|
From: | Philippe Mathieu-Daudé |
Subject: | Re: [Qemu-devel] [PATCH for 2.10 16/35] usb/dev-mtp: fix use of uninitialized values |
Date: | Wed, 26 Jul 2017 20:23:55 -0300 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 |
On 07/25/2017 09:34 AM, Gerd Hoffmann wrote:
case CMD_GET_OBJECT_INFO:- o = usb_mtp_object_lookup(s, c->argv[0]); + if (c->argc > 0) { + o = usb_mtp_object_lookup(s, c->argv[0]); + }How about zero-initializing c->argv instead?
I checked the MTP specs rev. 1.1 and I understand the case argc == 0 fits in "Invalid Parameter" section (F.2.30, code 0x201d).
So the correct patch is to queue a RES_INVALID_PARAMETER result.I'll send another patch but since this require heavy testing this is probably 2.11 material now.
Regards, Phil.
[Prev in Thread] | Current Thread | [Next in Thread] |