From: Johan Hedberg <johan.hedberg@gmail.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: linux-bluetooth@vger.kernel.org
Subject: Re: [PATCH] init and extra checking fixups
Date: Fri, 2 Oct 2009 11:30:05 +0200 [thread overview]
Message-ID: <20091002093005.GC13444@jh-x301> (raw)
In-Reply-To: <200909261237.58379.sgrubb@redhat.com>
Hi,
On Sat, Sep 26, 2009, Steve Grubb wrote:
> I was doing some code reviews of the 4.54 release and found a couple
> things that should be fixed up. This patch is looking at things that may not
> have been initialized or is doing value checks that are unnecessary.
>
> In audio/avdtp.c, the avdtp_setconf_cmd function has an exit jump for failed.
> There are several calls to the goto that do not set err to something, meaning
> that the stack contents are what's used. I set err =0 in the beginning so that
> we no longer use the stack contents, but it seems like there should be some
> general error code that says we failed for an unspecified reason.
>
> In audio/control.c, the function control_cb takes a variable cond and first
> thing it or's G_IO_IN with it and uses the result for a test in an if
> statement. I suspect it should be a '&' operator.
>
> In audio/unix.c, the function a2dp_discovery_complete at line 659 has a
> variable ca2dp. There is a check at line 661 to see that its not NULL. It can
> never be NULL because its position in the unix_client structure will never
> let it be NULL. So, this check should be dropped.
>
> In compat/hidd.c, there is a function do_connect with a variable, name. It
> could conceivably be uninitialized when used in a strcmp at line 473.
>
> In lib/sdp.c, the function sdp_get_lang_attr has a variable pCode that is
> being checked for non-NULL at line 2029. It gets its value from curr_data which
> has to be non-NULL to enter the loop. So, checking pCode does nothing. It
> should be dropped.
>
> Same file, in the function sdp_service_attr_req there is a variable
> rsp_concat_buf. If the allocations for reqbuf or rspbuf fail, it goes to end
> where it will attempt to free rsp_concat_buf.data which is whatever the stack
> contents are. This same issue pops up again in the function,
> sdp_service_search_attr_req a little farther down.
>
> NOT FIXED - In src/sdpd-service.c, the function create_ext_inquiry_response
> has a variable uuid that is used at line 223 in an equality test without
> having been initialized. No idea what the right code for that is.
>
> In tools/hcitool.c, around line 687, handle could conceivably be used without
> being initialized. I set it to 0.
>
> Signed-off-by: Steve Grubb <sgrubb@redhat.com>
I went ahead and split up this patch myself and also did the few necessary
fixups to it. The changes are now upstream.
Johan
next prev parent reply other threads:[~2009-10-02 9:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-26 16:37 [PATCH] init and extra checking fixups Steve Grubb
2009-09-27 0:00 ` David Sainty
2009-09-27 3:01 ` Luiz Augusto von Dentz
2009-09-27 8:41 ` Johan Hedberg
2009-10-02 9:30 ` Johan Hedberg [this message]
2009-10-02 15:26 ` Steve Grubb
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091002093005.GC13444@jh-x301 \
--to=johan.hedberg@gmail.com \
--cc=linux-bluetooth@vger.kernel.org \
--cc=sgrubb@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.