <b>deref_parm_in_call</b>: Function &quot;pci_dma_rw(PCIDevice *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pci.h:598:5: <b>deref_parm_in_call</b>: Function &quot;dma_memory_rw(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:150:5: <b>deref_parm_in_call</b>: Function &quot;dma_memory_rw_relaxed(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:121:5: <b>cond_false</b>: Condition &quot;!dma_has_iommu(dma)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:126:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma.h:127:9: <b>deref_parm_in_call</b>: Function &quot;iommu_dma_memory_rw(DMAContext *, dma_addr_t, void *, dma_addr_t, DMADirection)&quot; dereferences &quot;buf&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:318:5: <b>cond_true</b>: Condition &quot;len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/dma-helpers.c:320:9: <b>cond_true</b>: Condition &quot;err&quot;, taking true branch</span>
qemu-kvm-1.2.0/dma-helpers.c:326:6: <b>deref_parm_in_call</b>: Function &quot;memset(void *, int, size_t)&quot; dereferences &quot;buf&quot;.

<a name='def837'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def837'>[#def837]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:203: <b>switch</b>: Switch case value &quot;162&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:208: <b>switch_case</b>: Reached case &quot;162&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:208: <b>equality_cond</b>: Jumping to case &quot;162&quot;.</span>
qemu-kvm-1.2.0/hw/ppc405_uc.c:209: <b>overrun-local</b>: Overrunning array &quot;pob-&gt;besr&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;dcrn - 160&quot; (which evaluates to 2).

<a name='def838'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def838'>[#def838]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:225: <b>switch</b>: Switch case value &quot;162&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:230: <b>switch_case</b>: Reached case &quot;162&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/ppc405_uc.c:230: <b>equality_cond</b>: Jumping to case &quot;162&quot;.</span>
qemu-kvm-1.2.0/hw/ppc405_uc.c:232: <b>overrun-local</b>: Overrunning array &quot;pob-&gt;besr&quot; of 2 4-byte elements at element index 2 (byte offset 8) using index &quot;dcrn - 160&quot; (which evaluates to 2).

<a name='def839'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def839'>[#def839]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:543: <b>cond_false</b>: Condition &quot;!(env-&gt;psw.mask &amp; 0x100000000000000ULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:545: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:547: <b>cond_false</b>: Condition &quot;env-&gt;ext_index &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:547: <b>cond_at_least</b>: Checking &quot;env-&gt;ext_index &lt; 0&quot; implies that the value of &quot;env-&gt;ext_index&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:547: <b>cond_false</b>: Condition &quot;env-&gt;ext_index &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:549: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:547: <b>cond_between</b>: Checking &quot;env-&gt;ext_index &gt; 16&quot; implies that the value of &quot;env-&gt;ext_index&quot; is between 0 and 16 (inclusive) on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-s390x/helper.c:551: <b>alias</b>: Assigning: &quot;q&quot; = &quot;&amp;env-&gt;ext_queue[env-&gt;ext_index]&quot;. &quot;q&quot; may now point between elements 0 and 16 (inclusive) of &quot;env-&gt;ext_queue&quot; (which consists of 16 12-byte elements).</span>
qemu-kvm-1.2.0/target-s390x/helper.c:554: <b>overrun-local</b>: Overrunning array of 16 12-byte elements at element index 16 (byte offset 192) by dereferencing pointer &quot;q&quot;.

<a name='def840'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def840'>[#def840]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:206: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:206: <b>cond_at_least</b>: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:206: <b>cond_true</b>: Condition &quot;r &gt; 15&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:206: <b>cond_at_least</b>: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:208: <b>cond_false</b>: Condition &quot;r == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:208: <b>cond_false</b>: Condition &quot;r == 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:208: <b>cond_false</b>: Condition &quot;r == 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:210: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:210: <b>cond_false</b>: Condition &quot;r == 3&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:212: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:213: <b>cond_false</b>: Condition &quot;r == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:214: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:215: <b>cond_true</b>: Condition &quot;dc-&gt;tb_flags &amp; 512&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:215: <b>cond_false</b>: Condition &quot;r == 15&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:217: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:217: <b>cond_false</b>: Condition &quot;r == 13&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:218: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/target-cris/translate.c:219: <b>overrun-local</b>: Overrunning array &quot;cpu_PR&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).

<a name='def841'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def841'>[#def841]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:169: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:169: <b>cond_at_least</b>: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:169: <b>cond_true</b>: Condition &quot;r &gt; 15&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:169: <b>cond_at_least</b>: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.</span>
qemu-kvm-1.2.0/target-cris/translate.c:171: <b>overrun-local</b>: Overrunning array &quot;cpu_R&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).

<a name='def842'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def842'>[#def842]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2028: <b>switch_case</b>: Reached case &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2029: <b>cond_true</b>: Condition &quot;valids &gt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: <b>cond_true</b>: Condition &quot;valids &gt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: <b>cond_true</b>: Condition &quot;valids &lt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_true</b>: Condition &quot;valids &lt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_between</b>: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 12 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2033: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 12) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def843'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def843'>[#def843]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2028: <b>switch_case</b>: Reached case &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2029: <b>cond_true</b>: Condition &quot;valids &gt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: <b>cond_true</b>: Condition &quot;valids &gt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2030: <b>cond_true</b>: Condition &quot;valids &lt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_true</b>: Condition &quot;valids &lt; validd&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2031: <b>cond_between</b>: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 12 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2034: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 12) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def844'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def844'>[#def844]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2009: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: <b>cond_true</b>: Condition &quot;j &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2013: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2013: <b>cond_between</b>: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 14 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2014: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def845'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def845'>[#def845]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2037: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2038: <b>cond_true</b>: Condition &quot;j &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: <b>cond_false</b>: Condition &quot;upper - j &lt; validd&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2041: <b>cond_between</b>: Checking &quot;i &gt;= 0&quot; implies that the value of &quot;i&quot; is between 0 and 14 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2042: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;i&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def846'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def846'>[#def846]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2009: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: <b>cond_true</b>: Condition &quot;j &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2010: <b>cond_between</b>: Checking &quot;j &gt;= 0&quot; implies that the value of &quot;j&quot; is between 0 and 14 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2012: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;j&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def847'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def847'>[#def847]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;valids &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2006: <b>cond_true</b>: Condition &quot;validd &lt; upper&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2008: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2018: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2019: <b>cond_true</b>: Condition &quot;j &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2019: <b>cond_between</b>: Checking &quot;j &gt;= 0&quot; implies that the value of &quot;j&quot; is between 0 and 14 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:2021: <b>overrun-call</b>: Overrunning callee&apos;s array of size 8 by passing argument &quot;j&quot; (which evaluates to 14) in call to &quot;pcmp_val(XMMReg *, uint8_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1982:5: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/ops_sse.h:1985:10: <b>switch_case</b>: Reached case &quot;1&quot;</span>
qemu-kvm-1.2.0/target-i386/ops_sse.h:1986:9: <b>index_parm</b>: Indexing &quot;r-&gt;_w&quot; with &quot;i&quot;.

<a name='def848'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def848'>[#def848]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:442: <b>cond_true</b>: Condition &quot;i &lt; number_of_entries&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:447: <b>cond_true</b>: Condition &quot;i == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:448: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:442: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:442: <b>cond_false</b>: Condition &quot;i &lt; number_of_entries&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:448: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:449: <b>cond_true</b>: Condition &quot;i &lt; 26 * number_of_entries&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>cond_true</b>: Condition &quot;offset &lt; 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:453: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:456: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:449: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:449: <b>cond_true</b>: Condition &quot;i &lt; 26 * number_of_entries&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>cond_true</b>: Condition &quot;offset &lt; 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>cond_between</b>: Checking &quot;offset &lt; 10&quot; implies that the value of &quot;offset&quot; is between 0 and 9 (inclusive) on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>assignment</b>: Assigning: &quot;offset&quot; = &quot;1 + offset&quot;. The value of &quot;offset&quot; is now between 1 and 10 (inclusive).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:451: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:453: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block/vvfat.c:455: <b>overrun-local</b>: Overrunning array &quot;entry-&gt;name&quot; of 8 bytes at byte offset 10 using index &quot;offset&quot; (which evaluates to 10).

<a name='def849'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def849'>[#def849]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:620: <b>cond_true</b>: Condition &quot;is_dot&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/vvfat.c:622: <b>overrun-buffer-arg</b>: Overrunning array &quot;entry-&gt;name&quot; of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument &quot;11UL&quot;.

<a name='def850'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def850'>[#def850]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:620: <b>cond_false</b>: Condition &quot;is_dot&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:625: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>cond_false</b>: Condition &quot;filename[j] != &apos;.&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:630: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:631: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:632: <b>cond_true</b>: Condition &quot;j &gt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:632: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:634: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:640: <b>cond_true</b>: Condition &quot;j &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_true</b>: Condition &quot;i &lt; 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_true</b>: Condition &quot;filename[j + 1 + i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:642: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_true</b>: Condition &quot;i &lt; 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_true</b>: Condition &quot;filename[j + 1 + i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:642: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_true</b>: Condition &quot;i &lt; 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:641: <b>cond_false</b>: Condition &quot;filename[j + 1 + i]&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:642: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i == 10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_false</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:647: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:649: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:651: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:652: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_false</b>: Condition &quot;i == 10&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i == 7&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_true</b>: Condition &quot;i &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_false</b>: Condition &quot;entry-&gt;name[i] == 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:647: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:649: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:651: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:652: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>cond_true</b>: Condition &quot;i &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_false</b>: Condition &quot;i == 10&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>cond_false</b>: Condition &quot;i == 7&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:646: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:647: <b>cond_true</b>: Condition &quot;entry-&gt;name[i] &lt;= 32&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:649: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:651: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:652: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:645: <b>cond_false</b>: Condition &quot;i &gt;= 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:652: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:655: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:659: <b>cond_true</b>: Condition &quot;entry1 &lt; entry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:660: <b>cond_false</b>: Condition &quot;!is_long_name(entry1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:661: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:661: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:659: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:659: <b>cond_true</b>: Condition &quot;entry1 &lt; entry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:660: <b>cond_false</b>: Condition &quot;!is_long_name(entry1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:661: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:661: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:659: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:659: <b>cond_true</b>: Condition &quot;entry1 &lt; entry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/vvfat.c:660: <b>cond_true</b>: Condition &quot;!is_long_name(entry1)&quot;, taking true branch</span>
qemu-kvm-1.2.0/block/vvfat.c:660: <b>overrun-buffer-arg</b>: Overrunning array &quot;entry1-&gt;name&quot; of 8 bytes by passing it to a function which accesses it at byte offset 10 using argument &quot;11UL&quot;.

<a name='def851'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def851'>[#def851]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:218: <b>cond_false</b>: Condition &quot;cmdline[0] == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:219: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:221: <b>cond_true</b>: Condition &quot;rs-&gt;hist_entry != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:225: <b>cond_false</b>: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:227: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:230: <b>cond_true</b>: Condition &quot;idx &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:232: <b>cond_false</b>: Condition &quot;hist_entry == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:233: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:234: <b>cond_false</b>: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:246: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:247: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:230: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:230: <b>cond_true</b>: Condition &quot;idx &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:230: <b>cond_at_most</b>: Checking &quot;idx &lt; 64&quot; implies that the value of &quot;idx&quot; may be up to 63 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:232: <b>cond_false</b>: Condition &quot;hist_entry == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:233: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/readline.c:234: <b>cond_true</b>: Condition &quot;__coverity_strcmp(hist_entry, cmdline) == 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/readline.c:238: <b>overrun-local</b>: Overrunning array of 512 bytes at byte offset 512 by dereferencing pointer &quot;&amp;rs-&gt;history[idx + 1]&quot;.

<a name='def852'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def852'>[#def852]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:558: <b>cond_true</b>: Condition &quot;!f-&gt;last_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:558: <b>cond_true</b>: Condition &quot;f-&gt;is_write == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:558: <b>cond_false</b>: Condition &quot;f-&gt;buf_index &gt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:562: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;!f-&gt;last_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;size &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:566: <b>cond_true</b>: Condition &quot;l &gt; size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:573: <b>cond_true</b>: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:575: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;!f-&gt;last_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;size &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:566: <b>cond_true</b>: Condition &quot;l &gt; size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:573: <b>cond_false</b>: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:574: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:575: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;!f-&gt;last_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;size &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:566: <b>cond_true</b>: Condition &quot;l &gt; size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:573: <b>cond_true</b>: Condition &quot;f-&gt;buf_index &gt;= 32768&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:573: <b>cond_at_least</b>: Checking &quot;f-&gt;buf_index &gt;= 32768&quot; implies that the value of &quot;f-&gt;buf_index&quot; is at least 32768 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:575: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;!f-&gt;last_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:564: <b>cond_true</b>: Condition &quot;size &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:566: <b>cond_true</b>: Condition &quot;l &gt; size&quot;, taking true branch</span>
qemu-kvm-1.2.0/savevm.c:568: <b>overrun-local</b>: Overrunning array of 32768 bytes at byte offset 32768 by dereferencing pointer &quot;&amp;f-&gt;buf[f-&gt;buf_index]&quot;.

<a name='def853'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def853'>[#def853]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3428: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3431: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3442: <b>cond_false</b>: Condition &quot;guest_data - arg &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3445: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3450: <b>switch</b>: Switch case value &quot;3241737481U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3473: <b>switch_case</b>: Reached case &quot;3241737481U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3478: <b>overrun-buffer-val</b>: Overrunning array &quot;arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:88:5: <b>switch</b>: Switch case value &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:133:10: <b>switch_case</b>: Reached case &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:135:9: <b>index_const</b>: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:309:5: <b>deref_parm_in_call</b>: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.</span>
qemu-kvm-1.2.0/thunk.h:87:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;type_ptr&quot;.

<a name='def854'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def854'>[#def854]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3251: <b>overrun-buffer-val</b>: Overrunning array &quot;extent_arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:88:5: <b>switch</b>: Switch case value &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:133:10: <b>switch_case</b>: Reached case &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:135:9: <b>index_const</b>: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:309:5: <b>deref_parm_in_call</b>: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.</span>
qemu-kvm-1.2.0/thunk.h:87:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;type_ptr&quot;.

<a name='def855'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def855'>[#def855]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3337: <b>cond_true</b>: Condition &quot;arg_type[0] == TYPE_PTR&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3338: <b>cond_true</b>: Condition &quot;ie-&gt;access == (3 /* 1 | 2 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3344: <b>cond_false</b>: Condition &quot;!argptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3345: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:3353: <b>overrun-buffer-val</b>: Overrunning array &quot;ifreq_arg_type&quot; of 8 bytes by passing it to a function which accesses it at byte offset 8.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:88:5: <b>switch</b>: Switch case value &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:133:10: <b>switch_case</b>: Reached case &quot;10&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.h:135:9: <b>index_const</b>: Pointer &quot;type_ptr&quot; indexed by constant &quot;2&quot; through dereference in call to &quot;thunk_type_size_array(argtype const *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/thunk.c:309:5: <b>deref_parm_in_call</b>: Function &quot;thunk_type_size(argtype const *, int)&quot; dereferences &quot;type_ptr&quot;.</span>
qemu-kvm-1.2.0/thunk.h:87:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;type_ptr&quot;.

<a name='def856'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def856'>[#def856]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_header.h:93: <b>return_constant</b>: Function call &quot;cpu_mmu_index(env)&quot; returns 4.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_header.h:93: <b>assignment</b>: Assigning: &quot;mmu_idx&quot; = &quot;cpu_mmu_index(env)&quot;. The value of &quot;mmu_idx&quot; is now 4.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_header.h:94: <b>cond_true</b>: Condition &quot;!!(env-&gt;tlb_table[mmu_idx][page_index].addr_code != (addr &amp; (18446744073709543427UL /* ~((1 &lt;&lt; 13) - 1) | 4 - 1 */)))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_header.h:94: <b>cond_true</b>: Condition &quot;!!(env-&gt;tlb_table[mmu_idx][page_index].addr_code != (addr &amp; (18446744073709543427UL /* ~((1 &lt;&lt; 13) - 1) | 4 - 1 */)))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/softmmu_header.h:96: <b>overrun-call</b>: Overrunning callee&apos;s array of size 2 by passing argument &quot;mmu_idx&quot; (which evaluates to 4) in call to &quot;helper_ldl_cmmu(struct CPUARMState *, target_ulong, int)&quot;.</span>
qemu-kvm-1.2.0/softmmu_template.h:108:5: <b>index_parm</b>: Indexing &quot;env-&gt;tlb_table&quot; with &quot;mmu_idx&quot;.

<a name='def857'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def857'>[#def857]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:298: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc &gt; 2048&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:299: <b>assignment</b>: Assigning: &quot;so-&gt;so_urgc&quot; = &quot;2048&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:301: <b>cond_false</b>: Condition &quot;sb-&gt;sb_rptr &lt; sb-&gt;sb_wptr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:307: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:314: <b>cond_false</b>: Condition &quot;len &gt; so-&gt;so_urgc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:314: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:314: <b>cond_at_most</b>: Checking &quot;len &gt; so-&gt;so_urgc&quot; implies that the value of &quot;len&quot; may be up to 2048 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:317: <b>cond_true</b>: Condition &quot;so-&gt;so_urgc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/socket.c:319: <b>cond_true</b>: Condition &quot;n &gt; so-&gt;so_urgc&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/socket.c:320: <b>overrun-local</b>: Overrunning array of 2048 bytes at byte offset 2048 by dereferencing pointer &quot;&amp;buff[len]&quot;.

<a name='def858'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def858'>[#def858]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:303: <b>cond_false</b>: Condition &quot;!s-&gt;enable&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:304: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: <b>cond_true</b>: Condition &quot;plen &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: <b>cond_true</b>: Condition &quot;plen &lt; s-&gt;in_hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:322: <b>assignment</b>: Assigning: &quot;s-&gt;in_data&quot; = &quot;2147483647&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:324: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:325: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:326: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:309: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:310: <b>cond_true</b>: Condition &quot;plen &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_hdr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:313: <b>cond_false</b>: Condition &quot;plen &lt; s-&gt;in_hdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:314: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: <b>cond_true</b>: Condition &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/bt-hci-csr.c:316: <b>cond_at_least</b>: Checking &quot;s-&gt;in_len &gt;= s-&gt;in_data&quot; implies that the value of &quot;s-&gt;in_len&quot; is at least 2147483647 on the true branch.</span>
qemu-kvm-1.2.0/hw/bt-hci-csr.c:319: <b>overrun-local</b>: Overrunning array of 4096 bytes at byte offset 2147483647 by dereferencing pointer &quot;&amp;s-&gt;inpkt[s-&gt;in_len]&quot;.

<a name='def859'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def859'>[#def859]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 0x800&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 0x80&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 0x40&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 0x10&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:221: <b>cond_true</b>: Condition &quot;eflags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:247: <b>cond_true</b>: Condition &quot;i &lt; 6&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:250: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:247: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:247: <b>cond_true</b>: Condition &quot;i &lt; 6&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:250: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:247: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:247: <b>cond_false</b>: Condition &quot;i &lt; 6&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:250: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:281: <b>cond_true</b>: Condition &quot;i &lt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:283: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:281: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:281: <b>cond_true</b>: Condition &quot;i &lt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:283: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:281: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:281: <b>cond_false</b>: Condition &quot;i &lt; 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:283: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:287: <b>cond_true</b>: Condition &quot;flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:288: <b>cond_true</b>: Condition &quot;(unsigned int)env-&gt;cc_op &lt; CC_OP_NB&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:289: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:291: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:306: <b>cond_true</b>: Condition &quot;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:309: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:310: <b>cond_true</b>: Condition &quot;!env-&gt;fptags[i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:311: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:309: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:309: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:310: <b>cond_true</b>: Condition &quot;!env-&gt;fptags[i]&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:311: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:309: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:309: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:311: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:318: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:323: <b>cond_false</b>: Condition &quot;(i &amp; 1) == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:326: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:327: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:318: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:318: <b>cond_true</b>: Condition &quot;i &lt; 8&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:323: <b>cond_true</b>: Condition &quot;(i &amp; 1) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:324: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:326: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:327: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:318: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:318: <b>cond_false</b>: Condition &quot;i &lt; 8&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:327: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:328: <b>cond_true</b>: Condition &quot;env-&gt;hflags &amp; (32768U /* 1 &lt;&lt; 15 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:329: <b>assignment</b>: Assigning: &quot;nb&quot; = &quot;16&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:329: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:331: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:332: <b>cond_true</b>: Condition &quot;i &lt; nb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:339: <b>cond_false</b>: Condition &quot;(i &amp; 1) == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:342: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:343: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:332: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:332: <b>cond_true</b>: Condition &quot;i &lt; nb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-i386/helper.c:332: <b>cond_at_most</b>: Checking &quot;i &lt; nb&quot; implies that the value of &quot;i&quot; may be up to 15 on the true branch.</span>
qemu-kvm-1.2.0/target-i386/helper.c:333: <b>overrun-local</b>: Overrunning array &quot;env-&gt;xmm_regs&quot; of 8 16-byte elements at element index 15 (byte offset 240) using index &quot;i&quot; (which evaluates to 15).

<a name='def860'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def860'>[#def860]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:221: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:224: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:229: <b>alias</b>: Assigning: &quot;cmsg&quot; = &quot;&amp;msg_control.cmsg&quot;. &quot;cmsg&quot; now points to element 0 of &quot;msg_control.cmsg&quot; (which consists of 1 16-byte elements).</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:233: <b>overrun-buffer-arg</b>: Overrunning struct type cmsghdr of 0 bytes by passing it to a function which accesses it at byte offset 3 using argument &quot;4UL&quot;.

<a name='def861'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def861'>[#def861]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:175: <b>cond_false</b>: Condition &quot;r &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:175: <b>cond_at_least</b>: Checking &quot;r &lt; 0&quot; implies that the value of &quot;r&quot; is at least 0 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:175: <b>cond_true</b>: Condition &quot;r &gt; 15&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-cris/translate.c:175: <b>cond_at_least</b>: Checking &quot;r &gt; 15&quot; implies that the value of &quot;r&quot; is at least 16 on the true branch.</span>
qemu-kvm-1.2.0/target-cris/translate.c:177: <b>overrun-local</b>: Overrunning array &quot;cpu_R&quot; of 16 4-byte elements at element index 16 (byte offset 64) using index &quot;r&quot; (which evaluates to 16).

<a name='def862'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def862'>[#def862]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>cond_true</b>: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>cond_true</b>: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>cond_at_most</b>: Checking &quot;i &lt; 512U&quot; implies that the value of &quot;i&quot; may be up to 511 on the true branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:421: <b>illegal_address</b>: &quot;&amp;s-&gt;output_irq[i]&quot; evaluates to an address that is at byte offset 4088 of an array of 512 bytes.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_combiner.c:420: <b>cond_false</b>: Condition &quot;i &lt; 512U /* 64 * 8 */&quot;, taking false branch</span>
qemu-kvm-1.2.0/hw/exynos4210_combiner.c:422: <b>loop_end</b>: Reached end of loop

<a name='def863'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def863'>[#def863]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:166: <b>cond_true</b>: Condition &quot;invalidate&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:179: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:181: <b>cond_true</b>: Condition &quot;nextchr == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:182: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:186: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:188: <b>cond_false</b>: Condition &quot;chr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:189: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:193: <b>cond_false</b>: Condition &quot;chr == 410&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:201: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:208: <b>cond_true</b>: Condition &quot;keycode == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:211: <b>cond_true</b>: Condition &quot;nextchr != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:217: <b>cond_true</b>: Condition &quot;keycode != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:221: <b>cond_true</b>: Condition &quot;keycode &gt;= (1026 /* 2 | 0x400 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:221: <b>cond_true</b>: Condition &quot;keycode &lt; 1035 /* (2 | 0x400) + 9 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:228: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:296: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:179: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:181: <b>cond_true</b>: Condition &quot;nextchr == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:182: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:186: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:188: <b>cond_false</b>: Condition &quot;chr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:189: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:193: <b>cond_false</b>: Condition &quot;chr == 410&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:201: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:208: <b>cond_true</b>: Condition &quot;keycode == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:211: <b>cond_true</b>: Condition &quot;nextchr != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:217: <b>cond_true</b>: Condition &quot;keycode != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:221: <b>cond_true</b>: Condition &quot;keycode &gt;= (1026 /* 2 | 0x400 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:221: <b>cond_false</b>: Condition &quot;keycode &lt; 1035 /* (2 | 0x400) + 9 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:229: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:234: <b>cond_true</b>: Condition &quot;kbd_layout&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:236: <b>cond_false</b>: Condition &quot;chr &lt; 511&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:237: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:236: <b>cond_at_least</b>: Checking &quot;chr &lt; 511&quot; implies that the value of &quot;chr&quot; is at least 511 on the false branch.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:239: <b>cond_true</b>: Condition &quot;keysym == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:240: <b>cond_false</b>: Condition &quot;chr &lt; 32&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:246: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:250: <b>cond_false</b>: Condition &quot;keycode == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:251: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:257: <b>cond_false</b>: Condition &quot;keycode == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:258: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:260: <b>cond_false</b>: Condition &quot;is_graphic_console()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/curses.c:289: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/ui/curses.c:290: <b>overrun-local</b>: Overrunning array &quot;curses2qemu&quot; of 511 4-byte elements at element index 511 (byte offset 2044) using index &quot;chr&quot; (which evaluates to 511).

<a name='def864'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def864'>[#def864]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:251: <b>cond_true</b>: Condition &quot;fp == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:254: <b>cond_false</b>: Condition &quot;t == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:256: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:262: <b>alias</b>: Assigning: &quot;fp-&gt;frag_link.next&quot; = &quot;&amp;fp-&gt;frag_link&quot;. &quot;fp-&gt;frag_link.next&quot; now points to byte 0 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:266: <b>goto</b>: Jumping to label &quot;insert&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:312: <b>label</b>: Reached label &quot;insert&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:319: <b>cond_true</b>: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:321: <b>cond_false</b>: Condition &quot;q-&gt;ipf_ip.ip_off != next&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:322: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:324: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:319: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:319: <b>cond_false</b>: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:324: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:325: <b>cond_false</b>: Condition &quot;((struct ipasfrag *)q-&gt;ipf_link.prev)-&gt;ipf_ip.ip_tos &amp; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:326: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:335: <b>cond_false</b>: Condition &quot;q != (struct ipasfrag *)&amp;fp-&gt;frag_link&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:339: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:347: <b>alias</b>: Assigning: &quot;q&quot; = &quot;fp-&gt;frag_link.next&quot;. &quot;q&quot; now points to byte 0 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:356: <b>cond_false</b>: Condition &quot;m-&gt;m_hdr.mh_flags &amp; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:359: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_input.c:361: <b>alias</b>: Assigning: &quot;ip&quot; = &quot;(char *)q + 16UL&quot;. &quot;ip&quot; now points to byte 16 of &quot;fp-&gt;frag_link&quot; (which consists of 16 bytes).</span>
qemu-kvm-1.2.0/slirp/ip_input.c:362: <b>overrun-local</b>: Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer &quot;ip&quot;.

<a name='def865'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def865'>[#def865]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: <b>switch</b>: Switch case value &quot;1568UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:292: <b>switch_case</b>: Reached case &quot;1568UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:292: <b>equality_cond</b>: Jumping to case &quot;1568UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:293: <b>cond_false</b>: Condition &quot;offset == 1540&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:295: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:296: <b>overrun-local</b>: Overrunning array &quot;(*s).ddr&quot; of 8 4-byte elements at element index 8 (byte offset 32) using index &quot;(offset - 1536UL) / 4UL&quot; (which evaluates to 8).

<a name='def866'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def866'>[#def866]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: <b>switch</b>: Switch case value &quot;2064UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:299: <b>switch_case</b>: Reached case &quot;2064UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:299: <b>equality_cond</b>: Jumping to case &quot;2064UL&quot;.</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:300: <b>overrun-local</b>: Overrunning array &quot;(*s).mio_func&quot; of 4 4-byte elements at element index 4 (byte offset 16) using index &quot;(offset - 2048UL) / 4UL&quot; (which evaluates to 4).

<a name='def867'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def867'>[#def867]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: <b>switch</b>: Switch case value &quot;468UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:268: <b>switch_case</b>: Reached case &quot;468UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:268: <b>equality_cond</b>: Jumping to case &quot;468UL&quot;.</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:269: <b>overrun-local</b>: Overrunning array &quot;(*s).misc&quot; of 9 4-byte elements at element index 9 (byte offset 36) using index &quot;(offset - 432UL) / 4UL&quot; (which evaluates to 9).

<a name='def868'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def868'>[#def868]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:253: <b>switch</b>: Switch case value &quot;600UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:270: <b>switch_case</b>: Reached case &quot;600UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:270: <b>equality_cond</b>: Jumping to case &quot;600UL&quot;.</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:271: <b>overrun-local</b>: Overrunning array &quot;(*s).reset&quot; of 22 4-byte elements at element index 22 (byte offset 88) using index &quot;(offset - 512UL) / 4UL&quot; (which evaluates to 22).

<a name='def869'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def869'>[#def869]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: <b>cond_true</b>: Condition &quot;!(*s).lockval&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: <b>switch</b>: Switch case value &quot;1568UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:427: <b>switch_case</b>: Reached case &quot;1568UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:427: <b>equality_cond</b>: Jumping to case &quot;1568UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:428: <b>cond_false</b>: Condition &quot;offset == 1540&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:430: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:431: <b>overrun-local</b>: Overrunning array &quot;(*s).ddr&quot; of 8 4-byte elements at element index 8 (byte offset 32) using index &quot;(offset - 1536UL) / 4UL&quot; (which evaluates to 8).

<a name='def870'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def870'>[#def870]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: <b>cond_true</b>: Condition &quot;!(*s).lockval&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: <b>switch</b>: Switch case value &quot;2064UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:436: <b>switch_case</b>: Reached case &quot;2064UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:436: <b>equality_cond</b>: Jumping to case &quot;2064UL&quot;.</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:437: <b>overrun-local</b>: Overrunning array &quot;(*s).mio_func&quot; of 4 4-byte elements at element index 4 (byte offset 16) using index &quot;(offset - 2048UL) / 4UL&quot; (which evaluates to 4).

<a name='def871'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def871'>[#def871]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: <b>cond_true</b>: Condition &quot;!(*s).lockval&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: <b>switch</b>: Switch case value &quot;468UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:391: <b>switch_case</b>: Reached case &quot;468UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:391: <b>equality_cond</b>: Jumping to case &quot;468UL&quot;.</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:392: <b>overrun-local</b>: Overrunning array &quot;(*s).misc&quot; of 9 4-byte elements at element index 9 (byte offset 36) using index &quot;(offset - 432UL) / 4UL&quot; (which evaluates to 9).

<a name='def872'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def872'>[#def872]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:348: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:375: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:377: <b>cond_true</b>: Condition &quot;!(*s).lockval&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:378: <b>switch</b>: Switch case value &quot;600UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:394: <b>switch_case</b>: Reached case &quot;600UL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:394: <b>equality_cond</b>: Jumping to case &quot;600UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:395: <b>cond_false</b>: Condition &quot;offset == 592&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/zynq_slcr.c:397: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/zynq_slcr.c:398: <b>overrun-local</b>: Overrunning array &quot;(*s).reset&quot; of 22 4-byte elements at element index 22 (byte offset 88) using index &quot;(offset - 512UL) / 4UL&quot; (which evaluates to 22).

<a name='def873'/><b>Error: <span style='background: #C0FF00;'>OVERRUN</span>:</b> <a href ='#def873'>[#def873]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: <b>cond_true</b>: Condition &quot;type != 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: <b>cond_false</b>: Condition &quot;type != 11&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:258: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:261: <b>cond_false</b>: Condition &quot;!msrc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:270: <b>cond_false</b>: Condition &quot;ip-&gt;ip_off &amp; 0x1fff&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:273: <b>cond_false</b>: Condition &quot;(ip-&gt;ip_src.s_addr &amp; __bswap_32(268435455U /* ~(0xf &lt;&lt; 28) */)) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:275: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:279: <b>cond_true</b>: Condition &quot;ip-&gt;ip_p == IPPROTO_ICMP&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: <b>cond_false</b>: Condition &quot;icp-&gt;icmp_type &gt; 18&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: <b>cond_false</b>: Condition &quot;icmp_flush[icp-&gt;icmp_type]&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:285: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:290: <b>cond_false</b>: Condition &quot;!m&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:292: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:296: <b>cond_true</b>: Condition &quot;new_m_size &gt; m-&gt;m_hdr.mh_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:311: <b>cond_false</b>: Condition &quot;minsize&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:312: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:312: <b>cond_true</b>: Condition &quot;s_ip_len &gt; 548U /* 576 - 28 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/ip_icmp.c:313: <b>assignment</b>: Assigning: &quot;s_ip_len&quot; = &quot;548U&quot;.</span>
qemu-kvm-1.2.0/slirp/ip_icmp.c:324: <b>overrun-buffer-arg</b>: Overrunning struct type ip of 20 bytes by passing it to a function which accesses it at byte offset 547 using argument &quot;s_ip_len&quot; (which evaluates to 548).

<a name='def874'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def874'>[#def874]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1103: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1103: <b>var_assign</b>: Assigning: &quot;sockfd&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1104: <b>cond_false</b>: Condition &quot;sockfd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1107: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1111: <b>noescape</b>: Resource &quot;sockfd&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1111: <b>cond_true</b>: Condition &quot;connect(sockfd, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;helper}), size) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1113: <b>leaked_handle</b>: Handle variable &quot;sockfd&quot; going out of scope leaks the handle.

<a name='def875'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def875'>[#def875]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:245: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:245: <b>var_assign</b>: Assigning: &quot;pidfd&quot; = handle returned from &quot;open(pidfile, 65, 384)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:246: <b>cond_false</b>: Condition &quot;pidfd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:246: <b>cond_false</b>: Condition &quot;lockf(pidfd, 2, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:252: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>noescape</b>: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;ftruncate(int, __off64_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>cond_false</b>: Condition &quot;ftruncate(pidfd, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>noescape</b>: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;lseek(int, __off64_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>cond_true</b>: Condition &quot;lseek(pidfd, 0, 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:256: <b>goto</b>: Jumping to label &quot;fail&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:266: <b>label</b>: Reached label &quot;fail&quot;</span>
qemu-kvm-1.2.0/qemu-ga.c:268: <b>leaked_handle</b>: Handle variable &quot;pidfd&quot; going out of scope leaks the handle.

<a name='def876'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def876'>[#def876]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:245: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:245: <b>var_assign</b>: Assigning: &quot;pidfd&quot; = handle returned from &quot;open(pidfile, 65, 384)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:246: <b>cond_false</b>: Condition &quot;pidfd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:246: <b>cond_false</b>: Condition &quot;lockf(pidfd, 2, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:252: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>noescape</b>: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;ftruncate(int, __off64_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>cond_false</b>: Condition &quot;ftruncate(pidfd, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>noescape</b>: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;lseek(int, __off64_t, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:254: <b>cond_false</b>: Condition &quot;lseek(pidfd, 0, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:257: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:259: <b>noescape</b>: Resource &quot;pidfd&quot; is not freed or pointed-to in function &quot;write(int, void const *, size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:259: <b>cond_false</b>: Condition &quot;write(pidfd, pidstr, strlen(pidstr)) != strlen(pidstr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:262: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-ga.c:264: <b>leaked_handle</b>: Handle variable &quot;pidfd&quot; going out of scope leaks the handle.

<a name='def877'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def877'>[#def877]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:131: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:131: <b>var_assign</b>: Assigning: &quot;nullfd&quot; = handle returned from &quot;open(&quot;/dev/null&quot;, 2)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:132: <b>cond_false</b>: Condition &quot;nullfd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:134: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:136: <b>noescape</b>: Resource &quot;nullfd&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:138: <b>cond_false</b>: Condition &quot;nullfd != fd&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-ga.c:140: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-ga.c:141: <b>leaked_handle</b>: Handle variable &quot;nullfd&quot; going out of scope leaks the handle.

<a name='def878'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def878'>[#def878]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2600: <b>switch</b>: Switch case value &quot;13&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2607: <b>switch_case</b>: Reached case &quot;13&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2609: <b>alloc_arg</b>: &quot;target_to_host_semarray(int, unsigned short **, abi_ulong)&quot; allocates memory that is stored into &quot;array&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2539:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2540:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2544:5: <b>alloc_fn</b>: Storage is returned from allocation function &quot;malloc(size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2544:5: <b>var_assign</b>: Assigning: &quot;*host_array&quot; = &quot;malloc(nsems * 2UL)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2547:5: <b>cond_true</b>: Condition &quot;!array&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:2610: <b>cond_true</b>: Condition &quot;err&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/syscall.c:2611: <b>leaked_storage</b>: Variable &quot;array&quot; going out of scope leaks the storage it points to.

<a name='def879'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def879'>[#def879]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:346: <b>open_fn</b>: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:161:5: <b>cond_false</b>: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:189:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:192:5: <b>cond_true</b>: Condition &quot;flags &amp; 0x40&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:209:5: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:346: <b>var_assign</b>: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(filename, 66, 384)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:347: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:349: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:350: <b>cond_false</b>: Condition &quot;lockf(fd, 2, 0) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:353: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:355: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;write(int, void const *, size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:355: <b>cond_false</b>: Condition &quot;write(fd, buffer, len) != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/os-posix.c:358: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/os-posix.c:361: <b>leaked_handle</b>: Handle variable &quot;fd&quot; going out of scope leaks the handle.

<a name='def880'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def880'>[#def880]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>cond_true</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:717: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def881'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def881'>[#def881]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>cond_false</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: <b>cond_true</b>: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:721: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def882'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def882'>[#def882]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>cond_false</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: <b>cond_false</b>: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: <b>cond_true</b>: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:725: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def883'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def883'>[#def883]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>cond_false</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: <b>cond_false</b>: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: <b>cond_false</b>: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:728: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:729: <b>cond_true</b>: Condition &quot;client &lt; 0&quot;, taking true branch</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:731: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def884'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def884'>[#def884]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:703: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:714: <b>cond_false</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;proxy}), 110U /* sizeof (struct sockaddr_un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:718: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:719: <b>cond_false</b>: Condition &quot;chown(proxy.sun_path, uid, gid) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:722: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:723: <b>cond_false</b>: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:728: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:729: <b>cond_false</b>: Condition &quot;client &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:732: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:733: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def885'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def885'>[#def885]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1628: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1713: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1714: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1715: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1724: <b>cond_false</b>: Condition &quot;error == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1732: <b>cond_true</b>: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1737: <b>cond_true</b>: Condition &quot;elf_prot &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1738: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1741: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1745: <b>cond_true</b>: Condition &quot;elf_prot &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1746: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1749: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1752: <b>cond_true</b>: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1783: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1784: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1713: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1714: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1715: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1724: <b>cond_false</b>: Condition &quot;error == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1732: <b>cond_true</b>: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1737: <b>cond_true</b>: Condition &quot;elf_prot &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1738: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1741: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1745: <b>cond_true</b>: Condition &quot;elf_prot &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1746: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1749: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1752: <b>cond_true</b>: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1783: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1784: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1763: <b>alloc_fn</b>: Storage is returned from allocation function &quot;malloc(size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1763: <b>var_assign</b>: Assigning: &quot;interp_name&quot; = storage returned from &quot;malloc(eppnt-&gt;p_filesz)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1764: <b>cond_false</b>: Condition &quot;!interp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1766: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1768: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1769: <b>noescape</b>: Resource &quot;interp_name&quot; is not freed or pointed-to in function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1771: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1777: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1778: <b>cond_true</b>: Condition &quot;interp_name[eppnt-&gt;p_filesz - 1] != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1780: <b>goto</b>: Jumping to label &quot;exit_errmsg&quot;</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1780: <b>leaked_storage</b>: Variable &quot;interp_name&quot; going out of scope leaks the storage it points to.

<a name='def886'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def886'>[#def886]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1628: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1713: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1714: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1715: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1724: <b>cond_false</b>: Condition &quot;error == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1732: <b>cond_true</b>: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1737: <b>cond_true</b>: Condition &quot;elf_prot &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1738: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1741: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1745: <b>cond_true</b>: Condition &quot;elf_prot &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1746: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1749: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1752: <b>cond_true</b>: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1783: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1784: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1713: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1714: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1715: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1724: <b>cond_false</b>: Condition &quot;error == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1726: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1732: <b>cond_true</b>: Condition &quot;vaddr_ef &lt; vaddr_em&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1737: <b>cond_true</b>: Condition &quot;elf_prot &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1738: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1741: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_code&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1745: <b>cond_true</b>: Condition &quot;elf_prot &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1746: <b>cond_true</b>: Condition &quot;vaddr &lt; info-&gt;start_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1749: <b>cond_true</b>: Condition &quot;vaddr_ef &gt; info-&gt;end_data&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1752: <b>cond_true</b>: Condition &quot;vaddr_em &gt; info-&gt;brk&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1783: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1784: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1763: <b>alloc_fn</b>: Storage is returned from allocation function &quot;malloc(size_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1763: <b>var_assign</b>: Assigning: &quot;interp_name&quot; = storage returned from &quot;malloc(eppnt-&gt;p_filesz)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1764: <b>cond_false</b>: Condition &quot;!interp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1766: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1768: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1771: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1772: <b>noescape</b>: Resource &quot;interp_name&quot; is not freed or pointed-to in function &quot;pread(int, void *, size_t, __off64_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1774: <b>cond_true</b>: Condition &quot;retval != eppnt-&gt;p_filesz&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1775: <b>goto</b>: Jumping to label &quot;exit_perror&quot;</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1775: <b>leaked_storage</b>: Variable &quot;interp_name&quot; going out of scope leaks the storage it points to.

<a name='def887'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def887'>[#def887]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:128: <b>switch</b>: Switch case value &quot;GA_CHANNEL_VIRTIO_SERIAL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:129: <b>switch_case</b>: Reached case &quot;GA_CHANNEL_VIRTIO_SERIAL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:130: <b>open_fn</b>: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:161:5: <b>cond_false</b>: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:189:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:192:5: <b>cond_true</b>: Condition &quot;flags &amp; 0x40&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:209:5: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:130: <b>var_assign</b>: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(path, 10242)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:135: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:138: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:147: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: <b>noescape</b>: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:148: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:151: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:152: <b>break</b>: Breaking from switch</span>
qemu-kvm-1.2.0/qga/channel-posix.c:152: <b>leaked_handle</b>: Handle variable &quot;fd&quot; going out of scope leaks the handle.

