gerrit | 20 Dec 15:53 2014

Remove useless assignment of 'len'

commit 29ffa832fec4a2123c10730ee6f3d6fc08e39de0
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 15:52:35 2014 +0100

    Remove useless assignment of 'len'

    The variable 'len' is not used after this statement.
    Probably a copy'n'paste leftover from the similar
    looking block above.

    cppcheck reported:
    [rockbox/utils/zenutils/source/shared/cenc.cpp:212]: (style) Same expression on both sides of '-'.

    Change-Id: Ia8357187ed39d3fab10d97df75a1146c4f733790

diff --git a/utils/zenutils/source/shared/cenc.cpp b/utils/zenutils/source/shared/cenc.cpp
index 929a59b..c40c863 100644
--- a/utils/zenutils/source/shared/cenc.cpp
+++ b/utils/zenutils/source/shared/cenc.cpp
 <at>  <at>  -209,7 +209,6  <at>  <at>  int encode_run(byte* dst, int& dstidx, byte val, int len, int dstlen)
             int tmp = encode_run(dst, dstidx, val, len, dstlen);
             if (!tmp) return 0;
             ret += tmp;
-            len -= len;
         }
     }

_______________________________________________
rockbox-cvs mailing list
rockbox-cvs <at> cool.haxx.se
(Continue reading)

gerrit | 20 Dec 15:33 2014

sb1: fix buggy comparison

commit 515a07e51dbb6bc0d7a3bdb5ee8e687367127dad
Author: Amaury Pouly <amaury.pouly <at> gmail.com>
Date:   Sat Dec 20 15:31:18 2014 +0100

    sb1: fix buggy comparison

    cppcheck reported:
    [rockbox/utils/imxtools/sbtools/sb1.c:440]: (warning) Comparison of a boolean expression with an
integer other than 0 or 1.

    Thanks to Thomas Jarosch

    Change-Id: I0078232706d4014a1f2acea310a7a0d0edf7788b

diff --git a/utils/imxtools/sbtools/sb1.c b/utils/imxtools/sbtools/sb1.c
index 6bc4dd8..f252ded 100644
--- a/utils/imxtools/sbtools/sb1.c
+++ b/utils/imxtools/sbtools/sb1.c
 <at>  <at>  -437,7 +437,7  <at>  <at>  struct sb1_file_t *sb1_read_memory(void *_buf, size_t filesize, void *u,

     for(int i = 0; i < g_nr_keys; i++)
     {
-        if(!g_key_array[i].method == CRYPTO_XOR_KEY)
+        if(g_key_array[i].method != CRYPTO_XOR_KEY)
             continue;
         /* copy key and data because it's modified by the crypto code */
         memcpy(key, g_key_array[i].u.xor_key, sizeof(key));
_______________________________________________
rockbox-cvs mailing list
rockbox-cvs <at> cool.haxx.se
(Continue reading)

gerrit | 20 Dec 15:19 2014

mkzenboot: Fix double close of bootfd on error

commit 61e322c840e9ca434b24dcd27b5d576a4bf03a40
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 15:18:46 2014 +0100

    mkzenboot: Fix double close of bootfd on error

    cppcheck reported:
    [rockbox/tools/mkzenboot.c:1176]: (error) Used file that is not opened.

    Change-Id: Ibbf7ab2910c7f43b547fef25c62e0b4d19ff9551

diff --git a/tools/mkzenboot.c b/tools/mkzenboot.c
index 1ee9952..b345c0f 100644
--- a/tools/mkzenboot.c
+++ b/tools/mkzenboot.c
 <at>  <at>  -1173,7 +1173,6  <at>  <at>  int mkboot(const char* infile, const char* bootfile, const char* outfile, struct
     if(fwrite(&out_buffer[i+8+le2int(&out_buffer[i+4])],
ciff_size-i-8-le2int(&out_buffer[i+4]), 1, outfd) != 1)
     {
         log_message("[ERR]  Short write\n");
-        fclose(bootfd);
         fclose(outfd);
         free(out_buffer);
         return -28;
_______________________________________________
rockbox-cvs mailing list
rockbox-cvs <at> cool.haxx.se
http://cool.haxx.se/cgi-bin/mailman/listinfo/rockbox-cvs
gerrit | 20 Dec 15:05 2014

