From nobody Thu Oct 30 16:40:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1500921865253431.9427514611252; Mon, 24 Jul 2017 11:44:25 -0700 (PDT) Received: from localhost ([::1]:56396 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZiL7-0004qu-LJ for importer@patchew.org; Mon, 24 Jul 2017 14:44:21 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50447) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZi6F-0000Xh-TR for qemu-devel@nongnu.org; Mon, 24 Jul 2017 14:29:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZi6E-00054w-SP for qemu-devel@nongnu.org; Mon, 24 Jul 2017 14:28:59 -0400 Received: from mail-qk0-x244.google.com ([2607:f8b0:400d:c09::244]:35947) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dZi6E-000546-Og for qemu-devel@nongnu.org; Mon, 24 Jul 2017 14:28:58 -0400 Received: by mail-qk0-x244.google.com with SMTP id d136so10666863qkg.3 for ; Mon, 24 Jul 2017 11:28:58 -0700 (PDT) Received: from yoga.offpageads.com ([138.117.48.223]) by smtp.gmail.com with ESMTPSA id t57sm9033799qtt.18.2017.07.24.11.28.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Jul 2017 11:28:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eD+h7Tnaf92i6bqvVio/3GhrAwuC9rNOvKnQs/YGhG4=; b=JGGKyeGm6glN4hwg59lucR7XSi+Upj5AbGlzmEtxN2BredxQZ/PaTBDcETp/j1mvX+ tqjUBH/s5sesvRK0CthcXAwZ1ScBWjvqeK+ZwEvitp21jVulZ90N3T12y9roWluy/Z6Z XokikbZemNYGKhXI2A5lzf6PDkfax78LoDxr+Ermt4vh97PtX23n8cTzkkJsMBKE2kLM YOtOAYQwsC76LSCCV4+m+UYUrBuJWTRbLen0CthP/uscmBFEVQ/TMN8sXC1xvvq3H6aT lHQaOlRlubs45ryYVrOgFeTpJ3HP9GBK5CqrN0awn50gecveV/FCUhaeV47flES/siwO QXYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=eD+h7Tnaf92i6bqvVio/3GhrAwuC9rNOvKnQs/YGhG4=; b=q19qJAn72+jji46/nvuw4bS6O3pJylR14lwQdf4YhGmpF8J+W6bZOPEparjA2UmiJM IQnNtOvJpoKxVbne9F6eNPivSHD+S/+3RvLysAvA3Wev1PQT0MMWxe/Mv7If1JRhaq6n Fu7bvs7KhNn/7n/dFSk0IEUqphBXA4hc0NzQr4V0a4Wsp2Ir2sAmVVR/puLX1VR/2Ouy Fk6G+EjTl6BFtaldMQnVjKMiD+5/NwkvTpdoAg6a7HOYV5sorI2CPaELF31fUoxFJ3CP QmEk1Hh1XcHJOQ3DLCGC4nNF3a9MNf4XzQ57gt1v1KrLUxNDwOc/2l33HWs70j2KzJVC ay2A== X-Gm-Message-State: AIVw112P3gvGAR53+RWlJMPcyIsJYwrEB8p649qDxCxY7lvVnMFkiL25 HOMZGlfkhV9uyamcu7tzrg== X-Received: by 10.55.179.133 with SMTP id c127mr22166602qkf.356.1500920938306; Mon, 24 Jul 2017 11:28:58 -0700 (PDT) From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= To: Eric Blake , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Gerd Hoffmann Date: Mon, 24 Jul 2017 15:27:33 -0300 Message-Id: <20170724182751.18261-18-f4bug@amsat.org> X-Mailer: git-send-email 2.13.3 In-Reply-To: <20170724182751.18261-1-f4bug@amsat.org> References: <20170724182751.18261-1-f4bug@amsat.