<a name='def888'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def888'>[#def888]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:128: <b>switch</b>: Switch case value &quot;GA_CHANNEL_ISA_SERIAL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:154: <b>switch_case</b>: Reached case &quot;GA_CHANNEL_ISA_SERIAL&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:156: <b>open_fn</b>: Returning handle opened by function &quot;qemu_open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:161:5: <b>cond_false</b>: Condition &quot;strstart(name, &quot;/dev/fdset/&quot;, &amp;fdset_id_str)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:189:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:192:5: <b>cond_true</b>: Condition &quot;flags &amp; 0x40&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:201:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;open(name, flags | 0x80000, mode)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:209:5: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:156: <b>var_assign</b>: Assigning: &quot;fd&quot; = handle returned from &quot;qemu_open(path, 2306)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:157: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:160: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:161: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcgetattr(int, struct termios *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:175: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcflush(int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:176: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;tcsetattr(int, int, struct termios const *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:177: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: <b>noescape</b>: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:178: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:180: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:181: <b>break</b>: Breaking from switch</span>
qemu-kvm-1.2.0/qga/channel-posix.c:181: <b>leaked_handle</b>: Handle variable &quot;fd&quot; going out of scope leaks the handle.

<a name='def889'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def889'>[#def889]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:128: <b>switch</b>: Switch case value &quot;GA_CHANNEL_UNIX_LISTEN&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:183: <b>switch_case</b>: Reached case &quot;GA_CHANNEL_UNIX_LISTEN&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:184: <b>open_fn</b>: Returning handle opened by function &quot;unix_listen(char const *, char *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:744:5: <b>cond_false</b>: Condition &quot;optstr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:752:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:756:5: <b>open_fn</b>: Returning handle opened by function &quot;unix_listen_opts(QemuOpts *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:663:5: <b>open_fn</b>: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;ret != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:663:5: <b>var_assign</b>: Assigning: &quot;sock&quot; = &quot;qemu_socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:664:5: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:667:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:671:5: <b>cond_false</b>: Condition &quot;path&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:673:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:675:9: <b>cond_true</b>: Condition &quot;tmpdir&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:689:5: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;bind(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:689:5: <b>cond_false</b>: Condition &quot;bind(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;un}), 110U /* sizeof (un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:692:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:693:5: <b>cond_false</b>: Condition &quot;listen(sock, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:696:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:698:5: <b>return_handle</b>: Returning opened handle &quot;sock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:756:5: <b>var_assign</b>: Assigning: &quot;sock&quot; = &quot;unix_listen_opts(opts)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:758:5: <b>cond_true</b>: Condition &quot;sock != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:758:5: <b>cond_true</b>: Condition &quot;ostr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:759:9: <b>cond_false</b>: Condition &quot;optstr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:761:5: <b>return_handle</b>: Returning opened handle &quot;sock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:184: <b>var_assign</b>: Assigning: &quot;fd&quot; = handle returned from &quot;unix_listen(path, NULL, strlen(path))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:185: <b>cond_false</b>: Condition &quot;fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:188: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:189: <b>noescape</b>: Resource &quot;fd&quot; is not freed or pointed-to in function &quot;ga_channel_listen_add(GAChannel *, int, bool)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:55:53: <b>noescape</b>: &quot;ga_channel_listen_add(GAChannel *, int, bool)&quot; does not free or save its handle parameter &quot;listen_fd&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:190: <b>break</b>: Breaking from switch</span>
qemu-kvm-1.2.0/qga/channel-posix.c:190: <b>leaked_handle</b>: Handle variable &quot;fd&quot; going out of scope leaks the handle.

<a name='def890'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def890'>[#def890]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>cond_true</b>: Condition &quot;channel != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>cond_true</b>: Condition &quot;({...})&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:31: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:33: <b>open_fn</b>: Returning handle opened by function &quot;qemu_accept(int, struct sockaddr *, socklen_t *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:294:5: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:294:5: <b>cond_false</b>: Condition &quot;*__errno_location() != 38&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:296:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:298:5: <b>open_fn</b>: Returning handle opened by function &quot;accept(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:298:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;accept(s, __SOCKADDR_ARG({ .__sockaddr__ = addr}), addrlen)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:299:5: <b>cond_true</b>: Condition &quot;ret &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:300:9: <b>noescape</b>: Resource &quot;ret&quot; is not freed or pointed-to in function &quot;qemu_set_cloexec(int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:157:27: <b>noescape</b>: &quot;qemu_set_cloexec(int)&quot; does not free or save its handle parameter &quot;fd&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:303:5: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:33: <b>var_assign</b>: Assigning: &quot;client_fd&quot; = handle returned from &quot;qemu_accept(g_io_channel_unix_get_fd(channel), (struct sockaddr *)&amp;addr, &amp;addrlen)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:35: <b>cond_false</b>: Condition &quot;client_fd == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:38: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:39: <b>noescape</b>: Resource &quot;client_fd&quot; is not freed or pointed-to in function &quot;fcntl(int, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:40: <b>noescape</b>: Resource &quot;client_fd&quot; is not freed or pointed-to in function &quot;ga_channel_client_add(GAChannel *, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:103:52: <b>noescape</b>: &quot;ga_channel_client_add(GAChannel *, int)&quot; does not free or save its handle parameter &quot;fd&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:41: <b>cond_false</b>: Condition &quot;ret&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:44: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/channel-posix.c:49: <b>cond_false</b>: Condition &quot;!accepted&quot;, taking false branch</span>
qemu-kvm-1.2.0/qga/channel-posix.c:49: <b>leaked_handle</b>: Handle variable &quot;client_fd&quot; going out of scope leaks the handle.

<a name='def891'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def891'>[#def891]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:220: <b>open_fn</b>: Returning handle opened by function &quot;unix_socket_outgoing(char const *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:192:5: <b>open_fn</b>: Returning handle opened by function &quot;unix_connect(char const *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:771:5: <b>open_fn</b>: Returning handle opened by function &quot;unix_connect_opts(QemuOpts *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:711:5: <b>cond_false</b>: Condition &quot;NULL == path&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:714:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:716:5: <b>open_fn</b>: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;ret != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:716:5: <b>var_assign</b>: Assigning: &quot;sock&quot; = &quot;qemu_socket(1, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:717:5: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:720:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:725:5: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:725:5: <b>cond_false</b>: Condition &quot;connect(sock, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;un}), 110U /* sizeof (un) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:729:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:731:5: <b>return_handle</b>: Returning opened handle &quot;sock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:771:5: <b>var_assign</b>: Assigning: &quot;sock&quot; = &quot;unix_connect_opts(opts)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:773:5: <b>return_handle</b>: Returning opened handle &quot;sock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:192:5: <b>return_handle_fn</b>: Directly returning handle opened by &quot;unix_connect(char const *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:220: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;unix_socket_outgoing(sockpath)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:221: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:223: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:225: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;nbd_receive_negotiate(int, char const *, uint32_t *, off_t *, size_t *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:246:31: <b>noescape</b>: &quot;nbd_receive_negotiate(int, char const *, uint32_t *, off_t *, size_t *)&quot; does not free or save its handle parameter &quot;csock&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:227: <b>cond_true</b>: Condition &quot;ret &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:228: <b>goto</b>: Jumping to label &quot;out&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-nbd.c:262: <b>label</b>: Reached label &quot;out&quot;</span>
qemu-kvm-1.2.0/qemu-nbd.c:264: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def892'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def892'>[#def892]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:128: <b>cond_false</b>: Condition &quot;do_pty == 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:130: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;(s = qemu_socket(2, SOCK_STREAM, 0)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;bind(s, __CONST_SOCKADDR_ARG({ .__sockaddr__ = (struct sockaddr *)&amp;addr}), addrlen) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:135: <b>cond_false</b>: Condition &quot;listen(s, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:146: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:152: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:162: <b>open_fn</b>: Returning handle opened by function &quot;qemu_socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:272:5: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;socket(domain, type | 0x80000, protocol)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:273:5: <b>cond_true</b>: Condition &quot;ret != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/osdep.c:274:9: <b>return_handle</b>: Returning opened handle &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:162: <b>var_assign</b>: Assigning: &quot;s&quot; = handle returned from &quot;qemu_socket(2, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:165: <b>noescape</b>: Resource &quot;s&quot; is not freed or pointed-to in function &quot;connect(int, __CONST_SOCKADDR_ARG, socklen_t)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:166: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:168: <b>noescape</b>: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:169: <b>noescape</b>: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/misc.c:170: <b>noescape</b>: Resource &quot;s&quot; is not freed or pointed-to in function &quot;dup2(int, int)&quot;.</span>
qemu-kvm-1.2.0/slirp/misc.c:171: <b>overwrite_var</b>: Overwriting handle &quot;s&quot; in &quot;s = getdtablesize() - 1&quot; leaks the handle.

<a name='def893'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def893'>[#def893]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:785: <b>cond_false</b>: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:790: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:792: <b>cond_true</b>: Condition &quot;ifa&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:806: <b>cond_true</b>: Condition &quot;!info&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:811: <b>cond_true</b>: Condition &quot;!cur_item&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:813: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:816: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:823: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:828: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>cond_false</b>: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:839: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:843: <b>cond_false</b>: Condition &quot;asprintf(&amp;info-&gt;value-&gt;hardware_address, &quot;%02x:%02x:%02x:%02x:%02x:%02x&quot;, (int)mac_addr[0], (int)mac_addr[1], (int)mac_addr[2], (int)mac_addr[3], (int)mac_addr[4], (int)mac_addr[5]) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:852: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:858: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_addr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:858: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_addr-&gt;sa_family == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:864: <b>cond_false</b>: Condition &quot;!inet_ntop(2, p, addr4, 16U /* sizeof (addr4) */)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:869: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:874: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_netmask&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:880: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:906: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:908: <b>cond_false</b>: Condition &quot;!address_item&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:910: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:914: <b>cond_true</b>: Condition &quot;*address_list&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:914: <b>cond_true</b>: Condition &quot;(*address_list)-&gt;next&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:916: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:914: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:914: <b>cond_true</b>: Condition &quot;*address_list&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:914: <b>cond_false</b>: Condition &quot;(*address_list)-&gt;next&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:916: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:918: <b>cond_false</b>: Condition &quot;!*address_list&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:920: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:792: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:792: <b>cond_true</b>: Condition &quot;ifa&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:806: <b>cond_false</b>: Condition &quot;!info&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:817: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:822: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:822: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(2, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:823: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:828: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;ioctl(int, unsigned long, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>cond_true</b>: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:838: <b>goto</b>: Jumping to label &quot;error&quot;</span>
qemu-kvm-1.2.0/qga/commands-posix.c:838: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def894'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def894'>[#def894]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:785: <b>cond_false</b>: Condition &quot;getifaddrs(&amp;ifap) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:790: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:792: <b>cond_true</b>: Condition &quot;ifa&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:806: <b>cond_true</b>: Condition &quot;!info&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:811: <b>cond_true</b>: Condition &quot;!cur_item&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:813: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:816: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;!info-&gt;value-&gt;has_hardware_address&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:819: <b>cond_true</b>: Condition &quot;ifa-&gt;ifa_flags &amp; 35111&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:822: <b>open_fn</b>: Returning handle opened by function &quot;socket(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:822: <b>var_assign</b>: Assigning: &quot;sock&quot; = handle returned from &quot;socket(2, 1, 0)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:823: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:828: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>noescape</b>: Resource &quot;sock&quot; is not freed or pointed-to in function &quot;ioctl(int, unsigned long, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:832: <b>cond_false</b>: Condition &quot;ioctl(sock, 35111, &amp;ifr) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:839: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:843: <b>cond_true</b>: Condition &quot;asprintf(&amp;info-&gt;value-&gt;hardware_address, &quot;%02x:%02x:%02x:%02x:%02x:%02x&quot;, (int)mac_addr[0], (int)mac_addr[1], (int)mac_addr[2], (int)mac_addr[3], (int)mac_addr[4], (int)mac_addr[5]) == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qga/commands-posix.c:851: <b>goto</b>: Jumping to label &quot;error&quot;</span>
qemu-kvm-1.2.0/qga/commands-posix.c:851: <b>leaked_handle</b>: Handle variable &quot;sock&quot; going out of scope leaks the handle.

<a name='def895'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def895'>[#def895]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:173: <b>switch</b>: Switch case value &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:177: <b>switch_case</b>: Reached case &quot;2&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:178: <b>cond_false</b>: Condition &quot;use_gdb_syscalls()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:182: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: <b>cond_false</b>: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:183: <b>cond_false</b>: Condition &quot;!(p = lock_user_string(({...})))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:186: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>cond_false</b>: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>cond_false</b>: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:187: <b>var_assign</b>: Assigning: &quot;result&quot; = handle returned from &quot;open(p, translate_openflags(({...})), ({...}))&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:188: <b>cond_false</b>: Condition &quot;__hptr = lock_user(0, __gaddr, 4L /* sizeof (abi_ulong) */, 1)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:188: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:191: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:404: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:406: <b>cond_false</b>: Condition &quot;__hptr = lock_user(1, __gaddr, 4L /* sizeof (uint32_t) */, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:406: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:407: <b>cond_false</b>: Condition &quot;__hptr = lock_user(1, __gaddr, 4L /* sizeof (uint32_t) */, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/target-m68k/m68k-semi.c:407: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/target-m68k/m68k-semi.c:408: <b>leaked_handle</b>: Handle variable &quot;result&quot; going out of scope leaks the handle.

<a name='def896'/><b>Error: <span style='background: #C0FF00;'>RESOURCE_LEAK</span> (CWE-404):</b> <a href ='#def896'>[#def896]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/m68k-sim.c:104: <b>switch</b>: Switch case value &quot;5&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/m68k-sim.c:113: <b>switch_case</b>: Reached case &quot;5&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/m68k-sim.c:114: <b>open_fn</b>: Returning handle opened by function &quot;open(char const *, int, ...)&quot;.</span>
qemu-kvm-1.2.0/linux-user/m68k-sim.c:114: <b>leaked_handle</b>: Ignoring handle opened by &quot;open((char *)(unsigned long)tswap32(args[0]), translate_openflags(tswap32(args[1])), tswap32(args[2]))&quot; leaks it.

<a name='def897'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def897'>[#def897]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/spapr_pci.c:68: <b>deref_ptr</b>: Directly dereferencing pointer &quot;phb&quot;.</span>
qemu-kvm-1.2.0/hw/spapr_pci.c:72: <b>check_after_deref</b>: Null-checking &quot;phb&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def898'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def898'>[#def898]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:2722: <b>deref_ptr_in_call</b>: Dereferencing pointer &quot;s-&gt;chr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:482:5: <b>deref_parm_in_call</b>: Function &quot;put_packet_binary(GDBState *, char const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:446:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:452:9: <b>cond_true</b>: Condition &quot;i &lt; len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:454:9: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:452:9: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:452:9: <b>cond_true</b>: Condition &quot;i &lt; len&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:454:9: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:452:9: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:452:9: <b>cond_false</b>: Condition &quot;i &lt; len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:454:9: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:460:9: <b>deref_parm_in_call</b>: Function &quot;put_buffer(GDBState *, uint8_t const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/gdbstub.c:393:5: <b>deref_parm_in_call</b>: Function &quot;qemu_chr_fe_write(CharDriverState *, uint8_t const *, int)&quot; dereferences &quot;s-&gt;chr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:160:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;s&quot;.</span>
qemu-kvm-1.2.0/gdbstub.c:2725: <b>check_after_deref</b>: Null-checking &quot;s-&gt;chr&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def899'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def899'>[#def899]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/exynos4210_fimd.c:1252: <b>deref_ptr</b>: Directly dereferencing pointer &quot;s&quot;.</span>
qemu-kvm-1.2.0/hw/exynos4210_fimd.c:1256: <b>check_after_deref</b>: Null-checking &quot;s&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def900'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def900'>[#def900]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:446: <b>deref_ptr</b>: Directly dereferencing pointer &quot;peer&quot;.</span>
qemu-kvm-1.2.0/qemu-sockets.c:508: <b>check_after_deref</b>: Null-checking &quot;peer&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def901'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def901'>[#def901]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/dev-storage.c:432: <b>deref_ptr_in_call</b>: Dereferencing pointer &quot;s-&gt;req&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/scsi-bus.c:692:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;req&quot;.</span>
qemu-kvm-1.2.0/hw/usb/dev-storage.c:433: <b>check_after_deref</b>: Null-checking &quot;s-&gt;req&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def902'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def902'>[#def902]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/migration.c:286: <b>deref_ptr_in_call</b>: Dereferencing pointer &quot;s-&gt;file&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/savevm.c:551:5: <b>deref_parm</b>: Directly dereferencing parameter &quot;f&quot;.</span>
qemu-kvm-1.2.0/migration.c:287: <b>check_after_deref</b>: Null-checking &quot;s-&gt;file&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def903'/><b>Error: <span style='background: #C0FF00;'>REVERSE_INULL</span> (CWE-476):</b> <a href ='#def903'>[#def903]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/ui/keymaps.c:131: <b>deref_ptr_in_call</b>: Dereferencing pointer &quot;rest&quot;.</span>
qemu-kvm-1.2.0/ui/keymaps.c:133: <b>check_after_deref</b>: Null-checking &quot;rest&quot; suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

<a name='def904'/><b>Error: <span style='background: #C0FF00;'>SECURE_TEMP</span> (CWE-377):</b> <a href ='#def904'>[#def904]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:430: <b>cond_true</b>: Condition &quot;!tmpdir&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:432: <b>cond_false</b>: Condition &quot;snprintf(filename, size, &quot;%s/vl.XXXXXX&quot;, tmpdir) &gt;= size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/block.c:434: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/block.c:435: <b>secure_temp</b>: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.

<a name='def905'/><b>Error: <span style='background: #C0FF00;'>SECURE_TEMP</span> (CWE-377):</b> <a href ='#def905'>[#def905]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2375: <b>cond_false</b>: Condition &quot;!hpagesize&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2377: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2379: <b>cond_false</b>: Condition &quot;memory &lt; hpagesize&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2383: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2388: <b>cond_false</b>: Condition &quot;asprintf(&amp;filename, &quot;%s/qemu_back_mem.XXXXXX&quot;, path) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/exec.c:2390: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/exec.c:2392: <b>secure_temp</b>: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.

<a name='def906'/><b>Error: <span style='background: #C0FF00;'>SECURE_TEMP</span> (CWE-377):</b> <a href ='#def906'>[#def906]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5052: <b>cond_true</b>: Condition &quot;fake_open-&gt;filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5053: <b>cond_true</b>: Condition &quot;!__coverity_strncmp(pathname, fake_open-&gt;filename, strlen(fake_open-&gt;filename))&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5055: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5057: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5059: <b>cond_true</b>: Condition &quot;fake_open-&gt;filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5066: <b>cond_true</b>: Condition &quot;!tmpdir&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/syscall.c:5069: <b>secure_temp</b>: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.

<a name='def907'/><b>Error: <span style='background: #C0FF00;'>SECURE_TEMP</span> (CWE-377):</b> <a href ='#def907'>[#def907]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:664: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:671: <b>cond_true</b>: Condition &quot;path&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:671: <b>cond_false</b>: Condition &quot;strlen(path)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:673: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-sockets.c:675: <b>cond_true</b>: Condition &quot;tmpdir&quot;, taking true branch</span>
qemu-kvm-1.2.0/qemu-sockets.c:684: <b>secure_temp</b>: Calling &quot;mkstemp(char *)&quot; without securely setting umask first.

