Content-type: multipart/related; boundary="Boundary_(ID_nfUCpoN3RVwkjl88KDY//w)"; type="text/html" --Boundary_(ID_nfUCpoN3RVwkjl88KDY//w) Content-type: text/html; CHARSET=US-ASCII Content-transfer-encoding: quoted-printable


On Mar 21, 2014, at 12:44 PM, Nathan Hjelm <hjelmn@me.com&= gt; wrote:



On Mar 21, 2014, at 11:49 AM, Sean McBride <sean@rog= ue-research.com> wrote:

On Tue, 21 Jan 2014 07:43:10 -07= 00, Nathan Hjelm said:

       >   &nbs= p;    > (2) os/darwin_usb.c:531:10: Implicit conversion loses= integer
       >precision: 'size_t' (aka 'unsi= gned long') to 'int'
       >     &nb= sp;  >
       >       &= nbsp;> A cast would silence this, but actually I worry the last line of= the
       >function is returning entirely the= wrong thing. Shouldn't it return
       >'ret'= not 'len'? The docs for 'get_config_descriptor' say 'Return 0 on
&nbs= p;      >success or a LIBUSB_ERROR code on failure.'
=        >        >
&nbs= p;      >        >
  &n= bsp;    >        > (3) core.c:1163:7: = Use of memory after it is freed
       >  =      >
       >   &nbs= p;    > This could be a false positive as it's from the stati= c analyzer. It's
       >code path dependant, a= nd really you need the Xcode GUI to follow the
      &n= bsp;>flow. Nathan, could you look?
       ><= br>        >I will take a look at both 2 and 3 toda= y.

Nathan,

Just wanted to ping you on these. Both issues sti= ll exist in master.
 
I can't get scan-build to give me the the first one but I do = get the second one. The second one is an interesting flow and will take so= me thought to see if it identifies a real issue or not. clang assumes that= the call to libusb_unref_device in discovered_devs_free wil= l result in a call to free on a device that is being returned. I am not co= nvinced that can ever be the case.
 
Hmm, looking closer there might be a race= condition in here. In the case that we have hotplug the device could get = released between the generation of the discovered devices array and the ca= ll to reference the device. If this is a race then the window is very smal= l.

-Nathan
= --Boundary_(ID_nfUCpoN3RVwkjl88KDY//w)--