Message ID | 20180604151421.23385-4-f4bug@amsat.org |
---|---|
State | New |
Headers | show |
Series | usb: fix bugs reported by Clang Static Analyzer | expand |
> + for (i = c->argc; i < ARRAY_SIZE(c->argv); i++) { > + c->argv[i] = 0; > + } I think the code filling c->argv (in usb_mtp_handle_data) should so that. Or just memset(0) cmd in usb_mtp_handle_data ... cheers, Gerd PS: the other patches are fine.
diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index b0ab6a7912..dd96c91cf9 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -1281,6 +1281,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) MTPData *data_in = NULL; MTPObject *o = NULL; uint32_t nres = 0, res0 = 0; + int i; /* sanity checks */ if (c->code >= CMD_CLOSE_SESSION && s->session == 0) { @@ -1289,6 +1290,10 @@ static void usb_mtp_command(MTPState *s, MTPControl *c) return; } + for (i = c->argc; i < ARRAY_SIZE(c->argv); i++) { + c->argv[i] = 0; + } + /* process commands */ switch (c->code) { case CMD_GET_DEVICE_INFO:
This fixes: hw/usb/dev-mtp.c:1212:13: warning: 2nd function call argument is an uninitialized value o = usb_mtp_object_lookup(s, c->argv[0]); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Reported-by: Clang Static Analyzer Suggested-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> --- hw/usb/dev-mtp.c | 5 +++++ 1 file changed, 5 insertions(+)