<a name='def908'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def908'>[#def908]</a>
qemu-kvm-1.2.0/hw/omap_dma.c:1267: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def909'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def909'>[#def909]</a>
qemu-kvm-1.2.0/hw/omap_dma.c:1277: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def910'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def910'>[#def910]</a>
qemu-kvm-1.2.0/hw/omap_dma.c:1287: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def911'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def911'>[#def911]</a>
qemu-kvm-1.2.0/hw/omap_dma.c:1297: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def912'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def912'>[#def912]</a>
qemu-kvm-1.2.0/hw/omap_dma.c:1045: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;value&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;value &lt;&lt; 16&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;value &lt;&lt; 16&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def913'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def913'>[#def913]</a>
qemu-kvm-1.2.0/hw/omap1.c:2704: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;from_bcd(value)&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;from_bcd(value) * 31536000&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed).  If &quot;from_bcd(value) * 31536000&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def914'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def914'>[#def914]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:204: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def915'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def915'>[#def915]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:223: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[38]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def916'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def916'>[#def916]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:243: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[20]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[23]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[20] &lt;&lt; 16) | s-&gt;regs[23]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def917'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def917'>[#def917]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:381: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[11]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[11] &lt;&lt; 16) | s-&gt;regs[10]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[11] &lt;&lt; 16) | s-&gt;regs[10]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def918'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def918'>[#def918]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:355: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def919'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def919'>[#def919]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:390: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def920'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def920'>[#def920]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:424: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def921'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def921'>[#def921]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:431: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[6]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[6] &lt;&lt; 16) | s-&gt;regs[32]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def922'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def922'>[#def922]</a>
qemu-kvm-1.2.0/hw/megasas.c:391: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;id&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;id &lt;&lt; 24&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;id &lt;&lt; 24&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def923'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def923'>[#def923]</a>
qemu-kvm-1.2.0/hw/fdc.c:136: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;parse-&gt;last_sect&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(parse-&gt;max_head + 1) * parse-&gt;max_track * parse-&gt;last_sect&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(parse-&gt;max_head + 1) * parse-&gt;max_track * parse-&gt;last_sect&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def924'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def924'>[#def924]</a>
qemu-kvm-1.2.0/cris-dis.c:2114: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed).  If &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def925'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def925'>[#def925]</a>
qemu-kvm-1.2.0/cris-dis.c:2331: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;prefix_buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed).  If &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def926'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def926'>[#def926]</a>
qemu-kvm-1.2.0/cris-dis.c:2025: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;buffer[2] + buffer[3] * 256 + buffer[4] * 65536 + buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def927'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def927'>[#def927]</a>
qemu-kvm-1.2.0/cris-dis.c:2217: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;prefix_buffer[5]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;prefix_buffer[2] + prefix_buffer[3] * 256 + prefix_buffer[4] * 65536 + prefix_buffer[5] * 16777216&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def928'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def928'>[#def928]</a>
qemu-kvm-1.2.0/m68k-dis.c:4693: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;data[cur_byte]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;data[cur_byte] &lt;&lt; cur_bitshift&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;data[cur_byte] &lt;&lt; cur_bitshift&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def929'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def929'>[#def929]</a>
qemu-kvm-1.2.0/hw/lan9118.c:1159: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;write_word_h&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;s-&gt;write_word_l + (s-&gt;write_word_h &lt;&lt; 16)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;s-&gt;write_word_l + (s-&gt;write_word_h &lt;&lt; 16)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def930'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def930'>[#def930]</a>
qemu-kvm-1.2.0/hw/qxl-render.c:199: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;cursor-&gt;header.height&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def931'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def931'>[#def931]</a>
qemu-kvm-1.2.0/hw/qxl-render.c:199: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;cursor-&gt;header.width&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;cursor-&gt;header.width * cursor-&gt;header.height&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def932'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def932'>[#def932]</a>
qemu-kvm-1.2.0/hw/mcf_fec.c:235: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(s-&gt;conf.macaddr.a[0] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[1] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 8) | s-&gt;conf.macaddr.a[3]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;conf.macaddr.a[0] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[1] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 8) | s-&gt;conf.macaddr.a[3]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def933'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def933'>[#def933]</a>
qemu-kvm-1.2.0/hw/mcf_fec.c:239: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[4]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(s-&gt;conf.macaddr.a[4] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[5] &lt;&lt; 16) | 0x8808&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;conf.macaddr.a[4] &lt;&lt; 24) | (s-&gt;conf.macaddr.a[5] &lt;&lt; 16) | 0x8808&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def934'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def934'>[#def934]</a>
qemu-kvm-1.2.0/hw/stellaris_enet.c:173: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;conf.macaddr.a[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;s-&gt;conf.macaddr.a[0] | (s-&gt;conf.macaddr.a[1] &lt;&lt; 8) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[3] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;s-&gt;conf.macaddr.a[0] | (s-&gt;conf.macaddr.a[1] &lt;&lt; 8) | (s-&gt;conf.macaddr.a[2] &lt;&lt; 16) | (s-&gt;conf.macaddr.a[3] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def935'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def935'>[#def935]</a>
qemu-kvm-1.2.0/arm-dis.c:4041: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;b[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;b[3] | (b[2] &lt;&lt; 8) | (b[1] &lt;&lt; 16) | (b[0] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed).  If &quot;b[3] | (b[2] &lt;&lt; 8) | (b[1] &lt;&lt; 16) | (b[0] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def936'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def936'>[#def936]</a>
qemu-kvm-1.2.0/arm-dis.c:4039: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;b[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;b[0] | (b[1] &lt;&lt; 8) | (b[2] &lt;&lt; 16) | (b[3] &lt;&lt; 24)&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;long&quot; (64 bits, signed).  If &quot;b[0] | (b[1] &lt;&lt; 8) | (b[2] &lt;&lt; 16) | (b[3] &lt;&lt; 24)&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def937'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def937'>[#def937]</a>
qemu-kvm-1.2.0/microblaze-dis.c:773: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;ibytes[0]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(ibytes[0] &lt;&lt; 24) | (ibytes[1] &lt;&lt; 16) | (ibytes[2] &lt;&lt; 8) | ibytes[3]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(ibytes[0] &lt;&lt; 24) | (ibytes[1] &lt;&lt; 16) | (ibytes[2] &lt;&lt; 8) | ibytes[3]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def938'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def938'>[#def938]</a>
qemu-kvm-1.2.0/microblaze-dis.c:775: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;ibytes[3]&quot; with type &quot;unsigned char&quot; (8 bits, unsigned) is promoted in &quot;(ibytes[3] &lt;&lt; 24) | (ibytes[2] &lt;&lt; 16) | (ibytes[1] &lt;&lt; 8) | ibytes[0]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(ibytes[3] &lt;&lt; 24) | (ibytes[2] &lt;&lt; 16) | (ibytes[1] &lt;&lt; 8) | ibytes[0]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def939'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def939'>[#def939]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:751: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def940'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def940'>[#def940]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:805: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def941'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def941'>[#def941]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:809: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def942'/><b>Error: <span style='background: #C0FF00;'>SIGN_EXTENSION</span> (CWE-194):</b> <a href ='#def942'>[#def942]</a>
qemu-kvm-1.2.0/hw/dp8393x.c:818: <b>sign_extension</b>: Suspicious implicit sign extension: &quot;s-&gt;regs[13]&quot; with type &quot;unsigned short&quot; (16 bits, unsigned) is promoted in &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; to type &quot;int&quot; (32 bits, signed), then sign-extended to type &quot;unsigned long&quot; (64 bits, unsigned).  If &quot;(s-&gt;regs[13] &lt;&lt; 16) | s-&gt;regs[14]&quot; is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

<a name='def943'/><b>Error: <span style='background: #C0FF00;'>SIZEOF_MISMATCH</span> (CWE-569):</b> <a href ='#def943'>[#def943]</a>
qemu-kvm-1.2.0/target-ppc/translate_init.c:9649: <b>suspicious_sizeof</b>: Passing argument &quot;1024UL /* 32 * sizeof (opc_handler_t) */&quot; to function &quot;malloc(size_t)&quot; and then casting the return value to &quot;opc_handler_t **&quot; is suspicious.

<a name='def944'/><b>Error: <span style='background: #C0FF00;'>SIZEOF_MISMATCH</span> (CWE-569):</b> <a href ='#def944'>[#def944]</a>
qemu-kvm-1.2.0/block/vvfat.c:2849: <b>suspicious_sizeof</b>: Passing argument &quot;8UL /* sizeof (void *) */&quot; to function &quot;g_malloc(gsize)&quot; which returns a value of type &quot;void *&quot; is suspicious.

<a name='def945'/><b>Error: <span style='background: #C0FF00;'>SIZEOF_MISMATCH</span> (CWE-569):</b> <a href ='#def945'>[#def945]</a>
qemu-kvm-1.2.0/hw/qxl.c:238: <b>suspicious_sizeof</b>: Passing argument &quot;qxl-&gt;guest_surfaces.cmds&quot; of type &quot;QXLPHYSICAL *&quot; and argument &quot;8UL /* sizeof (qxl-&gt;guest_surfaces.cmds) */ * qxl-&gt;ssd.num_surfaces&quot; to function &quot;memset(void *, int, size_t)&quot; is suspicious.  Did you intend to use &quot;sizeof(*qxl-&gt;guest_surfaces.cmds)&quot; instead of &quot;sizeof (qxl-&gt;guest_surfaces.cmds)&quot; ?  In this particular case sizeof(QXLPHYSICAL *) happens to be equal to sizeof(QXLPHYSICAL), but this is not a portable assumption.

<a name='def946'/><b>Error: <span style='background: #C0FF00;'>SIZEOF_MISMATCH</span> (CWE-569):</b> <a href ='#def946'>[#def946]</a>
qemu-kvm-1.2.0/hw/qxl.c:952: <b>suspicious_sizeof</b>: Passing argument &quot;caps&quot; of type &quot;uint8_t *&quot; and argument &quot;8UL /* sizeof (caps) */&quot; to function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; is suspicious.

<a name='def947'/><b>Error: <span style='background: #C0FF00;'>SIZEOF_MISMATCH</span> (CWE-569):</b> <a href ='#def947'>[#def947]</a>
qemu-kvm-1.2.0/hw/qxl.c:954: <b>suspicious_sizeof</b>: Passing argument &quot;caps&quot; of type &quot;uint8_t *&quot; and argument &quot;8UL /* sizeof (caps) */&quot; to function &quot;memcpy(void * restrict, void const * restrict, size_t)&quot; is suspicious.

<a name='def948'/><b>Error: <span style='background: #C0FF00;'>STRING_NULL</span> (CWE-170):</b> <a href ='#def948'>[#def948]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:781: <b>string_null_argument</b>: Function &quot;readlink(char const * restrict, char * restrict, size_t)&quot; does not terminate string &quot;*driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:782: <b>cond_false</b>: Condition &quot;r &lt;= 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:782: <b>cond_false</b>: Condition &quot;r &gt;= 4096UL /* sizeof (driver) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:784: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:786: <b>string_null</b>: Passing unterminated string &quot;driver&quot; to &quot;strrchr(char const *, int)&quot;, which expects a null-terminated string.

<a name='def949'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def949'>[#def949]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1104: <b>cond_false</b>: Condition &quot;sockfd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1107: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1108: <b>fixed_size_dest</b>: You might overrun the 108 byte fixed-size string &quot;helper.sun_path&quot; by copying &quot;path&quot; without checking the length.</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-proxy.c:1108: <b>parameter_as_source</b>: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

<a name='def950'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def950'>[#def950]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.mod == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.reg == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6202: <b>cond_true</b>: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6215: <b>cond_true</b>: Condition &quot;modrm.rm&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6219: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
qemu-kvm-1.2.0/i386-dis.c:6220: <b>fixed_size_dest</b>: You might overrun the 100 byte fixed-size string &quot;op_out[0]&quot; by copying &quot;names[0]&quot; without checking the length.

<a name='def951'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def951'>[#def951]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.mod == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.reg == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6202: <b>cond_true</b>: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6215: <b>cond_false</b>: Condition &quot;modrm.rm&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6223: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6226: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6229: <b>cond_false</b>: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6233: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6234: <b>cond_true</b>: Condition &quot;address_mode != mode_32bit&quot;, taking true branch</span>
qemu-kvm-1.2.0/i386-dis.c:6238: <b>fixed_size_dest</b>: You might overrun the 100 byte fixed-size string &quot;op_out[0]&quot; by copying &quot;op1_names[0]&quot; without checking the length.

<a name='def952'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def952'>[#def952]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.mod == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.reg == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6202: <b>cond_true</b>: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6215: <b>cond_true</b>: Condition &quot;modrm.rm&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6219: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6221: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6242: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
qemu-kvm-1.2.0/i386-dis.c:6244: <b>fixed_size_dest</b>: You might overrun the 100 byte fixed-size string &quot;op_out[1]&quot; by copying &quot;names[1]&quot; without checking the length.

<a name='def953'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def953'>[#def953]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.mod == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.reg == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6193: <b>cond_true</b>: Condition &quot;modrm.rm &lt;= 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6202: <b>cond_true</b>: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;prefixes &amp; 0x400&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;olen &gt;= 11UL /* 4 + 7 */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;*(p - 1) == &apos; &apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 7, &quot;addr&quot;, 4) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6206: <b>cond_true</b>: Condition &quot;__coverity_strncmp(p - 3, &quot;16&quot;, 2) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6215: <b>cond_false</b>: Condition &quot;modrm.rm&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6223: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6226: <b>cond_true</b>: Condition &quot;!intel_syntax&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6229: <b>cond_false</b>: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6233: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6234: <b>cond_true</b>: Condition &quot;address_mode != mode_32bit&quot;, taking true branch</span>
qemu-kvm-1.2.0/i386-dis.c:6239: <b>fixed_size_dest</b>: You might overrun the 100 byte fixed-size string &quot;op_out[2]&quot; by copying &quot;names[2]&quot; without checking the length.

<a name='def954'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def954'>[#def954]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6260: <b>switch</b>: Switch case value &quot;216&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6262: <b>switch_case</b>: Reached case &quot;216&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6264: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6289: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6293: <b>cond_true</b>: Condition &quot;*p == &apos;i&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6296: <b>cond_false</b>: Condition &quot;!(prefixes &amp; 0x400)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6300: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6302: <b>switch</b>: Switch case value &quot;223&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/i386-dis.c:6304: <b>switch_case</b>: Reached case &quot;223&quot;</span>
qemu-kvm-1.2.0/i386-dis.c:6305: <b>fixed_size_dest</b>: You might overrun the 100 byte fixed-size string &quot;op_out[1]&quot; by copying &quot;names32[1]&quot; without checking the length.

<a name='def955'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def955'>[#def955]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1293: <b>cond_false</b>: Condition &quot;dev-&gt;fd != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1295: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1298: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1300: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1305: <b>fixed_size_dest</b>: You might overrun the 16 byte fixed-size string &quot;dev-&gt;port&quot; by copying &quot;port&quot; without checking the length.</span>
qemu-kvm-1.2.0/hw/usb/host-linux.c:1305: <b>parameter_as_source</b>: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

<a name='def956'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def956'>[#def956]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;122&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6913: <b>switch_case</b>: Reached case &quot;122&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6918: <b>cond_false</b>: Condition &quot;!(buf = lock_user(1, arg1, 390L /* sizeof (*buf) */, 0))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6919: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6921: <b>cond_true</b>: Condition &quot;!is_error(ret)&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/syscall.c:6924: <b>fixed_size_dest</b>: You might overrun the 65 byte fixed-size string &quot;buf-&gt;machine&quot; by copying the return value of &quot;cpu_to_uname_machine(void *)&quot; without checking the length.

<a name='def957'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def957'>[#def957]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106: <b>switch</b>: Switch case value &quot;122&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6913: <b>switch_case</b>: Reached case &quot;122&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6918: <b>cond_false</b>: Condition &quot;!(buf = lock_user(1, arg1, 390L /* sizeof (*buf) */, 0))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6919: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6921: <b>cond_true</b>: Condition &quot;!is_error(ret)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6926: <b>cond_true</b>: Condition &quot;qemu_uname_release&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6926: <b>cond_true</b>: Condition &quot;*qemu_uname_release&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/syscall.c:6927: <b>fixed_size_dest</b>: You might overrun the 65 byte fixed-size string &quot;buf-&gt;release&quot; by copying &quot;qemu_uname_release&quot; without checking the length.

<a name='def958'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def958'>[#def958]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1934: <b>cond_true</b>: Condition &quot;*s == &apos;p&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1937: <b>cond_false</b>: Condition &quot;*s == &apos;m&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1937: <b>cond_false</b>: Condition &quot;*s == &apos;M&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1937: <b>cond_false</b>: Condition &quot;*s == &apos;z&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1949: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1953: <b>cond_false</b>: Condition &quot;opcodep-&gt;match != 3583U /* 255 + 13 * 256 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1954: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1958: <b>cond_true</b>: Condition &quot;opcodep-&gt;name[0] == &apos;j&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1960: <b>cond_true</b>: Condition &quot;__coverity_strncmp(opcodep-&gt;name, &quot;jsr&quot;, 3UL /* sizeof (&quot;jsr&quot;) - 1 */) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1962: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1965: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1972: <b>cond_true</b>: Condition &quot;*s&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:1974: <b>switch</b>: Switch case value &quot;&apos;P&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2500: <b>switch_case</b>: Reached case &quot;&apos;P&apos;&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2505: <b>cond_false</b>: Condition &quot;sregp-&gt;name == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2509: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2510: <b>cond_false</b>: Condition &quot;with_reg_prefix&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cris-dis.c:2511: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/cris-dis.c:2512: <b>fixed_size_dest</b>: You might overrun the 62 byte fixed-size string &quot;tp&quot; by copying &quot;sregp-&gt;name&quot; without checking the length.

<a name='def959'/><b>Error: <span style='background: #C0FF00;'>STRING_OVERFLOW</span> (CWE-120):</b> <a href ='#def959'>[#def959]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:698: <b>cond_false</b>: Condition &quot;!access(path, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:701: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:704: <b>cond_false</b>: Condition &quot;sock &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:707: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:713: <b>fixed_size_dest</b>: You might overrun the 108 byte fixed-size string &quot;proxy.sun_path&quot; by copying &quot;path&quot; without checking the length.</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:713: <b>parameter_as_source</b>: Note: This defect has an elevated risk because the source argument is a parameter of the current function.

<a name='def960'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def960'>[#def960]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:448: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:449: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:451: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;hdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:452: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:453: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:457: <b>cond_false</b>: Condition &quot;hdr-&gt;ih_magic != 654645590&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:461: <b>cond_false</b>: Condition &quot;hdr-&gt;ih_type != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:464: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:466: <b>switch</b>: Switch case value &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:467: <b>switch_case</b>: Reached case &quot;0&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:469: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:475: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:478: <b>cond_true</b>: Condition &quot;is_linux&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:479: <b>cond_true</b>: Condition &quot;hdr-&gt;ih_os == 5&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:480: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:482: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:488: <b>tainted_data</b>: Passing tainted variable &quot;hdr-&gt;ih_size&quot; to a tainted sink.

<a name='def961'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def961'>[#def961]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:191: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:192: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:194: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;e&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:195: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:196: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:198: <b>cond_true</b>: Condition &quot;bswap_needed&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:203: <b>switch</b>: Switch case value &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:214: <b>switch_case</b>: Reached case &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_false</b>: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:216: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:217: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:219: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:220: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:221: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:221: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:221: <b>tainted_data</b>: Passing tainted variable &quot;e.a_data&quot; to a tainted sink.</span>
qemu-kvm-1.2.0/hw/loader.c:97:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;nbytes&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def962'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def962'>[#def962]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:191: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:192: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:194: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;e&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:195: <b>cond_false</b>: Condition &quot;size &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:196: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:198: <b>cond_true</b>: Condition &quot;bswap_needed&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:203: <b>switch</b>: Switch case value &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:214: <b>switch_case</b>: Reached case &quot;264U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 263&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 204&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:215: <b>cond_false</b>: Condition &quot;(((e.a_info &amp; 65535) == 263) ? (((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text : ((((e.a_info &amp; 65535) == 204) ? target_page_size : 0) + e.a_text + target_page_size - 1 &amp; ~(target_page_size - 1))) + e.a_data &gt; max_sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:216: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:217: <b>cond_true</b>: Condition &quot;(e.a_info &amp; 65535) == 267&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:218: <b>tainted_data</b>: Passing tainted variable &quot;e.a_text&quot; to a tainted sink.</span>
qemu-kvm-1.2.0/hw/loader.c:97:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;nbytes&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def963'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def963'>[#def963]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>tainted_data_return</b>: Function &quot;load_at(int, int, int)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_argument</b>: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>cond_false</b>: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:248:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:249:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>var_assign</b>: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:111: <b>cond_false</b>: Condition &quot;!shdr_table&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:112: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:114: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:121: <b>cond_false</b>: Condition &quot;!symtab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:122: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:124: <b>cond_false</b>: Condition &quot;!syms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:125: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:130: <b>cond_false</b>: Condition &quot;i &lt; nsyms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:149: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:150: <b>cond_false</b>: Condition &quot;nsyms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:159: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:165: <b>cond_false</b>: Condition &quot;symtab-&gt;sh_link &gt;= ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:166: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:167: <b>var_assign_var</b>: Assigning: &quot;strtab&quot; = &quot;shdr_table + symtab-&gt;sh_link&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:169: <b>tainted_data</b>: Passing tainted variable &quot;strtab-&gt;sh_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def964'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def964'>[#def964]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>tainted_data_return</b>: Function &quot;load_at(int, int, int)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_argument</b>: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>cond_false</b>: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:248:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:249:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>var_assign</b>: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:111: <b>cond_false</b>: Condition &quot;!shdr_table&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:112: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:114: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:120: <b>tainted_data_transitive</b>: Call to function &quot;find_section32(struct elf32_shdr *, int, int)&quot; with tainted argument &quot;shdr_table&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:56:5: <b>cond_true</b>: Condition &quot;i &lt; n&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:57:9: <b>cond_true</b>: Condition &quot;(shdr_table + i).sh_type == type&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:58:13: <b>return_tainted_data</b>: Returning tainted variable &quot;shdr_table + i&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:120: <b>var_assign</b>: Assigning: &quot;symtab&quot; = &quot;find_section32(struct elf32_shdr *, int, int)&quot;, which taints &quot;symtab&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:121: <b>cond_false</b>: Condition &quot;!symtab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:122: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:123: <b>tainted_data</b>: Passing tainted variable &quot;symtab-&gt;sh_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def965'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def965'>[#def965]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:237: <b>var_assign_var</b>: Assigning: &quot;size&quot; = &quot;ehdr.e_phnum * 32UL&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data</b>: Passing tainted variable &quot;size&quot; to a tainted sink.

<a name='def966'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def966'>[#def966]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:235: <b>tainted_data</b>: Passing tainted variable &quot;ehdr.e_shnum&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;40UL * ehdr-&gt;e_shnum&quot; to tainted data sink &quot;load_at(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def967'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def967'>[#def967]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>tainted_data</b>: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.

<a name='def968'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def968'>[#def968]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>tainted_data</b>: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.