DX 50: Fix file descriptor leak on error

commit 1eb1bc24f2debaaaef31db2872c800bd4d98fcf4
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 14:59:19 2014 +0100

    DX 50: Fix file descriptor leak on error

    Unimportant change, still good style.

    cppcheck reported:
    [rockbox/firmware/target/hosted/android/dx50/button-dx50.c:92]: (error) Resource leak: fd
    [rockbox/firmware/target/hosted/android/dx50/button-dx50.c:98]: (error) Resource leak: fd

    Change-Id: Ic1831382219c44e7bef71cb2391646c9910d2369

diff --git a/firmware/target/hosted/android/dx50/button-dx50.c b/firmware/target/hosted/android/dx50/button-dx50.c
index 5ab58ce..250b448 100644
--- a/firmware/target/hosted/android/dx50/button-dx50.c
+++ b/firmware/target/hosted/android/dx50/button-dx50.c
 <at>  <at>  -89,12 +89,14  <at>  <at>  static int open_device(const char *device, int print_flags)
     new_ufds = realloc(ufds, sizeof(ufds[0]) * (nfds + 1));
     if(new_ufds == NULL) {
         fprintf(stderr, "out of memory\n");
+        close(fd);
         return -1;
     }
     ufds = new_ufds;
     new_device_names = realloc(device_names, sizeof(device_names[0]) * (nfds + 1));
     if(new_device_names == NULL) {
         fprintf(stderr, "out of memory\n");
+        close(fd);
(Continue reading)

gerrit | 20 Dec 14:52 2014

mini2440: Fix bogus buffer access in LCD backlight driver

commit 575ec8902e61ea82bbe8639c1f5a29997b88dd8c
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 14:47:09 2014 +0100

    mini2440: Fix bogus buffer access in LCD backlight driver

    The backlight driver always writes a bogus value
    from memory into the LCD brightness register.

    Fix it up by adding bounds checks and
    use a more sane default value.

    While looking at the code, I noticed
    that BACKLIGHT_CONTROL_SET probably ignores
    the desired brightness level, too.

    Note: Please test on real hardware, I don't own it.

    cppcheck reported:
    [rockbox/firmware/target/arm/s3c2440/mini2440/backlight-mini2440.c:53]: (error) Array
'log_brightness[13]' accessed at index 255, which is out of bounds.

    Change-Id: Iaafa929a8adaa97b93ebcb66e1f6bd3bf0dad84e

diff --git a/firmware/target/arm/s3c2440/mini2440/backlight-mini2440.c b/firmware/target/arm/s3c2440/mini2440/backlight-mini2440.c
index a9e003b..b39bfc4 100644
--- a/firmware/target/arm/s3c2440/mini2440/backlight-mini2440.c
+++ b/firmware/target/arm/s3c2440/mini2440/backlight-mini2440.c
 <at>  <at>  -48,6 +48,11  <at>  <at>  static unsigned char backlight_target;
 /* Assumes that the backlight has been initialized */
(Continue reading)

gerrit | 20 Dec 14:15 2014

vibe 500: Fix ide_powered() always returning false

commit d62e1b3c5ff513fb69e784cbfb59dad1cc67899b
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 13:57:54 2014 +0100

    vibe 500: Fix ide_powered() always returning false

    While the right GPIO location is accessed,
    the result of the logical AND was tested wrong.

    I don't have this hardware, but I can imagine
    that bug caused ide_power_enable() to be called
    more times than it needed to be.

    cppcheck reported:
    [rockbox/firmware/target/arm/pbell/vibe500/power-vibe500.c:101]: (style) Expression '(X & 0x8)
== 0x1' is always false.

