The addition could overflow, the upcast needs to be performed before,
not after.
Fixes all clang-tidy bugprone-misplaced-widening-cast warnings
References #1479
Copy-pasting can often result in mistakes like:
```
if (test_value(x)) {
y++;
do_something(x, y);
} else {
y++;
do_something(x, y);
}
```
Thus it is preferable that branch bodies be unique.
Fixes all clang-tidy bugprone-branch-clone warnings
References #1479
These multiplication could indeed have overflowed, but now they are
performed with a bigger type, matching the type they are ultimately
stored in.
Fixes all clang-tidy bugprone-implicit-widening-of-multiplication-result
warnings
References #1479
Depending on the font, an l suffix can look like a 1. Consider "231l".
Thus prefer uppercase.
Fixes all clang-tidy readability-uppercase-literal-suffix warnings
References #1479
The C langugage reserves various identifiers for itself that user code
must not use.
Fixes all clang-tidy bugprone-reserved-identifier warnings
Also, 4 of 5 file extension tests were case insensitive, and 1 was not.
Changed it to be insensitive too.
References #1479
The first iteration of this loop was safe because the beginning of the
function checked that `size` is at least LIBUSB_DT_CONFIG_SIZE (9) bytes
long.
But for subsequent iterations, it could advance the pointer too far
(which is undefined behaviour) depending on the content of the buffer
itself.
Closes#1460
All the right hand side is `dev_cap`, change one outlier to match.
Also clarify the relationships between some magic numbers.
No change in behaviour here.
This was checking that `size` is at least `LIBUSB_DT_CONFIG_SIZE` (9)
bytes long, but then increments the pointer with `buf +=
header.bLength`. That could end up pointing past of the end of the
buffer. There is a subsequent check that would prevent dereferencing it,
but it's still undefined behaviour to even create such a pointer.
Add a check with a similar pattern as elsewhere in this file.
This function had a few problems:
- it takes two buffers as parameters but knows nothing about their
length, making it easy to overrun them.
- callers make unwarranted assumptions about the alignment of
structures that are passed to it (it assumes there's no padding)
- it has tricky pointer arithmetic and masking
With this new formulation, it's easier to see what's being read/written,
especially the destination. It's now very clear that the destination is
not being overrun because we are simply assigning to struct fields.
Also convert byte swapping macros to inline functions for more type
safety.
References #1460
Except for the Windows, Emscripten, and Haiku backends we use C-style
comments markers and not double-slash. Get rid of a few inconsistent
// instances.
Note the doxygen code examples have // comments because they are inside
proper /* */ comments.
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
Ideally it should be a warning only for composite devices but it is
difficult to discern that case. The message is too invasive and
confusing for the non-composite case, so make it debug instead.
Follow-up of commit f9ae36bCloses#1394
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
- Fix typos.
- Use SuperSpeedPlus naming consistently.
- Remove C++ style comment in favor of C style.
Fixup of commit f00f06e9
References #1499Closes#1502
The second argument to open() is an int carrying flags (including
"access modes"). A third, optional argument has type mode_t, carrying
"file mode bits" for file permissions.
Also rename the variable to access_mode to make it more clear.
The type mismatch was caught by building with -Wconversion.
References #1497
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
Previously when getting the device list, a malformed device GUID would
be explicitly ignored and skipped, allowing the operation to complete. A
recent change to winusb_get_device_list() in commit fdab67b accidentally
changed this behaviour, so this scenario instead caused an early exit
with error code LIBUSB_ERROR_NO_MEM.
Closes#1475
No real change.
- rearrange elements to be initialized in the same order as they appear
in the struct declaration
- explicitly set values to NULL so that global searches for things like
`wrap_sys_device` easily reveal that the function is NULL on Darwin
Closes#1439
This function has different implementations on every OS, but for some,
like macOS, it was truncating from 64 to 32 bit by casting to int. So
increase its size from int to long.
(The function is currently only used for debug output.)
Closes#1423
The clang static analyzer doesn't see that the pointer will always be
non-NULL if the return value is success. Just assert this fact so that
it can see this, and then it won't warn:
Access to field 'can_enumerate' results in a dereference of a null
pointer (loaded from variable 'cached_device')
References #1414
Found thanks to a warning about implicit sign conversion.
The return value is the new reference count, not an IOReturn error code.
I'm not sure if this is copy paste, and the new ref count is
unimportant, so I just preserved the existing behaviour (but adjusted
the log message). The change only impacts debug logs anyway.
References #1414
- Sometimes just change a type to match where it's coming from
- Sometimes add an explicit cast (but only if it's guaranteed correct,
like a previous check that a signed value is positive before casting to
unsigned)
- For libusb_bulk_transfer() add an assert to be certain that the signed
return value is never negative.
Update API documentation to underline this fact.
Add similar assert in usbi_handle_transfer_completion().
- darwin: For parsing OS version, change scanf to use %u instead of %i
- xusb: Add additional range checks before casting
- xusb: Reverse some backwards count and size arguments to calloc, not
that it really matters
Closes#1414
This prevents concurrent access to the list by the event background
thread, which could still be processing a previous hotplug event and
having to modify the list.
Fixes#1366Fixes#1445Closes#1452
References #1406
Remove all parents with a single child remaining in parent tree.
This ensures that no parents of the direct parent of the device being
considered are left in the list, when appearing before their child(ren)
in the processing order of the context device list cleaning.
References #1452
References #1406
All checks are enabled except for those that cause any warning.
This is a starting point, some of the currently-suppressed warnings can
be fixed hereafter.
Closes#1434
Programs using the previous version may use the new version as drop-in
replacement, but programs using the new version may use APIs not present
in the previous one.
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
umockdev relies on the per-context log callbacks to do its checks
properly, and these are not called if ENABLE_DEBUG_LOGGING is defined
(configure --enable-debug-log).
Fixes#1449
Signed-off-by: Tormod Volden <debian.tormod@gmail.com>
