diff mbox series

[1/2] usb: rearrange usb_ep_get()

Message ID 1548859022-3969-2-git-send-email-liam.merwick@oracle.com (mailing list archive)
State New, archived
Headers show
Series USB static analysis patches | expand

Commit Message

Liam Merwick Jan. 30, 2019, 2:37 p.m. UTC
There is no need to calculate the 'eps' variable in usb_ep_get()
if 'ep' is the control endpoint.  Instead the calculation should
be done after validating the input and the resulting pointer also
validated before returning an entry indexed on the endpoint 'ep'.

Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
Reviewed-by: Darren Kenny <Darren.Kenny@oracle.com>
Reviewed-by: Mark Kanda <Mark.Kanda@oracle.com>
Reviewed-by: Ameya More <ameya.more@oracle.com>
---
 hw/usb/core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Gerd Hoffmann Jan. 31, 2019, 7:59 a.m. UTC | #1
On Wed, Jan 30, 2019 at 02:37:01PM +0000, Liam Merwick wrote:
> There is no need to calculate the 'eps' variable in usb_ep_get()
> if 'ep' is the control endpoint.  Instead the calculation should
> be done after validating the input and the resulting pointer also
> validated before returning an entry indexed on the endpoint 'ep'.
> 
> Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
> Reviewed-by: Darren Kenny <Darren.Kenny@oracle.com>
> Reviewed-by: Mark Kanda <Mark.Kanda@oracle.com>
> Reviewed-by: Ameya More <ameya.more@oracle.com>
> ---
>  hw/usb/core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/hw/usb/core.c b/hw/usb/core.c
> index 241ae66b1505..1aa0051b2b2d 100644
> --- a/hw/usb/core.c
> +++ b/hw/usb/core.c
> @@ -720,12 +720,13 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep)
>      if (dev == NULL) {
>          return NULL;
>      }
> -    eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
>      if (ep == 0) {
>          return &dev->ep_ctl;
>      }
>      assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT);
>      assert(ep > 0 && ep <= USB_MAX_ENDPOINTS);
> +    eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
> +    assert(eps != NULL);

That assert is rather pointless.  It's impossible for eps to be NULL at
this point.

cheers,
  Gerd
diff mbox series

Patch

diff --git a/hw/usb/core.c b/hw/usb/core.c
index 241ae66b1505..1aa0051b2b2d 100644
--- a/hw/usb/core.c
+++ b/hw/usb/core.c
@@ -720,12 +720,13 @@  struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid, int ep)
     if (dev == NULL) {
         return NULL;
     }
-    eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
     if (ep == 0) {
         return &dev->ep_ctl;
     }
     assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT);
     assert(ep > 0 && ep <= USB_MAX_ENDPOINTS);
+    eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
+    assert(eps != NULL);
     return eps + ep - 1;
 }