    Change-Id: I98498f79d383c6f29869e170bfc94ba9a0d2ba7e

diff --git a/firmware/target/arm/pbell/vibe500/power-vibe500.c b/firmware/target/arm/pbell/vibe500/power-vibe500.c
index e062ebd..6237f7e 100644
--- a/firmware/target/arm/pbell/vibe500/power-vibe500.c
+++ b/firmware/target/arm/pbell/vibe500/power-vibe500.c
 <at>  <at>  -98,7 +98,7  <at>  <at>  void ide_power_enable(bool on)

 bool ide_powered(void)
 {
-    return ((GPIOC_INPUT_VAL & 0x08) == 1);
+    return ((GPIOC_INPUT_VAL & 0x08) != 0);
 }
(Continue reading)

gerrit | 20 Dec 13:59 2014

Add missing va_end() call when the log is full

commit ef1497c3dfca2dacdf6f96d97009fe388f726f4b
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 13:47:28 2014 +0100

    Add missing va_end() call when the log is full

    No need to go out of memory, too ;)

    cppcheck reported:
    [rockbox/firmware/logf.c:338]: (error) va_list 'ap' was opened but not closed by va_end().

    Change-Id: I00e4c04d7e3d5d1415aa5066487ce1d9209e53aa

diff --git a/firmware/logf.c b/firmware/logf.c
index ade5458..2fdbfa0 100644
--- a/firmware/logf.c
+++ b/firmware/logf.c
 <at>  <at>  -335,6 +335,7  <at>  <at>  void _logdiskf(const char* file, const char level, const char *fmt, ...)
     {
         strcpy(&logdiskfbuffer[logdiskfindex-8], "LOGFULL");
         logdiskfindex=MAX_LOGDISKF_SIZE;
+        va_end(ap);
         return;
     }

_______________________________________________
rockbox-cvs mailing list
rockbox-cvs <at> cool.haxx.se
http://cool.haxx.se/cgi-bin/mailman/listinfo/rockbox-cvs
(Continue reading)

gerrit | 20 Dec 13:41 2014

Prevent theoretical out-of-bounds access in STM_Load()

commit c54537a6639bc9ea495fac5e9ecb3ee7a699b484
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 13:37:40 2014 +0100

    Prevent theoretical out-of-bounds access in STM_Load()

    We should be safe since STM_Load() should
    never be called if STM_Test() fails.
    Still it's better safe than sorry.

    cppcheck reported:
    [rockbox/apps/plugins/mikmod/load_stm.c:302]: (error) Array 'STM_Version[3]' accessed at index 3,
which is out of bounds.

    Change-Id: I914935fd108c492d013de24d17dcb9c227af6cd8

diff --git a/apps/plugins/mikmod/load_stm.c b/apps/plugins/mikmod/load_stm.c
index b2537ab..994b0e5 100644
--- a/apps/plugins/mikmod/load_stm.c
+++ b/apps/plugins/mikmod/load_stm.c
 <at>  <at>  -299,6 +299,8  <at>  <at>  static int STM_Load(int curious)
 	/* set module variables */
 	for(t=0;t<STM_NTRACKERS;t++)
 		if(!memcmp(mh->trackername,STM_Signatures[t],8)) break;
+	if(t == STM_NTRACKERS)
+		return 0;
 	of.modtype   = StrDup(STM_Version[t]);
 	of.songname  = DupStr(mh->songname,20,1); /* make a cstr of songname */
 	of.numpat    = mh->numpat;
_______________________________________________
(Continue reading)

gerrit | 20 Dec 13:15 2014

m3u playlist parser: Check size limit before using buffer

commit f8d9e9cb6c4cbec8a611f871de006608ad7a1dbd
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 13:09:22 2014 +0100

    m3u playlist parser: Check size limit before using buffer

    This should only be a problem if the last line
    is not terminated by \r or \n though.

    cppcheck reported:
    [rockbox/apps/playlist.c:234]: (style) Array index 'i' is used before limits check.

