qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH for 2.10 15/35] usb: correctly handle Zero Lengt


From: Philippe Mathieu-Daudé
Subject: Re: [Qemu-devel] [PATCH for 2.10 15/35] usb: correctly handle Zero Length Packets
Date: Tue, 29 May 2018 11:22:46 -0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

On 07/24/2017 03:27 PM, Philippe Mathieu-Daudé wrote:
> USB Specification Revision 2.0, §5.5.3:
>   The Data stage of a control transfer from an endpoint to the host is 
> complete when the endpoint does one of the following:
>   • Has transferred exactly the amount of data specified during the Setup 
> stage
>   • Transfers a packet with a payload size less than wMaxPacketSize or 
> transfers a zero-length packet"
> 
> hw/usb/redirect.c:802:9: warning: Declared variable-length array (VLA) has 
> zero size
>         uint8_t buf[size];
>         ^~~~~~~~~~~ ~~~~
> 
> Reported-by: Clang Static Analyzer
> Signed-off-by: Philippe Mathieu-Daudé <address@hidden>
> ---
>  hw/usb/redirect.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
> index 5e42730449..5b7073d2cd 100644
> --- a/hw/usb/redirect.c
> +++ b/hw/usb/redirect.c
> @@ -795,7 +795,7 @@ static void usbredir_handle_bulk_data(USBRedirDevice 
> *dev, USBPacket *p,
>             usbredirparser_peer_has_cap(dev->parser,
>                                         usb_redir_cap_32bits_bulk_length));
>  
> -    if (ep & USB_DIR_IN) {
> +    if (ep & USB_DIR_IN || size == 0) {
>          usbredirparser_send_bulk_packet(dev->parser, p->id,
>                                          &bulk_packet, NULL, 0);
>      } else {
> 

Ping?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]