xemu-project/xemu
1
0
Fork 0
mirror of https://github.com/xemu-project/xemu.git synced 2024-11-23 19:49:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bt: fix use of uninitialized variable seqlen

Browse Source 
sdp_svc_match, sdp_attr_match and sdp_svc_attr_match read the last
argument.  The only sensible way to change the code is to make that last
argument "len" instead of "seqlen" which is the length of a subsequence
in the previous "if" branch.

To make the structure of the code clearer, use "else" instead of
"else if".

Reported by Coverity.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This commit is contained in:
Paolo Bonzini 2015-10-19 16:08:40 +02:00 committed by Michael Tokarev
parent 1a13b27273
commit 374ec0669a
1 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
hw/bt/sdp.c
View File

@ -150,12 +150,14 @@ static ssize_t sdp_svc_search(struct bt_l2cap_sdp_state_s *sdp,
if (seqlen < 3 || len < seqlen)
return -SDP_INVALID_SYNTAX;
len -= seqlen;
while (seqlen)
if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else {
if (sdp_svc_match(sdp, &req, &len)) {
return -SDP_INVALID_SYNTAX;
}
}
if (len < 3)
return -SDP_INVALID_SYNTAX;
@ -278,8 +280,11 @@ static ssize_t sdp_attr_get(struct bt_l2cap_sdp_state_s *sdp,
while (seqlen)
if (sdp_attr_match(record, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else if (sdp_attr_match(record, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else {
if (sdp_attr_match(record, &req, &len)) {
return -SDP_INVALID_SYNTAX;
}
}
if (len < 1)
return -SDP_INVALID_SYNTAX;
@ -393,8 +398,11 @@ static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp,
while (seqlen)
if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else if (sdp_svc_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else {
if (sdp_svc_match(sdp, &req, &len)) {
return -SDP_INVALID_SYNTAX;
}
}
if (len < 3)
return -SDP_INVALID_SYNTAX;
@ -413,8 +421,11 @@ static ssize_t sdp_svc_search_attr_get(struct bt_l2cap_sdp_state_s *sdp,
while (seqlen)
if (sdp_svc_attr_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else if (sdp_svc_attr_match(sdp, &req, &seqlen))
return -SDP_INVALID_SYNTAX;
} else {
if (sdp_svc_attr_match(sdp, &req, &len)) {
return -SDP_INVALID_SYNTAX;
}
}
if (len < 1)
return -SDP_INVALID_SYNTAX;