    Change-Id: I8182b66272ba9c024984c81588bd2a6dbb8255b8

diff --git a/apps/playlist.c b/apps/playlist.c
index db93344..173d445 100644
--- a/apps/playlist.c
+++ b/apps/playlist.c
 <at>  <at>  -231,7 +231,7  <at>  <at>  static int convert_m3u(char* buf, int buf_len, int buf_max, char* temp)
     char* dest;

     /* Locate EOL. */
-    while ((buf[i] != '\n') && (buf[i] != '\r') && (i < buf_len))
+    while ((i < buf_len) && (buf[i] != '\n') && (buf[i] != '\r'))
     {
         i++;
     }
_______________________________________________
rockbox-cvs mailing list
rockbox-cvs <at> cool.haxx.se
(Continue reading)

gerrit | 20 Dec 13:01 2014

text_viewer plugin: Fix two out-of-bounds buffer accesses

commit 2caf8870afd844c1368d21b98b3d1e4c0ee8bf10
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 12:55:20 2014 +0100

    text_viewer plugin: Fix two out-of-bounds buffer accesses

    Test code:
    --------------
    int main(void)
    {
        static unsigned short extra_spaces[] = { 0, 0x3000 };
        return sizeof(extra_spaces);
    }
    --------------

    -> returns four instead of two.

    cppcheck reported:
    [rockbox/apps/plugins/text_viewer/tv_text_processor.c:180]: (error) Array 'break_chars[27]' acces
    sed at index 53, which is out of bounds.
    [rockbox/apps/plugins/text_viewer/tv_text_processor.c:195]: (error) Array 'extra_spaces[2]' acces
    sed at index 3, which is out of bounds.

    Change-Id: I66c305cc5c99e59e7c8e0aa9c86cecbe293ff037

diff --git a/apps/plugins/text_viewer/tv_text_processor.c b/apps/plugins/text_viewer/tv_text_processor.c
index d027a9a..fa644d7 100644
--- a/apps/plugins/text_viewer/tv_text_processor.c
+++ b/apps/plugins/text_viewer/tv_text_processor.c
 <at>  <at>  -175,7 +175,7  <at>  <at>  static bool tv_is_line_break_char(unsigned short ch)
(Continue reading)

gerrit | 20 Dec 12:35 2014

Fix broken buflib_handle check in backdrop settings loader

commit 1ff5fd4d6b8d954b4a110c1c97a2e917c9e31055
Author: Thomas Jarosch <tomj <at> simonv.com>
Date:   Sat Dec 20 12:27:38 2014 +0100

    Fix broken buflib_handle check in backdrop settings loader

    The logic was messed up and always evaluated to true
    if buflib_handle is non-zero.

    Thanks to JdGordon for verifying the change.

    cppcheck reported:
    [rockbox/apps/gui/skin_engine/skin_backdrops.c:262]: (warning) Comparison of a boolean
expression with an integer other than 0 or 1.

    Change-Id: Ib52a73e0a6a2017a631e2dec19b638a2974dab83

diff --git a/apps/gui/skin_engine/skin_backdrops.c b/apps/gui/skin_engine/skin_backdrops.c
index 8962b51..243fc30 100644
--- a/apps/gui/skin_engine/skin_backdrops.c
+++ b/apps/gui/skin_engine/skin_backdrops.c
 <at>  <at>  -259,7 +259,7  <at>  <at>  void skin_backdrop_load_setting(void)
             if (global_settings.backdrop_file[0] &&
                 global_settings.backdrop_file[0] != '-')
             {
-                if (!backdrops[i].buflib_handle <= 0)
+                if (backdrops[i].buflib_handle <= 0)
                 {
                     backdrops[i].buflib_handle =
                             core_alloc_ex(global_settings.backdrop_file,
(Continue reading)


Gmane