On Wed, Jan 30, 2019 at 02:37:01PM +, Liam Merwick wrote:
> There is no need to calculate the 'eps' variable in usb_ep_get()
> if 'ep' is the control endpoint. Instead the calculation should
> be done after validating the input and the resulting pointer also
> validated before returning an entry indexed on the endpoint 'ep'.
>
> Signed-off-by: Liam Merwick
> Reviewed-by: Darren Kenny
> Reviewed-by: Mark Kanda
> Reviewed-by: Ameya More
> ---
> hw/usb/core.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/hw/usb/core.c b/hw/usb/core.c
> index 241ae66b1505..1aa0051b2b2d 100644
> --- a/hw/usb/core.c
> +++ b/hw/usb/core.c
> @@ -720,12 +720,13 @@ struct USBEndpoint *usb_ep_get(USBDevice *dev, int pid,
> int ep)
> if (dev == NULL) {
> return NULL;
> }
> -eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
> if (ep == 0) {
> return >ep_ctl;
> }
> assert(pid == USB_TOKEN_IN || pid == USB_TOKEN_OUT);
> assert(ep > 0 && ep <= USB_MAX_ENDPOINTS);
> +eps = (pid == USB_TOKEN_IN) ? dev->ep_in : dev->ep_out;
> +assert(eps != NULL);
That assert is rather pointless. It's impossible for eps to be NULL at
this point.
cheers,
Gerd