[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 12/24] bt: fix use of uninitialized variable seqlen
From: |
Michael Tokarev |
Subject: |
[Qemu-devel] [PULL 12/24] bt: fix use of uninitialized variable seqlen |
Date: |
Fri, 6 Nov 2015 15:43:49 +0300 |
From: Paolo Bonzini <address@hidden>
sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last
argument. The only sensible way to change the code is to make that last
argument "len" instead of "seqlen" which is the length of a subsequence
in the previous "if" branch.
To make the structure of the code clearer, use "else" instead of
"else if".
Reported by Coverity.
Signed-off-by: Paolo Bonzini <address@hidden>
Signed-off-by: Michael Tokarev <address@hidden>
---
hw/bt/sdp.c | 29 ++++++++++++++++++++---------
1 file changed, 20 insertions(+), 9 deletions(-)
diff --git a/hw/bt/sdp.c b/hw/bt/sdp.c
index c903747..b9bcdcc 100644
--- a/hw/bt/sdp.c
+++ b/hw/bt/sdp.c
@@ -150,12 +150,14 @@ static ssize_t sdp_svc_search(struct bt_l2cap_sdp_state_s
*sdp,
if (seqlen < 3 || len < seqlen)
return -SDP_INVALID_SYNTAX;
len -= seqlen;
-
while (seqlen)
if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
+ } else {
+ if (sdp_svc_match(sdp, &req, &len)) {
+ return -SDP_INVALID_SYNTAX;
+ }
+ }
if (len < 3)
return -SDP_INVALID_SYNTAX;
@@ -278,8 +280,11 @@ static ssize_t sdp_attr_get(struct bt_l2cap_sdp_state_s
*sdp,
while (seqlen)
if (sdp_attr_match(record, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
- } else if (sdp_attr_match(record, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
+ } else {
+ if (sdp_attr_match(record, &req, &len)) {
+ return -SDP_INVALID_SYNTAX;
+ }
+ }
if (len < 1)
return -SDP_INVALID_SYNTAX;
@@ -393,8 +398,11 @@ static ssize_t sdp_svc_search_attr_get(struct
bt_l2cap_sdp_state_s *sdp,
while (seqlen)
if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
+ } else {
+ if (sdp_svc_match(sdp, &req, &len)) {
+ return -SDP_INVALID_SYNTAX;
+ }
+ }
if (len < 3)
return -SDP_INVALID_SYNTAX;
@@ -413,8 +421,11 @@ static ssize_t sdp_svc_search_attr_get(struct
bt_l2cap_sdp_state_s *sdp,
while (seqlen)
if (sdp_svc_attr_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
- } else if (sdp_svc_attr_match(sdp, &req, &seqlen))
- return -SDP_INVALID_SYNTAX;
+ } else {
+ if (sdp_svc_attr_match(sdp, &req, &len)) {
+ return -SDP_INVALID_SYNTAX;
+ }
+ }
if (len < 1)
return -SDP_INVALID_SYNTAX;
--
2.1.4
- Re: [Qemu-devel] [PULL 17/24] qom/object: fix 2 comment typos, (continued)
[Qemu-devel] [PULL 16/24] configure: remove help string for 'vnc-tls' option, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 03/24] hw/display/tcx: Remove superfluous OBJECT() typecasts, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 13/24] ui: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 24/24] tap-bsd: use user-specified tap device if it already exists, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 14/24] qxl: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 19/24] ivshmem-server: fix possible OVERRUN, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 07/24] xen: fix invalid assertion, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 05/24] fix bad indentation in pcie_cap_slot_write_config(), Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 12/24] bt: fix use of uninitialized variable seqlen,
Michael Tokarev <=
[Qemu-devel] [PULL 21/24] exec: avoid unnecessary cacheline bounce on ram_list.mru_block, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 22/24] taget-ppc: Fix read access to IBAT registers higher than IBAT3, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 18/24] pci-assign: do not test path with access() before opening, Michael Tokarev, 2015/11/06
Re: [Qemu-devel] [PULL 00/24] Trivial patches for 2015-11-06, Peter Maydell, 2015/11/06
[Qemu-devel] [PULL 15/24] usb: Use g_new() & friends where that makes obvious sense, Michael Tokarev, 2015/11/06
[Qemu-devel] [PULL 04/24] maint: Ignore ivshmem binaries, Michael Tokarev, 2015/11/06