<a name='def969'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def969'>[#def969]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def970'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def970'>[#def970]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def971'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def971'>[#def971]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:286: <b>var_assign_var</b>: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_false</b>: Condition &quot;addr &lt; low&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:288: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def972'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def972'>[#def972]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:286: <b>var_assign_var</b>: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def973'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def973'>[#def973]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def974'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def974'>[#def974]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def975'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def975'>[#def975]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def976'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def976'>[#def976]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def977'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def977'>[#def977]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def978'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def978'>[#def978]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def979'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def979'>[#def979]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 52UL /* sizeof (ehdr) */) != 52UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0U&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def980'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def980'>[#def980]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>tainted_data_return</b>: Function &quot;load_at(int, int, int)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_argument</b>: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>cond_false</b>: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:248:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:249:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>var_assign</b>: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:111: <b>cond_false</b>: Condition &quot;!shdr_table&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:112: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:114: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:121: <b>cond_false</b>: Condition &quot;!symtab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:122: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:124: <b>cond_false</b>: Condition &quot;!syms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:125: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:130: <b>cond_false</b>: Condition &quot;i &lt; nsyms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:149: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:150: <b>cond_false</b>: Condition &quot;nsyms&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:159: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:165: <b>cond_false</b>: Condition &quot;symtab-&gt;sh_link &gt;= ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:166: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:167: <b>var_assign_var</b>: Assigning: &quot;strtab&quot; = &quot;shdr_table + symtab-&gt;sh_link&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:169: <b>tainted_data</b>: Passing tainted variable &quot;strtab-&gt;sh_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def981'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def981'>[#def981]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>tainted_data_return</b>: Function &quot;load_at(int, int, int)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_argument</b>: Function &quot;read(int, void *, size_t)&quot; taints argument &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:245:5: <b>cond_false</b>: Condition &quot;read(fd, ptr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:248:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:249:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109: <b>var_assign</b>: Assigning: &quot;shdr_table&quot; = &quot;load_at(int, int, int)&quot;, which taints &quot;shdr_table&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:111: <b>cond_false</b>: Condition &quot;!shdr_table&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:112: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:114: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:115: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_shnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:117: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:120: <b>tainted_data_transitive</b>: Call to function &quot;find_section64(struct elf64_shdr *, int, int)&quot; with tainted argument &quot;shdr_table&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:56:5: <b>cond_true</b>: Condition &quot;i &lt; n&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:57:9: <b>cond_true</b>: Condition &quot;(shdr_table + i).sh_type == type&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:58:13: <b>return_tainted_data</b>: Returning tainted variable &quot;shdr_table + i&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:120: <b>var_assign</b>: Assigning: &quot;symtab&quot; = &quot;find_section64(struct elf64_shdr *, int, int)&quot;, which taints &quot;symtab&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:121: <b>cond_false</b>: Condition &quot;!symtab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:122: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:123: <b>tainted_data</b>: Passing tainted variable &quot;symtab-&gt;sh_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def982'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def982'>[#def982]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:237: <b>var_assign_var</b>: Assigning: &quot;size&quot; = &quot;ehdr.e_phnum * 56UL&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data</b>: Passing tainted variable &quot;size&quot; to a tainted sink.

<a name='def983'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def983'>[#def983]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:235: <b>tainted_data</b>: Passing tainted variable &quot;ehdr.e_shnum&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:109:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;64UL * ehdr-&gt;e_shnum&quot; to tainted data sink &quot;load_at(int, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:242:5: <b>cond_false</b>: Condition &quot;lseek(fd, offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:243:9: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/loader.c:245:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;size&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def984'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def984'>[#def984]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>tainted_data</b>: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.

<a name='def985'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def985'>[#def985]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;ehdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>tainted_data</b>: Using tainted variable &quot;ehdr.e_phnum&quot; as a loop boundary.

<a name='def986'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def986'>[#def986]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def987'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def987'>[#def987]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def988'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def988'>[#def988]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:286: <b>var_assign_var</b>: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_false</b>: Condition &quot;addr &lt; low&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:288: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def989'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def989'>[#def989]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:286: <b>var_assign_var</b>: Compound assignment involving tainted variable &quot;mem_size&quot; to variable &quot;total_size&quot; taints &quot;total_size&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def990'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def990'>[#def990]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def991'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def991'>[#def991]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:287: <b>cond_true</b>: Condition &quot;addr &lt; low&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:289: <b>cond_true</b>: Condition &quot;addr + mem_size &gt; high&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:295: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def992'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def992'>[#def992]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def993'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def993'>[#def993]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def994'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def994'>[#def994]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_true</b>: Condition &quot;must_swab&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:246: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:245: <b>cond_false</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:248: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def995'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def995'>[#def995]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:255: <b>var_assign_var</b>: Assigning: &quot;mem_size&quot; = &quot;ph-&gt;p_memsz&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>cond_false</b>: Condition &quot;read(fd, data, ph-&gt;p_filesz) != ph-&gt;p_filesz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:262: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:266: <b>cond_true</b>: Condition &quot;translate_fn&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:268: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:270: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:275: <b>cond_false</b>: Condition &quot;!translate_fn&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:281: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:284: <b>tainted_data</b>: Passing tainted variable &quot;mem_size&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/loader.c:643:5: <b>var_assign_parm</b>: Assigning: &quot;rom-&gt;romsize&quot; = &quot;len&quot;. &quot;rom-&gt;romsize&quot; is now tainted.</span>
qemu-kvm-1.2.0/hw/loader.c:645:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def996'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def996'>[#def996]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:205: <b>cond_false</b>: Condition &quot;read(fd, &amp;ehdr, 64UL /* sizeof (ehdr) */) != 64UL /* sizeof (ehdr) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:206: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:207: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:209: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:211: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:212: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:213: <b>cond_true</b>: Condition &quot;21 != ehdr.e_machine&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:214: <b>cond_false</b>: Condition &quot;20 != ehdr.e_machine&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:215: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:216: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:230: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:232: <b>cond_true</b>: Condition &quot;pentry&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:240: <b>cond_false</b>: Condition &quot;!phdr&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:241: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:242: <b>cond_false</b>: Condition &quot;read(fd, phdr, size) != size&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:243: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:244: <b>cond_false</b>: Condition &quot;must_swab&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:249: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:252: <b>cond_true</b>: Condition &quot;i &lt; ehdr.e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:253: <b>var_assign_var</b>: Assigning: &quot;ph&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:254: <b>cond_true</b>: Condition &quot;ph-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>cond_true</b>: Condition &quot;ph-&gt;p_filesz &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:258: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;ph-&gt;p_filesz&quot; by &quot;ph-&gt;p_filesz &gt; 0UL&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:259: <b>cond_false</b>: Condition &quot;lseek(fd, ph-&gt;p_offset, 0) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/elf_ops.h:260: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/elf_ops.h:261: <b>tainted_data</b>: Passing tainted variable &quot;ph-&gt;p_filesz&quot; to a tainted sink.

<a name='def997'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def997'>[#def997]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>cond_false</b>: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1893: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1896: <b>cond_true</b>: Condition &quot;i &lt; shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1897: <b>cond_true</b>: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1900: <b>goto</b>: Jumping to label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1907: <b>label</b>: Reached label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1910: <b>cond_false</b>: Condition &quot;!s&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1912: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1914: <b>var_assign_var</b>: Assigning: &quot;i&quot; = &quot;(shdr + str_idx).sh_size&quot;. Both are now tainted.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1915: <b>tainted_data</b>: Passing tainted variable &quot;i&quot; to a tainted sink.

<a name='def998'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def998'>[#def998]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>cond_false</b>: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1893: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1896: <b>cond_true</b>: Condition &quot;i &lt; shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1897: <b>cond_true</b>: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1900: <b>goto</b>: Jumping to label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1907: <b>label</b>: Reached label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1910: <b>cond_false</b>: Condition &quot;!s&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1912: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1916: <b>cond_false</b>: Condition &quot;!strings&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1916: <b>cond_false</b>: Condition &quot;pread(fd, strings, i, (shdr + str_idx).sh_offset) != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1918: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1920: <b>var_assign_var</b>: Assigning: &quot;i&quot; = &quot;(shdr + sym_idx).sh_size&quot;. Both are now tainted.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1921: <b>tainted_data</b>: Passing tainted variable &quot;i&quot; to a tainted sink.

<a name='def999'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def999'>[#def999]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;shdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1891: <b>cond_false</b>: Condition &quot;pread(fd, shdr, i, hdr-&gt;e_shoff) != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1893: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1896: <b>cond_true</b>: Condition &quot;i &lt; shnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1897: <b>cond_true</b>: Condition &quot;(shdr + i).sh_type == 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1899: <b>var_assign_var</b>: Assigning: &quot;str_idx&quot; = &quot;(shdr + i).sh_link&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1900: <b>goto</b>: Jumping to label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1907: <b>label</b>: Reached label &quot;found&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1910: <b>cond_false</b>: Condition &quot;!s&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1912: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1914: <b>tainted_data</b>: Using tainted variable &quot;str_idx&quot; as an index to pointer &quot;shdr&quot;.

<a name='def1000'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1000'>[#def1000]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;146&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7197:10: <b>switch_case</b>: Reached case &quot;146&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7199:23: <b>parm_assign_alias</b>: Assigning: &quot;count&quot; = &quot;arg3&quot;, which taints &quot;count&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7203:13: <b>cond_false</b>: Condition &quot;lock_iovec(0, vec, arg2, count, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7204:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:7205:13: <b>data_index</b>: Passing tainted variable &quot;count&quot; to a tainted data index sink.

<a name='def1001'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1001'>[#def1001]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;57&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5700:10: <b>switch_case</b>: Reached case &quot;57&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:5701:9: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;arg2&quot; to tainted data sink &quot;setpgid(__pid_t, __pid_t)&quot;.

<a name='def1002'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1002'>[#def1002]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;37&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5579:10: <b>switch_case</b>: Reached case &quot;37&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5580:9: <b>data_index</b>: Passing tainted variable &quot;arg2&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>cond_false</b>: Condition &quot;sig &gt;= 65&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:113:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>upper_bounds</b>: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.</span>
qemu-kvm-1.2.0/linux-user/signal.c:114:5: <b>data_index</b>: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.

<a name='def1003'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1003'>[#def1003]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;146&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7197:10: <b>switch_case</b>: Reached case &quot;146&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7199:23: <b>parm_assign_alias</b>: Assigning: &quot;count&quot; = &quot;arg3&quot;, which taints &quot;count&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7203:13: <b>cond_false</b>: Condition &quot;lock_iovec(0, vec, arg2, count, 1) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:7204:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:7205:13: <b>data_index</b>: Passing tainted variable &quot;count&quot; to a tainted data index sink.

<a name='def1004'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1004'>[#def1004]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[1]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;57&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5700:10: <b>switch_case</b>: Reached case &quot;57&quot;</span>
qemu-kvm-1.2.0/linux-user/syscall.c:5701:9: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;arg1&quot; to tainted data sink &quot;setpgid(__pid_t, __pid_t)&quot;.

<a name='def1005'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1005'>[#def1005]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[2]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;37&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5579:10: <b>switch_case</b>: Reached case &quot;37&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5580:9: <b>data_index</b>: Passing tainted variable &quot;arg2&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>cond_false</b>: Condition &quot;sig &gt;= 65&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:113:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>upper_bounds</b>: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.</span>
qemu-kvm-1.2.0/linux-user/signal.c:114:5: <b>data_index</b>: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.

<a name='def1006'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1006'>[#def1006]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5153:10: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5154:9: <b>cond_false</b>: Condition &quot;arg3 == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5156:14: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5157:13: <b>cond_false</b>: Condition &quot;!(p = lock_user(1, arg2, arg3, 0))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5158:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/syscall.c:5159:13: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;arg3&quot; to tainted data sink &quot;read(int, void *, size_t)&quot;.

<a name='def1007'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1007'>[#def1007]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data_return</b>: Function &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_data</b>: Passing tainted variable &quot;env-&gt;dregs[3]&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;265&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8463:10: <b>switch_case</b>: Reached case &quot;265&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8464:2: <b>data_index</b>: Passing tainted variable &quot;arg3&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>cond_false</b>: Condition &quot;sig &gt;= 65&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:113:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:112:5: <b>upper_bounds</b>: Checking upper bounds of signed scalar &quot;sig&quot; by &quot;sig &gt;= 65&quot;.</span>
qemu-kvm-1.2.0/linux-user/signal.c:114:5: <b>data_index</b>: Using tainted variable &quot;sig&quot; as an index to array &quot;target_to_host_signal_table&quot;.

<a name='def1008'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1008'>[#def1008]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>cond_false</b>: Condition &quot;!f&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>cond_false</b>: Condition &quot;!(kernel_size = get_file_size(f))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>cond_true</b>: Condition &quot;8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>tainted_data_argument</b>: Calling function &quot;fread(void * restrict, size_t, size_t, FILE * restrict)&quot; taints argument &quot;header&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>cond_true</b>: Condition &quot;8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:684: <b>cond_false</b>: Condition &quot;fread(header, 1, ((8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size) ? 8192UL /* sizeof (header) / sizeof (header[0]) */ : kernel_size), f) != ((8192UL /* sizeof (header) / sizeof (header[0]) */ &lt; kernel_size) ? 8192UL /* sizeof (header) / sizeof (header[0]) */ : kernel_size)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:690: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:696: <b>cond_true</b>: Condition &quot;ldl_le_p(&amp;header[514]) == 1400005704&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:697: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:705: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:707: <b>cond_true</b>: Condition &quot;protocol &lt; 512&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:712: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:722: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:735: <b>cond_false</b>: Condition &quot;protocol &gt;= 515&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:738: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:740: <b>cond_true</b>: Condition &quot;initrd_max &gt;= max_ram_size - 65536&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:745: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:749: <b>cond_false</b>: Condition &quot;protocol &gt;= 514&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:751: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:758: <b>cond_true</b>: Condition &quot;vmode&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:762: <b>cond_true</b>: Condition &quot;!__coverity_strncmp(vmode, &quot;normal&quot;, 6)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:764: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:770: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:778: <b>cond_false</b>: Condition &quot;protocol &gt;= 512&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:779: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:782: <b>cond_false</b>: Condition &quot;protocol &gt;= 513&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:785: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:788: <b>cond_false</b>: Condition &quot;initrd_filename&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:812: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:815: <b>lower_bounds</b>: Casting narrower unsigned &quot;header[497]&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:815: <b>var_assign_var</b>: Assigning: &quot;setup_size&quot; = &quot;header[497]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:816: <b>cond_false</b>: Condition &quot;setup_size == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:817: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:818: <b>var_assign_var</b>: Assigning: &quot;setup_size&quot; = &quot;(setup_size + 1) * 512&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/pc.c:819: <b>var_assign_var</b>: Compound assignment involving tainted variable &quot;setup_size&quot; to variable &quot;kernel_size&quot; taints &quot;kernel_size&quot;.</span>
qemu-kvm-1.2.0/hw/pc.c:824: <b>tainted_data</b>: Passing tainted variable &quot;setup_size&quot; to a tainted sink.

<a name='def1009'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1009'>[#def1009]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:775: <b>cond_false</b>: Condition &quot;!new_brk&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:778: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:779: <b>cond_false</b>: Condition &quot;new_brk &lt; target_original_brk&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:783: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:787: <b>cond_false</b>: Condition &quot;new_brk &lt;= brk_page&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:796: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:805: <b>tainted_data_return</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_data</b>: Returning tainted variable &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:805: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(brk_page, new_alloc_size, 3, 34, 0, 0U)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:805: <b>var_assign</b>: Assigning: &quot;mapped_addr&quot; = &quot;get_errno(abi_long)&quot;, which taints &quot;mapped_addr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:809: <b>cond_false</b>: Condition &quot;mapped_addr == brk_page&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:824: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:824: <b>cond_true</b>: Condition &quot;mapped_addr != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:828: <b>tainted_data</b>: Passing tainted variable &quot;mapped_addr&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:643:5: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:644:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:646:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:647:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:653:5: <b>cond_true</b>: Condition &quot;start &gt; real_start&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:653:5: <b>lower_bounds</b>: Checking lower bounds of unsigned scalar &quot;start&quot; by &quot;start &gt; real_start&quot;.</span>
qemu-kvm-1.2.0/linux-user/mmap.c:656:9: <b>a_loop_bound</b>: Using tainted variable &quot;start&quot; as a loop boundary.

<a name='def1010'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1010'>[#def1010]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2783: <b>switch_case</b>: Reached case &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2785: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2786: <b>switch_case</b>: Reached case &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2787: <b>var_assign_var</b>: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2788: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1011'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1011'>[#def1011]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2783: <b>switch_case</b>: Reached case &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2785: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2786: <b>switch_case</b>: Reached case &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2787: <b>var_assign_var</b>: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2788: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1012'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1012'>[#def1012]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2783: <b>switch_case</b>: Reached case &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2785: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2786: <b>switch_case</b>: Reached case &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2787: <b>var_assign_var</b>: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2788: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1013'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1013'>[#def1013]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2783: <b>switch_case</b>: Reached case &quot;80&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2785: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2786: <b>switch_case</b>: Reached case &quot;25&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2787: <b>var_assign_var</b>: Assigning: &quot;keyboard_layout&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2788: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1014'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1014'>[#def1014]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1015'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1015'>[#def1015]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1016'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1016'>[#def1016]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1017'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1017'>[#def1017]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2777: <b>switch_case</b>: Reached case &quot;87&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2778: <b>var_assign_var</b>: Assigning: &quot;bios_name&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2779: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1018'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1018'>[#def1018]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1019'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1019'>[#def1019]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1020'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1020'>[#def1020]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1021'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1021'>[#def1021]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2774: <b>switch_case</b>: Reached case &quot;86&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2775: <b>var_assign_var</b>: Assigning: &quot;data_dir&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2776: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1022'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1022'>[#def1022]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1023'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1023'>[#def1023]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1024'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1024'>[#def1024]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1025'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1025'>[#def1025]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2765: <b>switch_case</b>: Reached case &quot;84&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2766: <b>var_assign_var</b>: Assigning: &quot;log_file&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2767: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1026'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1026'>[#def1026]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1027'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1027'>[#def1027]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1028'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1028'>[#def1028]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1029'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1029'>[#def1029]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2762: <b>switch_case</b>: Reached case &quot;83&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2763: <b>var_assign_var</b>: Assigning: &quot;log_mask&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2764: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1030'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1030'>[#def1030]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1031'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1031'>[#def1031]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1032'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1032'>[#def1032]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1033'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1033'>[#def1033]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2736: <b>switch_case</b>: Reached case &quot;22&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;value &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2742: <b>cond_false</b>: Condition &quot;*end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2745: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2748: <b>cond_false</b>: Condition &quot;ram_size != sz&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2751: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2752: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2754: <b>switch_case</b>: Reached case &quot;23&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2755: <b>var_assign_var</b>: Assigning: &quot;mem_path&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2756: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1034'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1034'>[#def1034]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1035'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1035'>[#def1035]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1036'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1036'>[#def1036]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1037'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1037'>[#def1037]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2703: <b>switch_case</b>: Reached case &quot;60&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2704: <b>var_assign_var</b>: Assigning: &quot;legacy_bootp_filename&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2705: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1038'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1038'>[#def1038]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1039'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1039'>[#def1039]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1040'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1040'>[#def1040]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1041'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1041'>[#def1041]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2700: <b>switch_case</b>: Reached case &quot;59&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2701: <b>var_assign_var</b>: Assigning: &quot;legacy_tftp_prefix&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2702: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1042'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1042'>[#def1042]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1043'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1043'>[#def1043]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1044'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1044'>[#def1044]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2681: <b>switch_case</b>: Reached case &quot;64&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2682: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1045'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1045'>[#def1045]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_false</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2547: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;lba&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2548: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2597: <b>switch_case</b>: Reached case &quot;47&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 90&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_true</b>: Condition &quot;graphic_rotate != 180&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2599: <b>cond_false</b>: Condition &quot;graphic_rotate != 270&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2604: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2605: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2621: <b>switch_case</b>: Reached case &quot;20&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2631: <b>cond_false</b>: Condition &quot;!__coverity_strchr(optarg, 61)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2634: <b>cond_false</b>: Condition &quot;check_params(buf, 33 /* sizeof (buf) */, params, optarg) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2639: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_false</b>: Condition &quot;legacy&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2641: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;order&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2646: <b>cond_true</b>: Condition &quot;!legacy&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2647: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;once&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2655: <b>cond_true</b>: Condition &quot;get_param_value(buf, 33 /* sizeof (buf) */, &quot;menu&quot;, optarg)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2657: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(buf, &quot;on&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2659: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2666: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2672: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2686: <b>switch_case</b>: Reached case &quot;63&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2687: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net.c:1035:5: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(opts_list-&gt;name, &quot;net&quot;) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:743:5: <b>cond_false</b>: Condition &quot;__coverity_strncmp(optarg, &quot;channel,&quot;, 8UL /* strlen(&quot;channel,&quot;) */) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:746:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:751:5: <b>cond_false</b>: Condition &quot;slirp_stacks.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:760:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:761:9: <b>data_index</b>: Passing tainted variable &quot;optarg&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:611:5: <b>parm_assign_alias</b>: Assigning: &quot;p&quot; = &quot;config_str&quot;, which taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:612:5: <b>cond_true</b>: Condition &quot;legacy_format&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:613:9: <b>cond_false</b>: Condition &quot;get_str_sep(buf, 128 /* sizeof (buf) */, &amp;p, 58) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:615:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:616:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:632:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;*end != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:634:5: <b>cond_false</b>: Condition &quot;port &gt; 65535&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:636:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_true</b>: Condition &quot;strlen(p) &gt; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:641:5: <b>cond_false</b>: Condition &quot;!__coverity_strncmp(p, &quot;cmd:&quot;, 4)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:648:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/slirp.c:649:9: <b>data_index</b>: Passing tainted variable &quot;p&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2949:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;chardev:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2951:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2953:5: <b>data_index</b>: Passing tainted variable &quot;filename&quot; to a tainted data index sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2732:5: <b>cond_false</b>: Condition &quot;error_is_set(&amp;local_err)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2736:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>tainted_data_transitive</b>: Call to function &quot;strstart(char const *, char const *, char const **)&quot; with tainted argument &quot;filename&quot; transitively taints &quot;p&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:68:5: <b>var_assign_alias</b>: Assigning: &quot;p&quot; = &quot;str&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_true</b>: Condition &quot;*q != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:71:9: <b>cond_false</b>: Condition &quot;*p != *q&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:72:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:70:5: <b>cond_false</b>: Condition &quot;*q != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:75:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:76:5: <b>cond_true</b>: Condition &quot;ptr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/cutils.c:77:9: <b>parm_assign</b>: Assigning: &quot;*ptr&quot; = &quot;p&quot;, which taints &quot;*ptr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2738:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;mon:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2739:9: <b>var_assign_alias</b>: Assigning: &quot;filename&quot; = &quot;p&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;null&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;pty&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;msmouse&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;braille&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2743:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;stdio&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2750:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2751:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;vc&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2767:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2768:5: <b>cond_false</b>: Condition &quot;__coverity_strcmp(filename, &quot;con:&quot;) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2771:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2772:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;COM&quot;, NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2776:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2777:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;file:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2781:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2782:5: <b>cond_false</b>: Condition &quot;strstart(filename, &quot;pipe:&quot;, &amp;p)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2786:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2787:5: <b>cond_true</b>: Condition &quot;strstart(filename, &quot;tcp:&quot;, &amp;p)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;host&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;port&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;p&quot; taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2789:9: <b>cond_true</b>: Condition &quot;sscanf(p, &quot;%64[^:]:%32[^,]%n&quot;, host, port, &amp;pos) &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2791:13: <b>cond_false</b>: Condition &quot;sscanf(p, &quot;:%32[^,]%n&quot;, port, &amp;pos) &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-char.c:2792:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/qemu-char.c:2797:9: <b>data_index</b>: Using tainted variable &quot;pos&quot; as an index to pointer &quot;p&quot;.

