diff mbox series

[v2,3/3] usb/dev-mtp: Fix use of uninitialized values

Message ID 20180604151421.23385-4-f4bug@amsat.org
State New
Headers show
Series usb: fix bugs reported by Clang Static Analyzer | expand

Commit Message

Philippe Mathieu-Daudé June 4, 2018, 3:14 p.m. UTC 
This fixes:

  hw/usb/dev-mtp.c:1212:13: warning: 2nd function call argument is an uninitialized value
      o = usb_mtp_object_lookup(s, c->argv[0]);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Reported-by: Clang Static Analyzer
Suggested-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
---
 hw/usb/dev-mtp.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Gerd Hoffmann June 5, 2018, 9:21 a.m. UTC | #1 
> +    for (i = c->argc; i < ARRAY_SIZE(c->argv); i++) {
> +        c->argv[i] = 0;
> +    }

I think the code filling c->argv (in usb_mtp_handle_data) should so
that.  Or just memset(0) cmd in usb_mtp_handle_data ...

cheers,
  Gerd

PS: the other patches are fine.
diff mbox series

Patch

diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c
index b0ab6a7912..dd96c91cf9 100644
--- a/hw/usb/dev-mtp.c
+++ b/hw/usb/dev-mtp.c
@@ -1281,6 +1281,7 @@  static void usb_mtp_command(MTPState *s, MTPControl *c)
     MTPData *data_in = NULL;
     MTPObject *o = NULL;
     uint32_t nres = 0, res0 = 0;
+    int i;
 
     /* sanity checks */
     if (c->code >= CMD_CLOSE_SESSION && s->session == 0) {
@@ -1289,6 +1290,10 @@  static void usb_mtp_command(MTPState *s, MTPControl *c)
         return;
     }
 
+    for (i = c->argc; i < ARRAY_SIZE(c->argv); i++) {
+        c->argv[i] = 0;
+    }
+
     /* process commands */
     switch (c->code) {
     case CMD_GET_DEVICE_INFO: