From 3e874361f193d7ce9dec3971fd1d4923fea1a9a5 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Tue, 14 Feb 2017 09:49:24 +0100 Subject: [PATCH] am7xxx: make sure am7xxx_get_device_info() always returns sensible values am7xxx_get_device_info() was not covering the case of a non-NULL output parameter on the very first invocation, this case would not usually happen in normal operation, but the problem was there: in that case the output device_info structure would have contained garbage, as spotted by the static analyzer: .../src/am7xxx.c:1279:21: warning: The right operand of '<=' is a garbage value original_width <= device_info.native_width && ^ ~~~~~~~~~~~~~~~~~~~~~~~~ .../src/am7xxx.c:1288:39: warning: The right operand of '/' is a garbage value width_ratio = (float)original_width / device_info.native_width; ^ ~~~~~~~~~~~~~~~~~~~~~~~~ While at it also fix the symmetric case of a NULL output parameter on subsequent invocation: check that the output argument is non-NULL before memcpy-ing to it. --- src/am7xxx.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/am7xxx.c b/src/am7xxx.c index 2d7b890..512cf6f 100644 --- a/src/am7xxx.c +++ b/src/am7xxx.c @@ -1213,10 +1213,9 @@ AM7XXX_PUBLIC int am7xxx_get_device_info(am7xxx_device *dev, int ret; struct am7xxx_header h; - if (dev->device_info) { - memcpy(device_info, dev->device_info, sizeof(*device_info)); - return 0; - } + /* if there is a cached copy of the device info, just return that */ + if (dev->device_info) + goto return_value; ret = send_command(dev, AM7XXX_PACKET_TYPE_DEVINFO); if (ret < 0) @@ -1250,6 +1249,9 @@ AM7XXX_PUBLIC int am7xxx_get_device_info(am7xxx_device *dev, dev->device_info->unknown1 = h.header_data.devinfo.unknown1; #endif +return_value: + if (device_info) + memcpy(device_info, dev->device_info, sizeof(*device_info)); return 0; } -- 2.1.4