<a name='def1046'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1046'>[#def1046]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1047'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1047'>[#def1047]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2521: <b>switch_case</b>: Reached case &quot;21&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2523: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2524: <b>switch_case</b>: Reached case &quot;85&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2527: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2529: <b>cond_false</b>: Condition &quot;cyls &gt; 16383&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2531: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2532: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2535: <b>cond_false</b>: Condition &quot;heads &gt; 16&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2536: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2537: <b>cond_false</b>: Condition &quot;*p != &apos;,&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2538: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &lt; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2541: <b>cond_false</b>: Condition &quot;secs &gt; 63&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2542: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2543: <b>cond_true</b>: Condition &quot;*p == &apos;,&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2545: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(p, &quot;none&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2546: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2552: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2553: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2557: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2558: <b>cond_false</b>: Condition &quot;hda_opts != NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2570: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2572: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1048'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1048'>[#def1048]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2504: <b>switch_case</b>: Reached case &quot;15&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2505: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;group&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;id&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;arg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:729:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:730:5: <b>cond_false</b>: Condition &quot;rc &lt; 3&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:730:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1049'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1049'>[#def1049]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2385: <b>cond_false</b>: Condition &quot;0 /* !1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2392: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_true</b>: Condition &quot;i &lt; 64&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2414: <b>cond_false</b>: Condition &quot;i &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2417: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2434: <b>tainted_data_transitive</b>: Call to function &quot;lookup_opt(int, char **, char const **, int *)&quot; with tainted argument &quot;argv&quot; transitively taints &quot;optarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2291:5: <b>cond_true</b>: Condition &quot;r[1] == &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2294:5: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2295:9: <b>cond_false</b>: Condition &quot;!popt-&gt;name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2298:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2299:9: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(popt-&gt;name, r + 1)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2300:13: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2302:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2303:5: <b>cond_true</b>: Condition &quot;popt-&gt;flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2304:9: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2307:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2308:9: <b>var_assign_alias</b>: Assigning: &quot;optarg&quot; = &quot;argv[optind++]&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2310:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2312:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2314:5: <b>parm_assign</b>: Assigning: &quot;*poptarg&quot; = &quot;optarg&quot;, which taints &quot;*poptarg&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2436: <b>switch_case</b>: Reached case &quot;118&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2438: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case value &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2439: <b>switch_case</b>: Reached case &quot;119&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2441: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2430: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_true</b>: Condition &quot;optind &lt; argc&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2427: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2431: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2435: <b>switch</b>: Switch case default</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2442: <b>switch_default</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2426: <b>cond_false</b>: Condition &quot;optind &lt; argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2444: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2446: <b>cond_false</b>: Condition &quot;defconfig&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2452: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_true</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3329: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2470: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2472: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2473: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2475: <b>var_assign_var</b>: Assigning: &quot;cpu_model&quot; = &quot;optarg&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2476: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3328: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:3330: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2456: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2457: <b>cond_false</b>: Condition &quot;optind &gt;= argc&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2458: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2459: <b>cond_false</b>: Condition &quot;argv[optind][0] != &apos;-&apos;&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2461: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2465: <b>cond_false</b>: Condition &quot;!(popt-&gt;arch_mask &amp; arch_type)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2468: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2469: <b>switch</b>: Switch case value &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2508: <b>switch_case</b>: Reached case &quot;16&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:2509: <b>tainted_data</b>: Passing tainted variable &quot;optarg&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;driver&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;property&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:759:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;str&quot; taints &quot;offset&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/qemu-config.c:760:5: <b>cond_false</b>: Condition &quot;rc &lt; 2&quot;, taking false branch</span>
qemu-kvm-1.2.0/qemu-config.c:760:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to pointer &quot;str&quot;.

<a name='def1050'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1050'>[#def1050]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: <b>tainted_data_return</b>: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: <b>cond_false</b>: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: <b>cond_true</b>: Condition &quot;max_cap--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: <b>cond_false</b>: Condition &quot;ret != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: <b>return_tainted_data</b>: Returning tainted variable &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>return_tainted_data_fn</b>: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>cond_false</b>: Condition &quot;pos &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: <b>cond_false</b>: Condition &quot;id == 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: <b>cond_true</b>: Condition &quot;id == cap&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: <b>return_tainted_data</b>: Returning tainted variable &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: <b>lower_bounds</b>: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 1, 0)&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1310: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1319: <b>tainted_data</b>: Passing tainted variable &quot;pos&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: <b>data_index</b>: Passing tainted variable &quot;offset&quot; to a tainted data index sink.</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.

<a name='def1051'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1051'>[#def1051]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: <b>tainted_data_return</b>: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: <b>cond_false</b>: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: <b>cond_true</b>: Condition &quot;max_cap--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: <b>cond_false</b>: Condition &quot;ret != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: <b>return_tainted_data</b>: Returning tainted variable &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>return_tainted_data_fn</b>: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>cond_false</b>: Condition &quot;pos &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: <b>cond_false</b>: Condition &quot;id == 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: <b>cond_true</b>: Condition &quot;id == cap&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: <b>return_tainted_data</b>: Returning tainted variable &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: <b>lower_bounds</b>: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 16, 0)&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1334: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: <b>cond_true</b>: Condition &quot;version == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: <b>cond_false</b>: Condition &quot;size == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1388: <b>tainted_data</b>: Passing tainted variable &quot;pos&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: <b>data_index</b>: Passing tainted variable &quot;offset&quot; to a tainted data index sink.</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.

<a name='def1052'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1052'>[#def1052]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: <b>cond_true</b>: Condition &quot;version == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: <b>cond_false</b>: Condition &quot;size == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_false</b>: Condition &quot;type != 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: <b>cond_false</b>: Condition &quot;version &gt;= 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: <b>tainted_data_return</b>: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: <b>cond_false</b>: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: <b>cond_true</b>: Condition &quot;max_cap--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: <b>cond_false</b>: Condition &quot;ret != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: <b>return_tainted_data</b>: Returning tainted variable &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>return_tainted_data_fn</b>: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>cond_false</b>: Condition &quot;pos &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: <b>cond_false</b>: Condition &quot;id == 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: <b>cond_true</b>: Condition &quot;id == cap&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: <b>return_tainted_data</b>: Returning tainted variable &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: <b>lower_bounds</b>: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 7, 0)&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1452: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1463: <b>tainted_data</b>: Passing tainted variable &quot;pos&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: <b>data_index</b>: Passing tainted variable &quot;offset&quot; to a tainted data index sink.</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.

<a name='def1053'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1053'>[#def1053]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: <b>cond_true</b>: Condition &quot;version == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: <b>cond_false</b>: Condition &quot;size == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_false</b>: Condition &quot;type != 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: <b>cond_false</b>: Condition &quot;version &gt;= 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: <b>tainted_data_return</b>: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: <b>cond_false</b>: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: <b>cond_true</b>: Condition &quot;max_cap--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: <b>cond_false</b>: Condition &quot;ret != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: <b>return_tainted_data</b>: Returning tainted variable &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>return_tainted_data_fn</b>: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>cond_false</b>: Condition &quot;pos &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: <b>cond_false</b>: Condition &quot;id == 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: <b>cond_true</b>: Condition &quot;id == cap&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: <b>return_tainted_data</b>: Returning tainted variable &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: <b>lower_bounds</b>: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 3, 0)&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1481: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1482: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1485: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1487: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1489: <b>tainted_data</b>: Passing tainted variable &quot;pos&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: <b>data_index</b>: Passing tainted variable &quot;offset&quot; to a tainted data index sink.</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.

<a name='def1054'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1054'>[#def1054]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1252: <b>cond_true</b>: Condition &quot;kvm_check_extension(kvm_state, 29)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1253: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1259: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1261: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;pos != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1278: <b>cond_true</b>: Condition &quot;kvm_device_msix_supported(kvm_state)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1282: <b>cond_false</b>: Condition &quot;!check_irqchip_in_kernel()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1284: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1287: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1289: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1311: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1315: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1317: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1335: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1342: <b>cond_true</b>: Condition &quot;version == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1344: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1374: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1376: <b>cond_false</b>: Condition &quot;size == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1384: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1386: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_true</b>: Condition &quot;type != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1392: <b>cond_false</b>: Condition &quot;type != 9&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1398: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1436: <b>cond_false</b>: Condition &quot;version &gt;= 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1449: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1453: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1459: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1461: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1482: <b>cond_true</b>: Condition &quot;pos&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1485: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1487: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: <b>tainted_data_return</b>: Function &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:411:5: <b>cond_false</b>: Condition &quot;(status &amp; 0x10) == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:413:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:415:5: <b>cond_true</b>: Condition &quot;max_cap--&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>tainted_data_return</b>: Function &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot; returning tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:351:5: <b>tainted_data_argument</b>: Function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:352:5: <b>cond_false</b>: Condition &quot;ret != len&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:358:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:360:5: <b>return_tainted_data</b>: Returning tainted variable &quot;val&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:365:5: <b>return_tainted_data_fn</b>: Returning tainted result of &quot;assigned_dev_pci_read(PCIDevice *, int, int)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:416:9: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;assigned_dev_pci_read_byte(PCIDevice *, int)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>cond_false</b>: Condition &quot;pos &lt; 64&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:419:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:417:9: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;pos&quot; by &quot;pos &lt; 64&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:424:9: <b>cond_false</b>: Condition &quot;id == 255&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:426:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:427:9: <b>cond_true</b>: Condition &quot;id == cap&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:428:13: <b>return_tainted_data</b>: Returning tainted variable &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: <b>lower_bounds</b>: Casting narrower unsigned &quot;pci_find_cap_offset(pci_dev, 9, pos)&quot; to wider signed type int effectively tests its lower bound.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: <b>var_assign</b>: Assigning: &quot;pos&quot; = &quot;pci_find_cap_offset(PCIDevice *, uint8_t, uint8_t)&quot;, which taints &quot;pos&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1496: <b>cond_true</b>: Condition &quot;pos = pci_find_cap_offset(pci_dev, 9, pos)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1501: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1503: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1505: <b>tainted_data</b>: Passing tainted variable &quot;pos&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1233:5: <b>data_index</b>: Passing tainted variable &quot;offset&quot; to a tainted data index sink.</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:394:5: <b>data_index</b>: Using tainted variable &quot;offset&quot; as an index to array &quot;dev-&gt;emulate_config_read&quot;.

<a name='def1055'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1055'>[#def1055]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: <b>cond_true</b>: Condition &quot;ret &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: <b>cond_true</b>: Condition &quot;*__errno_location() == 16&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:978: <b>cond_true</b>: Condition &quot;first&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:980: <b>tainted_data_return</b>: Function &quot;usb_linux_get_num_interfaces(USBHostDevice *)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:535:5: <b>tainted_data_argument</b>: Function &quot;usb_host_read_file(char *, size_t, char const *, char const *)&quot; taints argument &quot;line&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1626:5: <b>cond_true</b>: Condition &quot;f&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:1627:9: <b>tainted_data_argument</b>: Calling function &quot;fgets(char * restrict, int, FILE * restrict)&quot; taints parameter &quot;*line&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:535:5: <b>cond_false</b>: Condition &quot;!usb_host_read_file(line, 1024UL /* sizeof (line) */, &quot;bNumInterfaces&quot;, device_name)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:538:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:539:5: <b>vararg_transitive</b>: Call to &quot;sscanf(char const * restrict, char const * restrict, ...)&quot; with tainted argument &quot;line&quot; taints &quot;num_interfaces&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:539:5: <b>cond_false</b>: Condition &quot;sscanf(line, &quot;%d&quot;, &amp;num_interfaces) != 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:541:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:542:5: <b>return_tainted_data</b>: Returning tainted variable &quot;num_interfaces&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:980: <b>var_assign</b>: Assigning: &quot;count&quot; = &quot;usb_linux_get_num_interfaces(USBHostDevice *)&quot;, which taints &quot;count&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:981: <b>cond_true</b>: Condition &quot;count &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:981: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;count&quot; by &quot;count &gt; 0&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/host-linux.c:983: <b>tainted_data</b>: Passing tainted variable &quot;count&quot; to a tainted sink.</span>
qemu-kvm-1.2.0/hw/usb/host-linux.c:515:5: <b>a_loop_bound</b>: Using tainted variable &quot;nb_interfaces&quot; as a loop boundary.

<a name='def1056'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1056'>[#def1056]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:164: <b>cond_true</b>: Condition &quot;addr &lt; real_end&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:165: <b>cond_true</b>: Condition &quot;addr &lt; start&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:167: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:164: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:164: <b>cond_false</b>: Condition &quot;addr &lt; real_end&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:167: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:169: <b>cond_true</b>: Condition &quot;prot1 == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:173: <b>cond_false</b>: Condition &quot;p == (void *)0xffffffffffffffff&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:174: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:180: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:183: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:183: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:185: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:188: <b>cond_true</b>: Condition &quot;!(prot1 &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:192: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
qemu-kvm-1.2.0/linux-user/mmap.c:192: <b>tainted_data</b>: Passing tainted variable &quot;end - start&quot; to a tainted sink.

<a name='def1057'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1057'>[#def1057]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:584: <b>tainted_data</b>: Passing tainted variable &quot;start + len&quot; to a tainted sink.</span>
qemu-kvm-1.2.0/exec.c:1076:5: <b>a_loop_bound</b>: Using tainted variable &quot;end&quot; as a loop boundary.

<a name='def1058'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1058'>[#def1058]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_false</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1624: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1625: <b>cond_false</b>: Condition &quot;retval != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1627: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1708: <b>var_assign_var</b>: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1763: <b>tainted_data</b>: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.

<a name='def1059'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1059'>[#def1059]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_false</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1624: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1625: <b>cond_false</b>: Condition &quot;retval != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1627: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1708: <b>var_assign_var</b>: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1764: <b>cond_false</b>: Condition &quot;!interp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1766: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1768: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1769: <b>tainted_data</b>: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.

<a name='def1060'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1060'>[#def1060]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_false</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1624: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1625: <b>cond_false</b>: Condition &quot;retval != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1627: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1708: <b>var_assign_var</b>: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1764: <b>cond_false</b>: Condition &quot;!interp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1766: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1768: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1771: <b>else_branch</b>: Reached else branch</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1772: <b>tainted_data</b>: Passing tainted variable &quot;eppnt-&gt;p_filesz&quot; to a tainted sink.

<a name='def1061'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1061'>[#def1061]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_false</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1624: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1625: <b>cond_false</b>: Condition &quot;retval != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1627: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1708: <b>var_assign_var</b>: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1713: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 4&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1714: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1715: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_flags &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1721: <b>tainted_data</b>: Passing tainted variable &quot;eppnt-&gt;p_offset - vaddr_po&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:461:12: <b>var_assign_alias</b>: Assigning: &quot;len&quot; = &quot;sb.st_size - offset&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;pread(int, void *, size_t, __off64_t)&quot;.

<a name='def1062'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1062'>[#def1062]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620: <b>cond_false</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1624: <b>tainted_data_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;phdr&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1625: <b>cond_false</b>: Condition &quot;retval != i&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1627: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1640: <b>cond_true</b>: Condition &quot;(phdr + i).p_type == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1642: <b>cond_true</b>: Condition &quot;a &lt; loaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1646: <b>cond_true</b>: Condition &quot;a &gt; hiaddr&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1639: <b>cond_false</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1653: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1656: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1665: <b>cond_false</b>: Condition &quot;load_addr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1667: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1668: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1673: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1707: <b>cond_true</b>: Condition &quot;i &lt; ehdr-&gt;e_phnum&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1708: <b>var_assign_var</b>: Assigning: &quot;eppnt&quot; = &quot;phdr + i&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1709: <b>cond_false</b>: Condition &quot;eppnt-&gt;p_type == 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_type == 3&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1756: <b>cond_true</b>: Condition &quot;pinterp_name&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1759: <b>cond_false</b>: Condition &quot;*pinterp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1762: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1764: <b>cond_false</b>: Condition &quot;!interp_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1766: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1768: <b>cond_true</b>: Condition &quot;eppnt-&gt;p_offset + eppnt-&gt;p_filesz &lt;= 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1771: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1777: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1778: <b>tainted_data</b>: Using tainted variable &quot;eppnt-&gt;p_filesz - 1U&quot; as an index to pointer &quot;interp_name&quot;.

<a name='def1063'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1063'>[#def1063]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1817: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1819: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1821: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;bprm_buf&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1822: <b>cond_false</b>: Condition &quot;retval &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1824: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1825: <b>cond_true</b>: Condition &quot;retval &lt; 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1829: <b>tainted_data</b>: Passing tainted variable &quot;bprm_buf&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1603:25: <b>var_assign_parm</b>: Assigning: &quot;ehdr&quot; = &quot;bprm_buf&quot;. &quot;ehdr&quot; is now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1611:5: <b>cond_false</b>: Condition &quot;!elf_check_ident(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1613:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1615:5: <b>cond_false</b>: Condition &quot;!elf_check_ehdr(ehdr)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1617:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1620:5: <b>cond_true</b>: Condition &quot;ehdr-&gt;e_phoff + i &lt;= 1024&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1622:5: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1628:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:1629:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;ehdr-&gt;e_phnum&quot; to tainted data sink &quot;bswap_phdr(struct elf32_phdr *, int)&quot;.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:1084:5: <b>a_loop_bound</b>: Using tainted variable &quot;phnum&quot; as a loop boundary.

