From bcc4e517d5ce41e541484ade9b2800ba06a9b903 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Fri, 16 May 2014 23:01:57 +0100 Subject: [PATCH] core: fix/silence issues reported by Coverity * libusb has been added to Coverity at https://scan.coverity.com/projects/2180 * Use "// coverity[keyword]" to silence the issues we don't care about * All other issues from the Windows build have been fixed, apart from the closing of the DLLs. --- examples/ezusb.c | 14 +++++++++----- examples/xusb.c | 1 + libusb/core.c | 20 ++++++++++---------- libusb/os/windows_usb.c | 30 +++++++++++++++++------------- libusb/version_nano.h | 2 +- 5 files changed, 38 insertions(+), 29 deletions(-) diff --git a/examples/ezusb.c b/examples/ezusb.c index 5111f98..f369e50 100644 --- a/examples/ezusb.c +++ b/examples/ezusb.c @@ -442,9 +442,11 @@ static int parse_iic(FILE *image, void *context, if (initial_pos < 0) return -1; - fseek(image, 0L, SEEK_END); + if (fseek(image, 0L, SEEK_END) != 0) + return -1; file_size = ftell(image); - fseek(image, initial_pos, SEEK_SET); + if (fseek(image, initial_pos, SEEK_SET) != 0) + return -1; for (;;) { /* Ignore the trailing reset IIC data (5 bytes) */ if (ftell(image) >= (file_size - 5)) @@ -633,7 +635,8 @@ static int fx3_load_ram(libusb_device_handle *device, const char *path) if (dLength == 0) break; // done - dImageBuf = calloc(dLength, sizeof(uint32_t)); + // coverity[tainted_data] + dImageBuf = (uint32_t*)calloc(dLength, sizeof(uint32_t)); if (dImageBuf == NULL) { logerror("could not allocate buffer for image chunk\n"); ret = -4; @@ -813,9 +816,10 @@ int ezusb_load_ram(libusb_device_handle *device, const char *path, int fx_type, } } - if (verbose) + if (verbose && (ctx.count != 0)) { logerror("... WROTE: %d bytes, %d segments, avg %d\n", - (int)ctx.total, (int)ctx.count, (int)(ctx.total/ctx.count)); + (int)ctx.total, (int)ctx.count, (int)(ctx.total/ctx.count)); + } /* if required, reset the CPU so it runs what we just uploaded */ if (cpucs_addr && !ezusb_cpucs(device, cpucs_addr, true)) diff --git a/examples/xusb.c b/examples/xusb.c index 77c8c46..540c90e 100644 --- a/examples/xusb.c +++ b/examples/xusb.c @@ -512,6 +512,7 @@ static int test_mass_storage(libusb_device_handle *handle, uint8_t endpoint_in, get_sense(handle, endpoint_in, endpoint_out); } + // coverity[tainted_data] data = (unsigned char*) calloc(1, block_size); if (data == NULL) { perr(" unable to allocate data buffer\n"); diff --git a/libusb/core.c b/libusb/core.c index ffce020..14417f5 100644 --- a/libusb/core.c +++ b/libusb/core.c @@ -775,22 +775,22 @@ int API_EXPORTED libusb_get_port_numbers(libusb_device *dev, uint8_t* port_numbers, int port_numbers_len) { int i = port_numbers_len; + struct libusb_context *ctx = DEVICE_CTX(dev); - while(dev) { - // HCDs can be listed as devices and would have port #0 - // TODO: see how the other backends want to implement HCDs as parents - if (dev->port_number == 0) - break; - i--; - if (i < 0) { - usbi_warn(DEVICE_CTX(dev), - "port numbers array too small"); + if (port_numbers_len <= 0) + return LIBUSB_ERROR_INVALID_PARAM; + + // HCDs can be listed as devices with port #0 + while((dev) && (dev->port_number != 0)) { + if (--i < 0) { + usbi_warn(ctx, "port numbers array is too small"); return LIBUSB_ERROR_OVERFLOW; } port_numbers[i] = dev->port_number; dev = dev->parent_dev; } - memmove(port_numbers, &port_numbers[i], port_numbers_len - i); + if (i < port_numbers_len) + memmove(port_numbers, &port_numbers[i], port_numbers_len - i); return port_numbers_len - i; } diff --git a/libusb/os/windows_usb.c b/libusb/os/windows_usb.c index 7f4f315..488ea7b 100644 --- a/libusb/os/windows_usb.c +++ b/libusb/os/windows_usb.c @@ -209,7 +209,7 @@ static char* sanitize_path(const char* path) size = safe_strlen(path)+1; root_size = sizeof(root_prefix)-1; - // Microsoft indiscriminatly uses '\\?\', '\\.\', '##?#" or "##.#" for root prefixes. + // Microsoft indiscriminately uses '\\?\', '\\.\', '##?#" or "##.#" for root prefixes. if (!((size > 3) && (((path[0] == '\\') && (path[1] == '\\') && (path[3] == '\\')) || ((path[0] == '#') && (path[1] == '#') && (path[3] == '#'))))) { add_root = root_size; @@ -221,7 +221,7 @@ static char* sanitize_path(const char* path) safe_strcpy(&ret_path[add_root], size-add_root, path); - // Ensure consistancy with root prefix + // Ensure consistency with root prefix for (j=0; jconfig_descriptor[i] = (unsigned char*) malloc(cd_data->wTotalLength); if (priv->config_descriptor[i] == NULL) - return LIBUSB_ERROR_NO_MEM; + LOOP_BREAK(LIBUSB_ERROR_NO_MEM); memcpy(priv->config_descriptor[i], cd_data, cd_data->wTotalLength); } return LIBUSB_SUCCESS; @@ -1094,13 +1095,14 @@ static int init_device(struct libusb_device* dev, struct libusb_device* parent_d DWORD size; USB_NODE_CONNECTION_INFORMATION_EX conn_info; struct windows_device_priv *priv, *parent_priv; - struct libusb_context *ctx = DEVICE_CTX(dev); + struct libusb_context *ctx; struct libusb_device* tmp_dev; unsigned i; if ((dev == NULL) || (parent_dev == NULL)) { return LIBUSB_ERROR_NOT_FOUND; } + ctx = DEVICE_CTX(dev); priv = _device_priv(dev); parent_priv = _device_priv(parent_dev); if (parent_priv->apib->id != USB_API_HUB) { @@ -1148,6 +1150,7 @@ static int init_device(struct libusb_device* dev, struct libusb_device* parent_d } size = sizeof(conn_info); conn_info.ConnectionIndex = (ULONG)port_number; + // coverity[tainted_data_argument] if (!DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_INFORMATION_EX, &conn_info, size, &conn_info, size, &size, NULL)) { usbi_warn(ctx, "could not get node connection information for device '%s': %s", @@ -1687,10 +1690,12 @@ static int windows_get_device_list(struct libusb_context *ctx, struct discovered } // Unref newly allocated devs - for (i=0; i