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400d:c09::244 Subject: [Qemu-devel] [PATCH for 2.10 17/35] usb/dev-mtp: fix use of uninitialized values X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-devel@nongnu.org Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Reported-by: Clang Static Analyzer Signed-off-by: Philippe Mathieu-Daud=C3=A9 --- hw/usb/dev-mtp.c | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/hw/usb/dev-mtp.c b/hw/usb/dev-mtp.c index 6dfece9ea9..ad64495f05 100644 --- a/hw/usb/dev-mtp.c +++ b/hw/usb/dev-mtp.c @@ -1134,7 +1134,7 @@ static void usb_mtp_command(MTPState *s, MTPControl *= c) c->trans, 1, s->session, 0); return; } - if (c->argv[0] =3D=3D 0) { + if (c->argc =3D=3D 0 || c->argv[0] =3D=3D 0) { usb_mtp_queue_result(s, RES_INVALID_PARAMETER, c->trans, 0, 0, 0); return; @@ -1162,8 +1162,9 @@ static void usb_mtp_command(MTPState *s, MTPControl *= c) data_in =3D usb_mtp_get_storage_ids(s, c); break; case CMD_GET_STORAGE_INFO: - if (c->argv[0] !=3D QEMU_STORAGE_ID && - c->argv[0] !=3D 0xffffffff) { + if (c->argc =3D=3D 0 || + (c->argv[0] !=3D QEMU_STORAGE_ID && + c->argv[0] !=3D 0xffffffff)) { usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, c->trans, 0, 0, 0); return; @@ -1172,22 +1173,25 @@ static void usb_mtp_command(MTPState *s, MTPControl= *c) break; case CMD_GET_NUM_OBJECTS: case CMD_GET_OBJECT_HANDLES: - if (c->argv[0] !=3D QEMU_STORAGE_ID && - c->argv[0] !=3D 0xffffffff) { + if (c->argc =3D=3D 0 || + (c->argv[0] !=3D QEMU_STORAGE_ID && + c->argv[0] !=3D 0xffffffff)) { usb_mtp_queue_result(s, RES_INVALID_STORAGE_ID, c->trans, 0, 0, 0); return; } - if (c->argv[1] !=3D 0x00000000) { + if (c->argc > 1 && c->argv[1] !=3D 0x00000000) { usb_mtp_queue_result(s, RES_SPEC_BY_FORMAT_UNSUPPORTED, c->trans, 0, 0, 0); return; } - if (c->argv[2] =3D=3D 0x00000000 || - c->argv[2] =3D=3D 0xffffffff) { - o =3D QTAILQ_FIRST(&s->objects); - } else { - o =3D usb_mtp_object_lookup(s, c->argv[2]); + if (c->argc > 2) { + if (c->argv[2] =3D=3D 0x00000000 || + c->argv[2] =3D=3D 0xffffffff) { + o =3D QTAILQ_FIRST(&s->objects); + } else { + o =3D usb_mtp_object_lookup(s, c->argv[2]); + } } if (o =3D=3D NULL) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_HANDLE, @@ -1264,8 +1268,9 @@ static void usb_mtp_command(MTPState *s, MTPControl *= c) res0 =3D data_in->length; break; case CMD_GET_OBJECT_PROPS_SUPPORTED: - if (c->argv[0] !=3D FMT_UNDEFINED_OBJECT && - c->argv[0] !=3D FMT_ASSOCIATION) { + if (c->argc =3D=3D 0 || + (c->argv[0] !=3D FMT_UNDEFINED_OBJECT && + c->argv[0] !=3D FMT_ASSOCIATION)) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, c->trans, 0, 0, 0); return; @@ -1273,8 +1278,9 @@ static void usb_mtp_command(MTPState *s, MTPControl *= c) data_in =3D usb_mtp_get_object_props_supported(s, c); break; case CMD_GET_OBJECT_PROP_DESC: - if (c->argv[1] !=3D FMT_UNDEFINED_OBJECT && - c->argv[1] !=3D FMT_ASSOCIATION) { + if (c->argc > 1 && + (c->argv[1] !=3D FMT_UNDEFINED_OBJECT && + c->argv[1] !=3D FMT_ASSOCIATION)) { usb_mtp_queue_result(s, RES_INVALID_OBJECT_FORMAT_CODE, c->trans, 0, 0, 0); return; --=20 2.13.3