<a name='def1064'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1064'>[#def1064]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:459: <b>switch_case</b>: Reached case &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:461: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_false</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:472: <b>cond_false</b>: Condition &quot;argc - optind != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:475: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:477: <b>cond_true</b>: Condition &quot;cert_count &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:483: <b>cond_true</b>: Condition &quot;emul_args == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:502: <b>cond_true</b>: Condition &quot;emul_args&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:506: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:507: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:509: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:512: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:535: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:536: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:540: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:544: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_true</b>: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:550: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:553: <b>cond_false</b>: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:561: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:565: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:570: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:571: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:576: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:580: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:581: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:582: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:583: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:588: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:589: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:600: <b>cond_false</b>: Condition &quot;reader_status == VREADER_OK&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:608: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:615: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:653: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:654: <b>cond_true</b>: Condition &quot;rv &gt;= 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:535: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:536: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:540: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:544: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_true</b>: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:550: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:552: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:553: <b>cond_false</b>: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:561: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:565: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:570: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:571: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:576: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:580: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:581: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:582: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:583: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:588: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:589: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:594: <b>var_assign_var</b>: Assigning: &quot;dwSendLength&quot; = &quot;mhHeader.length&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:597: <b>tainted_data</b>: Passing tainted variable &quot;dwSendLength&quot; to a tainted sink.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vreader.c:199:5: <b>cond_false</b>: Condition &quot;card == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vreader.c:201:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vreader.c:203:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;send_buf_len&quot; to tainted data sink &quot;vcard_apdu_new(unsigned char *, int, vcard_7816_status_t *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/card_7816.c:334:5: <b>cond_false</b>: Condition &quot;len &lt; 4&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/card_7816.c:337:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/card_7816.c:334:5: <b>lower_bounds</b>: Checking lower bounds of signed scalar &quot;len&quot; by &quot;len &lt; 4&quot;.</span>
qemu-kvm-1.2.0/libcacard/card_7816.c:341:5: <b>tainted_data_sink_lv_call</b>: Passing tainted variable &quot;len&quot; to tainted data sink &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def1065'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1065'>[#def1065]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:459: <b>switch_case</b>: Reached case &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:461: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_false</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:472: <b>cond_false</b>: Condition &quot;argc - optind != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:475: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:477: <b>cond_true</b>: Condition &quot;cert_count &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:483: <b>cond_true</b>: Condition &quot;emul_args == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:502: <b>cond_true</b>: Condition &quot;emul_args&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:506: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:507: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:509: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:512: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:535: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:536: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:540: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:544: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_true</b>: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:550: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:552: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:553: <b>cond_false</b>: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:561: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:565: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:570: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:571: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
qemu-kvm-1.2.0/libcacard/vscclient.c:575: <b>tainted_data</b>: Passing tainted variable &quot;mhHeader.length&quot; to a tainted sink.

<a name='def1066'/><b>Error: <span style='background: #C0FF00;'>TAINTED_SCALAR</span> (CWE-20):</b> <a href ='#def1066'>[#def1066]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:452: <b>switch_case</b>: Reached case &quot;99&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:453: <b>cond_false</b>: Condition &quot;cert_count &gt;= 100&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:456: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:458: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_true</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:451: <b>switch</b>: Switch case value &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:459: <b>switch_case</b>: Reached case &quot;101&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:461: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:469: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:450: <b>cond_false</b>: Condition &quot;(c = getopt(argc, argv, &quot;c:e:pd:&quot;)) != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:470: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:472: <b>cond_false</b>: Condition &quot;argc - optind != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:475: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:477: <b>cond_true</b>: Condition &quot;cert_count &gt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:483: <b>cond_true</b>: Condition &quot;emul_args == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:489: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:491: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_true</b>: Condition &quot;i &lt; cert_count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:495: <b>cond_false</b>: Condition &quot;i &lt; cert_count&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:498: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:502: <b>cond_true</b>: Condition &quot;emul_args&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:506: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:507: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:509: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:512: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:535: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:536: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:540: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:544: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:545: <b>cond_true</b>: Condition &quot;(fds.fds_bits[({...})] &amp; (2L /* (__fd_mask)1 &lt;&lt; 1 % (8 * (int)sizeof (__fd_mask)) */)) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:548: <b>cond_false</b>: Condition &quot;!((fds.fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; sock % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:550: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:552: <b>tainted_data_argument</b>: Calling function &quot;read(int, void *, size_t)&quot; taints argument &quot;mhHeader&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:553: <b>cond_false</b>: Condition &quot;rv &lt; 12UL /* sizeof (mhHeader) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:561: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:565: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:570: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:571: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:576: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:580: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:581: <b>switch</b>: Switch case value &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:582: <b>switch_case</b>: Reached case &quot;7U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:583: <b>cond_false</b>: Condition &quot;rv &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:588: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:589: <b>cond_true</b>: Condition &quot;verbose&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:591: <b>tainted_data</b>: Passing tainted variable &quot;mhHeader.length&quot; to a tainted sink.</span>
qemu-kvm-1.2.0/libcacard/vscclient.c:35:5: <b>a_loop_bound</b>: Using tainted variable &quot;nSize&quot; as a loop boundary.

<a name='def1067'/><b>Error: <span style='background: #C0FF00;'>TAINTED_STRING</span> (CWE-20):</b> <a href ='#def1067'>[#def1067]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_string_return_content</b>: &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted string content.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_string_return_content</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted string content.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_string_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_string</b>: Returning tainted string &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6))&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_string</b>: Returning tainted string &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(env, n, env-&gt;dregs[1], env-&gt;dregs[2], env-&gt;dregs[3], env-&gt;dregs[4], env-&gt;dregs[5], env-&gt;aregs[0], 0, 0)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_string</b>: Passing tainted string &quot;env-&gt;dregs[1]&quot; to &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which cannot accept tainted data.
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;8&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5224:10: <b>switch_case</b>: Reached case &quot;8&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: <b>tainted_data_transitive</b>: Call to function &quot;lock_user_string(abi_ulong)&quot; with tainted argument &quot;arg1&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: <b>cond_false</b>: Condition &quot;len &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>tainted_data_transitive</b>: Calling function &quot;lock_user(int, abi_ulong, long, int)&quot; with tainted argument &quot;guest_addr&quot; results in tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_false</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:421:5: <b>return_tainted_data</b>: Returning tainted variable &quot;(void *)((unsigned long)(target_ulong)guest_addr + guest_base)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>return_tainted_data</b>: Returning tainted variable &quot;lock_user(0, guest_addr, (long)(len + 1), 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: <b>var_assign_var</b>: Assigning: &quot;p&quot; = &quot;lock_user_string(arg1)&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5225:9: <b>cond_false</b>: Condition &quot;!(p = lock_user_string(arg1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5226:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5227:9: <b>tainted_string_sink_content_lv_call</b>: Passing tainted string &quot;p&quot; to &quot;creat(char const *, mode_t)&quot;, which depends on its content.</span>

<a name='def1068'/><b>Error: <span style='background: #C0FF00;'>TAINTED_STRING</span> (CWE-20):</b> <a href ='#def1068'>[#def1068]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2624: <b>switch_case</b>: Reached case &quot;4&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2626: <b>cond_true</b>: Condition &quot;ts-&gt;sim_syscalls&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2631: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2633: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2635: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_string_return_content</b>: &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot; returns tainted string content.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6380:10: <b>switch_case</b>: Reached case &quot;90&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6387:13: <b>cond_false</b>: Condition &quot;!(v = lock_user(0, arg1, 24L /* 6 * sizeof (abi_ulong) */, 1))&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6388:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_string_return_content</b>: Function &quot;target_mmap(abi_ulong, abi_ulong, int, int, int, abi_ulong)&quot; returning tainted string content.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:414:5: <b>cond_false</b>: Condition &quot;offset &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:417:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:420:5: <b>cond_false</b>: Condition &quot;len == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:421:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:427:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:435:5: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;qemu_real_host_page_size &lt; (8192UL /* 1 &lt;&lt; 13 */)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:449:5: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:453:8: <b>cond_false</b>: Condition &quot;fstat(fd, &amp;sb) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:454:12: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:457:8: <b>cond_true</b>: Condition &quot;offset + len &gt; sb.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:467:5: <b>cond_false</b>: Condition &quot;!(flags &amp; 0x10)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:489:12: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:490:9: <b>cond_false</b>: Condition &quot;start &amp; 8191U /* ~~((1 &lt;&lt; 13) - 1) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:493:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:502:9: <b>cond_false</b>: Condition &quot;(unsigned long)start + len - 1 &gt; 4294967295UL /* (abi_ulong)-1 */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:505:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;!(flags &amp; 0x20)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:509:9: <b>cond_true</b>: Condition &quot;(offset &amp; ~qemu_host_page_mask) != (start &amp; ~qemu_host_page_mask)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_true</b>: Condition &quot;(flags &amp; 0xf) == 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:513:13: <b>cond_false</b>: Condition &quot;prot &amp; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:517:13: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:521:13: <b>cond_false</b>: Condition &quot;retaddr == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:522:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>tainted_string_argument</b>: Calling function &quot;pread(int, void *, size_t, __off64_t)&quot; taints argument &quot;(unsigned long)(target_ulong)start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:523:13: <b>cond_false</b>: Condition &quot;pread(fd, (void *)((unsigned long)(target_ulong)start + guest_base), len, offset) == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:524:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:525:13: <b>cond_true</b>: Condition &quot;!(prot &amp; 2)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:527:17: <b>cond_false</b>: Condition &quot;ret != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:530:17: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:532:13: <b>goto</b>: Jumping to label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:578:2: <b>label</b>: Reached label &quot;the_end&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/mmap.c:586:5: <b>return_tainted_string</b>: Returning tainted string &quot;start&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>tainted_data_transitive</b>: Call to function &quot;get_errno(abi_long)&quot; with tainted argument &quot;target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6)&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:735:5: <b>cond_false</b>: Condition &quot;ret == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:738:9: <b>return_tainted_data</b>: Returning tainted variable &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6396:13: <b>var_assign</b>: Assigning: &quot;ret&quot; = &quot;get_errno(target_mmap(v1, v2, v3, target_to_host_bitmask(v4, mmap_flags_tbl), v5, v6))&quot;, which taints &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:6406:9: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8833:5: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8838:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:8840:5: <b>return_tainted_string</b>: Returning tainted string &quot;ret&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2656: <b>var_assign</b>: Assigning: &quot;env-&gt;dregs[0]&quot; = &quot;do_syscall(env, n, env-&gt;dregs[1], env-&gt;dregs[2], env-&gt;dregs[3], env-&gt;dregs[4], env-&gt;dregs[5], env-&gt;aregs[0], 0, 0)&quot;, which taints &quot;env-&gt;dregs[0]&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2636: <b>switch_case</b>: Reached case &quot;257&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2640: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2666: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2699: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2701: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2621: <b>cond_true</b>: Condition &quot;true&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2623: <b>switch</b>: Switch case value &quot;32&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/main.c:2651: <b>switch_case</b>: Reached case &quot;32&quot;</span>
qemu-kvm-1.2.0/linux-user/main.c:2656: <b>tainted_string</b>: Passing tainted string &quot;env-&gt;dregs[2]&quot; to &quot;do_syscall(void *, int, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long, abi_long)&quot;, which cannot accept tainted data.
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5103:5: <b>cond_true</b>: Condition &quot;do_strace&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5106:5: <b>switch</b>: Switch case value &quot;38&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5582:10: <b>switch_case</b>: Reached case &quot;38&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5586:13: <b>tainted_data_transitive</b>: Call to function &quot;lock_user_string(abi_ulong)&quot; with tainted argument &quot;arg2&quot; returns tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:452:5: <b>cond_false</b>: Condition &quot;len &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:453:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>tainted_data_transitive</b>: Calling function &quot;lock_user(int, abi_ulong, long, int)&quot; with tainted argument &quot;guest_addr&quot; results in tainted data.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:408:5: <b>cond_false</b>: Condition &quot;!access_ok(type, guest_addr, len)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:409:9: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:421:5: <b>return_tainted_data</b>: Returning tainted variable &quot;(void *)((unsigned long)(target_ulong)guest_addr + guest_base)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/qemu.h:454:5: <b>return_tainted_data</b>: Returning tainted variable &quot;lock_user(0, guest_addr, (long)(len + 1), 1)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5586:13: <b>var_assign_var</b>: Assigning: &quot;p2&quot; = &quot;lock_user_string(arg2)&quot;. Both are now tainted.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5587:13: <b>cond_false</b>: Condition &quot;!p&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5587:13: <b>cond_false</b>: Condition &quot;!p2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5590:17: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/syscall.c:5590:17: <b>tainted_string_sink_content_lv_call</b>: Passing tainted string &quot;p2&quot; to &quot;rename(char const *, char const *)&quot;, which depends on its content.</span>

<a name='def1069'/><b>Error: <span style='background: #C0FF00;'>TOCTOU</span> (CWE-367):</b> <a href ='#def1069'>[#def1069]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:857: <b>cond_true</b>: Condition &quot;ctx-&gt;export_flags &amp; 0x20&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:858: <b>fs_check_call</b>: Calling function &quot;lstat(char const *, struct stat *)&quot; to perform check on &quot;rpath(ctx, path, buffer)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:859: <b>cond_false</b>: Condition &quot;err&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:861: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:866: <b>cond_true</b>: Condition &quot;(stbuf.st_mode &amp; 61440) == 16384&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:869: <b>cond_true</b>: Condition &quot;err &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:869: <b>cond_false</b>: Condition &quot;*__errno_location() != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:875: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:882: <b>cond_true</b>: Condition &quot;err &lt; 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:882: <b>cond_false</b>: Condition &quot;*__errno_location() != 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:888: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/9pfs/virtio-9p-local.c:890: <b>toctou</b>: Calling function &quot;remove(char const *)&quot; that uses &quot;rpath(ctx, path, buffer)&quot; after a check function. This can cause a time-of-check, time-of-use race condition.

<a name='def1070'/><b>Error: <span style='background: #C0FF00;'>TOCTOU</span> (CWE-367):</b> <a href ='#def1070'>[#def1070]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:119: <b>cond_true</b>: Condition &quot;dns_addr.s_addr != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:121: <b>cond_false</b>: Condition &quot;curtime - dns_addr_time &lt; 1000&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:124: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:126: <b>fs_check_call</b>: Calling function &quot;stat(char const *, struct stat *)&quot; to perform check on &quot;&quot;/etc/resolv.conf&quot;&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:126: <b>cond_false</b>: Condition &quot;stat(&quot;/etc/resolv.conf&quot;, &amp;dns_addr_stat) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:127: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:128: <b>cond_true</b>: Condition &quot;dns_addr_stat.st_dev == old_stat.st_dev&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:128: <b>cond_true</b>: Condition &quot;dns_addr_stat.st_ino == old_stat.st_ino&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:128: <b>cond_true</b>: Condition &quot;dns_addr_stat.st_size == old_stat.st_size&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:128: <b>cond_false</b>: Condition &quot;dns_addr_stat.st_mtim.tv_sec == old_stat.st_mtim.tv_sec&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:134: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/slirp/slirp.c:137: <b>toctou</b>: Calling function &quot;fopen(char const * restrict, char const * restrict)&quot; that uses &quot;&quot;/etc/resolv.conf&quot;&quot; after a check function. This can cause a time-of-check, time-of-use race condition.

<a name='def1071'/><b>Error: <span style='background: #C0FF00;'>TOCTOU</span> (CWE-367):</b> <a href ='#def1071'>[#def1071]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1873: <b>cond_false</b>: Condition &quot;dev-&gt;dev.romfile&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1873: <b>cond_false</b>: Condition &quot;!dev-&gt;dev.rom_bar&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1875: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1882: <b>cond_false</b>: Condition &quot;stat(rom_file, &amp;st)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1884: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1886: <b>fs_check_call</b>: Calling function &quot;access(char const *, int)&quot; to perform check on &quot;rom_file&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1886: <b>cond_false</b>: Condition &quot;access(rom_file, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1890: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/kvm/pci-assign.c:1893: <b>toctou</b>: Calling function &quot;fopen(char const * restrict, char const * restrict)&quot; that uses &quot;rom_file&quot; after a check function. This can cause a time-of-check, time-of-use race condition.

<a name='def1072'/><b>Error: <span style='background: #C0FF00;'>TOCTOU</span> (CWE-367):</b> <a href ='#def1072'>[#def1072]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;*__errno_location() != 38&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:235: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:241: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:242: <b>fs_check_call</b>: Calling function &quot;stat(char const *, struct stat *)&quot; to perform check on &quot;path&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>cond_true</b>: Condition &quot;i &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:246: <b>cond_true</b>: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:249: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:256: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>cond_true</b>: Condition &quot;i &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:246: <b>cond_true</b>: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:249: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:255: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:256: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>cond_false</b>: Condition &quot;i &lt; 2&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:256: <b>loop_end</b>: Reached end of loop</span>
qemu-kvm-1.2.0/oslib-posix.c:258: <b>toctou</b>: Calling function &quot;utimes(char const *, struct timeval const *)&quot; that uses &quot;path&quot; after a check function. This can cause a time-of-check, time-of-use race condition.

<a name='def1073'/><b>Error: <span style='background: #C0FF00;'>TOCTOU</span> (CWE-367):</b> <a href ='#def1073'>[#def1073]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: <b>cond_false</b>: Condition &quot;c == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: <b>switch</b>: Switch case value &quot;112&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1006: <b>switch_case</b>: Reached case &quot;112&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1007: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1008: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: <b>cond_false</b>: Condition &quot;c == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: <b>switch</b>: Switch case value &quot;110&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1009: <b>switch_case</b>: Reached case &quot;110&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1011: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: <b>cond_false</b>: Condition &quot;c == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1004: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1005: <b>switch</b>: Switch case value &quot;102&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1012: <b>switch_case</b>: Reached case &quot;102&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1014: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1029: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: <b>loop</b>: Jumping back to the beginning of the loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>loop_begin</b>: Jumped back to beginning of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:998: <b>cond_true</b>: Condition &quot;1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1002: <b>cond_true</b>: Condition &quot;c == -1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1003: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1030: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: <b>cond_true</b>: Condition &quot;sock_name == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: <b>cond_false</b>: Condition &quot;sock == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1033: <b>cond_false</b>: Condition &quot;rpath == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1037: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1039: <b>cond_false</b>: Condition &quot;sock_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1043: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1045: <b>cond_false</b>: Condition &quot;sock_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1051: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1053: <b>cond_false</b>: Condition &quot;lstat(rpath, &amp;stbuf) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1057: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1059: <b>cond_false</b>: Condition &quot;!((stbuf.st_mode &amp; 61440) == 16384)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1062: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1064: <b>cond_false</b>: Condition &quot;is_daemon&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1070: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1073: <b>cond_false</b>: Condition &quot;sock_name&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1078: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1083: <b>fs_check_call</b>: Calling function &quot;statfs(char const *, struct statfs *)&quot; to perform check on &quot;rpath&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1084: <b>cond_true</b>: Condition &quot;!retval&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1085: <b>switch</b>: Switch case value &quot;61267L&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1086: <b>switch_case</b>: Reached case &quot;61267L&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1091: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1092: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1096: <b>cond_false</b>: Condition &quot;chdir(&quot;/&quot;) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1099: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/fsdev/virtfs-proxy-helper.c:1100: <b>toctou</b>: Calling function &quot;chroot(char const *)&quot; that uses &quot;rpath&quot; after a check function. This can cause a time-of-check, time-of-use race condition.

<a name='def1074'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1074'>[#def1074]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:344: <b>var_decl</b>: Declaring variable &quot;cpkt&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:350: <b>cond_false</b>: Condition &quot;len &lt; 8UL /* sizeof (cpkt) */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:353: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:360: <b>cond_false</b>: Condition &quot;cpkt.event == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:374: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:377: <b>cond_false</b>: Condition &quot;!port&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:387: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:388: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:389: <b>cond_false</b>: Condition &quot;!cpkt.value&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:393: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:401: <b>cond_true</b>: Condition &quot;vsc-&gt;is_console&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/virtio-serial-bus.c:405: <b>cond_true</b>: Condition &quot;port-&gt;name&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/virtio-serial-bus.c:412: <b>uninit_use_in_call</b>: Using uninitialized value &quot;cpkt&quot;: field &quot;cpkt&quot;.&quot;id&quot; is uninitialized when calling &quot;memcpy(void * restrict, void const * restrict, size_t)&quot;.

<a name='def1075'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1075'>[#def1075]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2753: <b>var_decl</b>: Declaring variable &quot;info&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2764: <b>cond_false</b>: Condition &quot;dumpsize.rlim_cur == 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2765: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2767: <b>cond_false</b>: Condition &quot;core_dump_filename(ts, corefile, 4096UL /* sizeof (corefile) */) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2768: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2770: <b>cond_false</b>: Condition &quot;(fd = open(corefile, 65 /* 1 | 0x40 */, 420 /* ((0x100 | 0x80) | (0x100 &gt;&gt; 3)) | ((0x100 &gt;&gt; 3) &gt;&gt; 3) */)) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2772: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2779: <b>cond_true</b>: Condition &quot;(mm = vma_init()) == NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2780: <b>goto</b>: Jumping to label &quot;out&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2879: <b>label</b>: Reached label &quot;out&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2880: <b>uninit_use_in_call</b>: Using uninitialized value &quot;info.notes&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: <b>cond_false</b>: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2682:5: <b>read_parm_fld</b>: Reading a parameter field.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2880: <b>uninit_use_in_call</b>: Using uninitialized value &quot;info.prstatus&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: <b>cond_false</b>: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2680:5: <b>read_parm_fld</b>: Reading a parameter field.</span>
qemu-kvm-1.2.0/linux-user/elfload.c:2880: <b>uninit_use_in_call</b>: Using uninitialized value &quot;info.psinfo&quot; when calling &quot;free_note_info(struct elf_note_info *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2674:5: <b>cond_false</b>: Condition &quot;!(info-&gt;thread_list.tqh_first == NULL)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2678:5: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/elfload.c:2681:5: <b>read_parm_fld</b>: Reading a parameter field.</span>

<a name='def1076'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1076'>[#def1076]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:372: <b>var_decl</b>: Declaring variable &quot;act&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:377: <b>cond_false</b>: Condition &quot;core_dump_signal(target_sig)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:381: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:382: <b>cond_false</b>: Condition &quot;core_dumped&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/signal.c:391: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/linux-user/signal.c:401: <b>uninit_use_in_call</b>: Using uninitialized value &quot;act.sa_flags&quot; when calling &quot;sigaction(int, struct sigaction const * restrict, struct sigaction * restrict)&quot;.

