Re: [libusb] [Libusbx-devel] 3 warnings in git master from Xcode

[Nathan H. <hj...@me...>]

On Mar 21, 2014, at 12:44 PM, Nathan Hjelm <hj...@me...> wrote:



On Mar 21, 2014, at 11:49 AM, Sean McBride <se...@ro...> wrote:

On Tue, 21 Jan 2014 07:43:10 -0700, Nathan Hjelm said:

        >        > (2) os/darwin_usb.c:531:10: Implicit conversion loses integer
        >precision: 'size_t' (aka 'unsigned long') to 'int'
        >        > 
        >        > A cast would silence this, but actually I worry the last line of the
        >function is returning entirely the wrong thing. Shouldn't it return
        >'ret' not 'len'? The docs for 'get_config_descriptor' say 'Return 0 on
        >success or a LIBUSB_ERROR code on failure.'
        >        > 
        >        > 
        >        > (3) core.c:1163:7: Use of memory after it is freed
        >        > 
        >        > This could be a false positive as it's from the static analyzer. It's
        >code path dependant, and really you need the Xcode GUI to follow the
        >flow. Nathan, could you look?
        >
        >I will take a look at both 2 and 3 today.

Nathan,

Just wanted to ping you on these. Both issues still exist in master.
 
I can't get scan-build to give me the the first one but I do get the second one. The second one is an interesting flow and will take some thought to see if it identifies a real issue or not. clang assumes that the call to libusb_unref_device in discovered_devs_free will result in a call to free on a device that is being returned. I am not convinced that can ever be the case.
 
Hmm, looking closer there might be a race condition in here. In the case that we have hotplug the device could get released between the generation of the discovered devices array and the call to reference the device. If this is a race then the window is very small.

-Nathan