<a name='def1077'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1077'>[#def1077]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1078: <b>var_decl</b>: Declaring variable &quot;p&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1081: <b>cond_false</b>: Condition &quot;!usb_enabled&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1082: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1086: <b>cond_false</b>: Condition &quot;dev&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1087: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1096: <b>cond_true</b>: Condition &quot;!__coverity_strcmp(devname, &quot;bt&quot;)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:1097: <b>cond_true</b>: Condition &quot;devname[2]&quot;, taking true branch</span>
qemu-kvm-1.2.0/vl.c:1097: <b>uninit_use_in_call</b>: Using uninitialized value &quot;p&quot; when calling &quot;hci_init(char const *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/vl.c:640:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1078'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1078'>[#def1078]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1017: <b>var_decl</b>: Declaring variable &quot;qhdb&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1029: <b>cond_true</b>: Condition &quot;is_valid(link)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1029: <b>cond_true</b>: Condition &quot;cnt&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1030: <b>cond_false</b>: Condition &quot;s-&gt;frame_bytes &gt;= s-&gt;frame_bandwidth&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1035: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1036: <b>cond_true</b>: Condition &quot;is_qh(link)&quot;, taking true branch</span>
qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:1040: <b>uninit_use_in_call</b>: Using uninitialized element of array &quot;qhdb.addr&quot; when calling &quot;qhdb_insert(QhDb *, uint32_t)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:965:5: <b>cond_true</b>: Condition &quot;i &lt; db-&gt;count&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/usb/hcd-uhci.c:966:9: <b>read_parm_fld</b>: Reading a parameter field.</span>

<a name='def1079'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1079'>[#def1079]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:350: <b>var_decl</b>: Declaring variable &quot;saddr&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:361: <b>cond_false</b>: Condition &quot;is_connected&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:385: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:389: <b>cond_false</b>: Condition &quot;is_connected&quot;, taking false branch</span>
qemu-kvm-1.2.0/net/socket.c:392: <b>uninit_use</b>: Using uninitialized value &quot;saddr.sin_port&quot;.

<a name='def1080'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1080'>[#def1080]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:352: <b>var_decl</b>: Declaring variable &quot;saddr_len&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:361: <b>cond_true</b>: Condition &quot;is_connected&quot;, taking true branch</span>
qemu-kvm-1.2.0/net/socket.c:362: <b>uninit_use_in_call</b>: Using uninitialized value &quot;saddr_len&quot; when calling &quot;getsockname(int, __SOCKADDR_ARG, socklen_t * restrict)&quot;.

<a name='def1081'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1081'>[#def1081]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:648: <b>var_decl</b>: Declaring variable &quot;raddr&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:650: <b>cond_false</b>: Condition &quot;parse_host_port(&amp;laddr, lhost) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:652: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:654: <b>cond_false</b>: Condition &quot;parse_host_port(&amp;raddr, rhost) &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:656: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:659: <b>cond_false</b>: Condition &quot;fd &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:662: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:666: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:670: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:672: <b>cond_false</b>: Condition &quot;ret &lt; 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:676: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:679: <b>cond_false</b>: Condition &quot;!s&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/net/socket.c:681: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/net/socket.c:683: <b>uninit_use</b>: Using uninitialized value &quot;raddr&quot;: field &quot;raddr&quot;.&quot;sin_zero&quot; is uninitialized.

<a name='def1082'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1082'>[#def1082]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/block/nbd.c:303: <b>var_decl</b>: Declaring variable &quot;request&quot; without initializer.</span>
qemu-kvm-1.2.0/block/nbd.c:308: <b>uninit_use_in_call</b>: Using uninitialized value &quot;request.handle&quot; when calling &quot;nbd_send_request(int, struct nbd_request *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/nbd.c:485:5: <b>read_parm_fld</b>: Reading a parameter field.</span>

<a name='def1083'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1083'>[#def1083]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:216: <b>var_decl</b>: Declaring variable &quot;tv_now&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;*__errno_location() != 38&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_false</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:235: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_false</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:240: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:241: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>cond_true</b>: Condition &quot;i &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:246: <b>cond_true</b>: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
qemu-kvm-1.2.0/oslib-posix.c:247: <b>uninit_use</b>: Using uninitialized value &quot;tv_now.tv_sec&quot;.

<a name='def1084'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1084'>[#def1084]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:216: <b>var_decl</b>: Declaring variable &quot;tv_now&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;ret != -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:223: <b>cond_false</b>: Condition &quot;*__errno_location() != 38&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:225: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:230: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:232: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:233: <b>cond_false</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:235: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_false</b>: Condition &quot;(times + 0).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:238: <b>cond_false</b>: Condition &quot;(times + 1).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:240: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:241: <b>cond_true</b>: Condition &quot;(times + 0).tv_nsec == 1073741822L /* (1L &lt;&lt; 30) - 2L */&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:245: <b>cond_true</b>: Condition &quot;i &lt; 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/oslib-posix.c:246: <b>cond_true</b>: Condition &quot;(times + i).tv_nsec == 1073741823L /* (1L &lt;&lt; 30) - 1L */&quot;, taking true branch</span>
qemu-kvm-1.2.0/oslib-posix.c:248: <b>uninit_use</b>: Using uninitialized value &quot;tv_now.tv_usec&quot;.

<a name='def1085'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1085'>[#def1085]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/iohandler.c:206: <b>var_decl</b>: Declaring variable &quot;act&quot; without initializer.</span>
qemu-kvm-1.2.0/iohandler.c:211: <b>uninit_use_in_call</b>: Using uninitialized value &quot;act.sa_mask&quot;: field &quot;act.sa_mask&quot;.&quot;__val&quot; is uninitialized when calling &quot;sigaction(int, struct sigaction const * restrict, struct sigaction * restrict)&quot;.

<a name='def1086'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1086'>[#def1086]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:424: <b>var_decl</b>: Declaring variable &quot;ret&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:426: <b>cond_false</b>: Condition &quot;slirp_instances.tqh_first == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:428: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:436: <b>cond_true</b>: Condition &quot;slirp&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:440: <b>cond_true</b>: Condition &quot;time_fasttimo&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:440: <b>cond_true</b>: Condition &quot;curtime - time_fasttimo &gt;= 2&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:444: <b>cond_true</b>: Condition &quot;do_slowtimo&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:444: <b>cond_true</b>: Condition &quot;curtime - last_slowtimo &gt;= 499&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:453: <b>cond_true</b>: Condition &quot;!select_error&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:457: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:465: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:466: <b>continue</b>: Continuing loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:568: <b>loop</b>: Looping back</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:457: <b>cond_true</b>: Condition &quot;so != &amp;slirp-&gt;tcb&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:465: <b>cond_false</b>: Condition &quot;so-&gt;so_state &amp; 1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:465: <b>cond_false</b>: Condition &quot;so-&gt;s == -1&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:466: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:473: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:473: <b>cond_true</b>: Condition &quot;(xfds-&gt;fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; so-&gt;s % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:474: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:491: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:496: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:496: <b>cond_true</b>: Condition &quot;(writefds-&gt;fds_bits[({...})] &amp; (1L /* (__fd_mask)1 */ &lt;&lt; so-&gt;s % (64 /* 8 * (int)sizeof (__fd_mask) */))) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/slirp/slirp.c:500: <b>cond_true</b>: Condition &quot;so-&gt;so_state &amp; 2&quot;, taking true branch</span>
qemu-kvm-1.2.0/slirp/slirp.c:504: <b>uninit_use_in_call</b>: Using uninitialized value &quot;ret&quot; when calling &quot;send(int, void const *, size_t, int)&quot;.

<a name='def1087'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1087'>[#def1087]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:64: <b>var_decl</b>: Declaring variable &quot;mhHeader&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/libcacard/vscclient.c:68: <b>cond_true</b>: Condition &quot;verbose &gt; 10&quot;, taking true branch</span>
qemu-kvm-1.2.0/libcacard/vscclient.c:76: <b>uninit_use_in_call</b>: Using uninitialized value &quot;mhHeader&quot;: field &quot;mhHeader&quot;.&quot;data&quot; is uninitialized when calling &quot;write(int, void const *, size_t)&quot;.

<a name='def1088'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1088'>[#def1088]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openrisc_sim.c:66: <b>var_decl</b>: Declaring variable &quot;entry&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openrisc_sim.c:68: <b>cond_true</b>: Condition &quot;kernel_filename&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openrisc_sim.c:68: <b>cond_false</b>: Condition &quot;!qtest_enabled()&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/hw/openrisc_sim.c:88: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/hw/openrisc_sim.c:90: <b>uninit_use</b>: Using uninitialized value &quot;entry&quot;.

<a name='def1089'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1089'>[#def1089]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;0U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:97: <b>switch_case</b>: Reached case &quot;0U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:98: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_add(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3419:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1090'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1090'>[#def1090]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;4194304U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:114: <b>switch_case</b>: Reached case &quot;4194304U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:116: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_div(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3530:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1091'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1091'>[#def1091]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;5242880U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:119: <b>switch_case</b>: Reached case &quot;5242880U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:121: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_div(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3529:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1092'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1092'>[#def1092]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;1048576U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:101: <b>switch_case</b>: Reached case &quot;1048576U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:103: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_mul(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3468:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1093'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1093'>[#def1093]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;8388608U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:134: <b>switch_case</b>: Reached case &quot;8388608U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:135: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_rem(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3603:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1094'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1094'>[#def1094]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;3178496U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:173: <b>switch_case</b>: Reached case &quot;3178496U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:175: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_round_to_int(float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3196:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1095'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1095'>[#def1095]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;4227072U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:178: <b>switch_case</b>: Reached case &quot;4227072U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:179: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sqrt(float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3906:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1096'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1096'>[#def1096]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;2097152U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:106: <b>switch_case</b>: Reached case &quot;2097152U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:107: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sub(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3442:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1097'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1097'>[#def1097]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;3145728U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:110: <b>switch_case</b>: Reached case &quot;3145728U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:111: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFm&quot; when calling &quot;float64_sub(float64, float64, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:3441:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1098'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1098'>[#def1098]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFm&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:46: <b>cond_false</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:51: <b>else_branch</b>: Reached else branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:52: <b>switch</b>: Switch case value &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:62: <b>switch_case</b>: Reached case &quot;3&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:69: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:72: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:75: <b>cond_true</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:78: <b>switch</b>: Switch case value &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:80: <b>switch_case</b>: Reached case &quot;1&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:82: <b>break</b>: Breaking from switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:89: <b>switch_end</b>: Reached end of switch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:94: <b>switch</b>: Switch case value &quot;32768U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:145: <b>switch_case</b>: Reached case &quot;32768U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/double_cpdo.c:146: <b>uninit_use</b>: Using uninitialized value &quot;rFm&quot;.

<a name='def1099'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1099'>[#def1099]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;0U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:95: <b>switch_case</b>: Reached case &quot;0U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:96: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_add(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4662:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1100'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1100'>[#def1100]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;4194304U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:112: <b>switch_case</b>: Reached case &quot;4194304U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:114: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_div(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4767:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1101'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1101'>[#def1101]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;5242880U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:117: <b>switch_case</b>: Reached case &quot;5242880U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:119: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_div(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4770:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1102'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1102'>[#def1102]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;1048576U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:99: <b>switch_case</b>: Reached case &quot;1048576U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:101: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_mul(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4707:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1103'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1103'>[#def1103]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;8388608U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:132: <b>switch_case</b>: Reached case &quot;8388608U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:133: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_rem(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4847:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1104'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1104'>[#def1104]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;2097152U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:104: <b>switch_case</b>: Reached case &quot;2097152U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:105: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_sub(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4683:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1105'/><b>Error: <span style='background: #C0FF00;'>UNINIT</span> (CWE-457):</b> <a href ='#def1105'>[#def1105]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:40: <b>var_decl</b>: Declaring variable &quot;rFn&quot; without initializer.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:46: <b>cond_true</b>: Condition &quot;(opcode &amp; 8) != 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:49: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:68: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:70: <b>cond_false</b>: Condition &quot;!((opcode &amp; 32768) != 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:89: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:92: <b>switch</b>: Switch case value &quot;3145728U&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:108: <b>switch_case</b>: Reached case &quot;3145728U&quot;</span>
qemu-kvm-1.2.0/linux-user/arm/nwfpe/extended_cpdo.c:109: <b>uninit_use_in_call</b>: Using uninitialized value &quot;rFn&quot;: field &quot;rFn&quot;.&quot;high&quot; is uninitialized when calling &quot;floatx80_sub(floatx80, floatx80, float_status *)&quot;.
<span style='color: #808080;'>qemu-kvm-1.2.0/fpu/softfloat.c:4684:5: <b>read_parm</b>: Reading a parameter value.</span>

<a name='def1106'/><b>Error: <span style='background: #C0FF00;'>UNREACHABLE</span> (CWE-561):</b> <a href ='#def1106'>[#def1106]</a>
qemu-kvm-1.2.0/hw/usb/hcd-musb.c:573: <b>unreachable</b>: This code cannot be reached: &quot;switch (ttype){
  case 0:  ...&quot;.

<a name='def1107'/><b>Error: <span style='background: #C0FF00;'>UNREACHABLE</span> (CWE-561):</b> <a href ='#def1107'>[#def1107]</a>
qemu-kvm-1.2.0/gdbstub.c:446: <b>unreachable</b>: Since the loop increment is unreachable, the loop body will never execute more than once.

<a name='def1108'/><b>Error: <span style='background: #C0FF00;'>UNREACHABLE</span> (CWE-561):</b> <a href ='#def1108'>[#def1108]</a>
qemu-kvm-1.2.0/hw/sd.c:343: <b>unreachable</b>: This code cannot be reached: &quot;return sd_crc7(buffer, 5UL)...&quot;.

<a name='def1109'/><b>Error: <span style='background: #C0FF00;'>UNREACHABLE</span> (CWE-561):</b> <a href ='#def1109'>[#def1109]</a>
qemu-kvm-1.2.0/hw/ide/microdrive.c:212: <b>unreachable</b>: This code cannot be reached: &quot;if (s-&gt;cycle)ret = s-&gt;io &gt;&gt;...&quot;.

<a name='def1110'/><b>Error: <span style='background: #C0FF00;'>UNREACHABLE</span> (CWE-561):</b> <a href ='#def1110'>[#def1110]</a>
qemu-kvm-1.2.0/hw/ide/microdrive.c:273: <b>unreachable</b>: This code cannot be reached: &quot;if (s-&gt;cycle)ide_data_write...&quot;.

<a name='def1111'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1111'>[#def1111]</a>
qemu-kvm-1.2.0/block/qed.c:679: <b>returned_pointer</b>: Pointer &quot;cb.co&quot; returned by &quot;qemu_coroutine_self()&quot; is never used.

<a name='def1112'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1112'>[#def1112]</a>
qemu-kvm-1.2.0/block/qed.c:1395: <b>returned_pointer</b>: Pointer &quot;cb.co&quot; returned by &quot;qemu_coroutine_self()&quot; is never used.

<a name='def1113'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1113'>[#def1113]</a>
qemu-kvm-1.2.0/json-parser.c:545: <b>returned_pointer</b>: Pointer &quot;token&quot; returned by &quot;parser_context_pop_token(ctxt)&quot; is never used.

<a name='def1114'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1114'>[#def1114]</a>
qemu-kvm-1.2.0/linux-user/mmap.c:484: <b>returned_pointer</b>: Pointer &quot;p&quot; returned by &quot;mmap((void *)((unsigned long)(target_ulong)start + guest_base), len, prot, flags | 0x10, fd, host_offset)&quot; is never used.

<a name='def1115'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1115'>[#def1115]</a>
qemu-kvm-1.2.0/linux-user/mmap.c:754: <b>returned_pointer</b>: Pointer &quot;host_addr&quot; returned by &quot;mremap((void *)((unsigned long)(target_ulong)old_addr + guest_base), new_size, old_size, flags)&quot; is never used.

<a name='def1116'/><b>Error: <span style='background: #C0FF00;'>UNUSED_VALUE</span> (CWE-563):</b> <a href ='#def1116'>[#def1116]</a>
qemu-kvm-1.2.0/json-parser.c:466: <b>returned_pointer</b>: Pointer &quot;token&quot; returned by &quot;parser_context_pop_token(ctxt)&quot; is never used.

<a name='def1117'/><b>Error: <span style='background: #C0FF00;'>USE_AFTER_FREE</span> (CWE-416):</b> <a href ='#def1117'>[#def1117]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:141: <b>cond_false</b>: Condition &quot;envlist == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:141: <b>cond_false</b>: Condition &quot;env == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:142: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:145: <b>cond_false</b>: Condition &quot;(eq_sign = __coverity_strchr(env, 61)) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:146: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:154: <b>alias</b>: Assigning: &quot;entry&quot; = &quot;envlist-&gt;el_entries.lh_first&quot;. Now both point to the same storage.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:154: <b>cond_true</b>: Condition &quot;entry != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:156: <b>cond_true</b>: Condition &quot;__coverity_strncmp(entry-&gt;ev_var, env, envname_len) == 0&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:157: <b>break</b>: Breaking from loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:158: <b>loop_end</b>: Reached end of loop</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:160: <b>cond_true</b>: Condition &quot;entry != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:161: <b>cond_true</b>: Condition &quot;entry-&gt;ev_link.le_next != NULL&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:163: <b>freed_arg</b>: &quot;free(void *)&quot; frees &quot;entry&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:164: <b>if_fallthrough</b>: Falling through to end of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:166: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:168: <b>cond_false</b>: Condition &quot;(entry = malloc(24UL /* sizeof (*entry) */)) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:169: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:170: <b>cond_false</b>: Condition &quot;0&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:170: <b>cond_false</b>: Condition &quot;(entry-&gt;ev_var = ((0 &amp;&amp; (size_t)(void const *)(env + 1) - (size_t)(void const *)env == 1) ? ((char const *)env[0] == 0) ? (char *)calloc(1UL /* (size_t)1 */, 1UL /* (size_t)1 */) : ({...}) : __strdup(env))) == NULL&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/envlist.c:173: <b>if_end</b>: End of if statement</span>
qemu-kvm-1.2.0/envlist.c:174: <b>use_after_free</b>: Using freed pointer &quot;envlist-&gt;el_entries.lh_first&quot;.

<a name='def1118'/><b>Error: <span style='background: #C0FF00;'>USE_AFTER_FREE</span> (CWE-416):</b> <a href ='#def1118'>[#def1118]</a>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:183: <b>cond_false</b>: Condition &quot;!wav-&gt;f&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:185: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:190: <b>cond_false</b>: Condition &quot;fseek(wav-&gt;f, 4, 0)&quot;, taking false branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:194: <b>if_end</b>: End of if statement</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:195: <b>cond_true</b>: Condition &quot;fwrite(rlen, 4, 1, wav-&gt;f) != 1&quot;, taking true branch</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:198: <b>goto</b>: Jumping to label &quot;doclose&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:211: <b>label</b>: Reached label &quot;doclose&quot;</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:212: <b>freed_arg</b>: &quot;fclose(FILE *)&quot; frees &quot;wav-&gt;f&quot;.</span>
<span style='color: #808080;'>qemu-kvm-1.2.0/audio/wavaudio.c:212: <b>cond_true</b>: Condition &quot;fclose(wav-&gt;f)&quot;, taking true branch</span>
qemu-kvm-1.2.0/audio/wavaudio.c:213: <b>pass_freed_arg</b>: Passing freed pointer &quot;wav-&gt;f&quot; as an argument to function &quot;dolog(char const *, ...)&quot;.

</pre>
<h2>Scan Properties</h2>
<table style='font-family: monospace;'>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>analyzer</td><td>coverity</td></tr>
<tr><td style='padding-right: 8px;'>analyzer-args</td><td>--wait-for-license --security --concurrency</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>analyzer-version</td><td>Coverity Static Analysis for C/C++ version 6.5.0 on Linux 2.6.32-279.el6.x86_64 x86_64\nInternal version numbers: 5cf350e73a3d7603cb5520c80316bfaded6febde p-carmel-push-12518.257</td></tr>
<tr><td style='padding-right: 8px;'>compilation-unit-count</td><td>2633</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>compilation-unit-ratio</td><td>99</td></tr>
<tr><td style='padding-right: 8px;'>host</td><td>cov01.lab.eng.brq.redhat.com</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>lines-processed</td><td>761013</td></tr>
<tr><td style='padding-right: 8px;'>mock-config</td><td>fedora-rawhide-xscan</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>project-name</td><td>qemu-1.2.0-25.fc19</td></tr>
<tr><td style='padding-right: 8px;'>time-created</td><td>2012-12-07 08:44:41</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>time-elapsed-analysis</td><td>00:24:49</td></tr>
<tr><td style='padding-right: 8px;'>time-finished</td><td>2012-12-07 09:41:35</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>tool</td><td>cov-mockbuild</td></tr>
<tr><td style='padding-right: 8px;'>tool-args</td><td>-i fedora-rawhide-xscan qemu-1.2.0-25.fc19.src.rpm --security --concurrency</td></tr>
<tr style='background-color: #EEE;'><td style='padding-right: 8px;'>tool-version</td><td>cov-mockbuild-0.20121127_91fc7f1-1.el6.noarch csdiff-0.20121113_49dc2ca-1.el6.x86_64</td></tr>
</table>
</body>
</html>

Actions: View

Attachments on bug 887927: 665081