Even if there isn't, the standard guarantees that those two constructs
are identical. Any elements that don't have initializer values get zeroed.

In other places (see line 2156), the code assumes that the structure
contains tv_sec and tv_usec, so there must be at least two elements.
Thus, your change is safe, although superfluous.

Nope. struct timeval is POSIX (http://pubs.opengroup.org/onlinepubs/7999959899/basedefs/sys/time.h.html) and always has exactly 2 members.
I will take a look at both 2 and 3 today.


-Nathan

On Jan 21, 2014, at 10:30 AM, Tim Roberts <***@probo.com> wrote:

Nathan Hjelm wrote:
On Jan 20, 2014, at 4:56 PM, Tim Roberts <***@probo.com> wrote:

Even if there isn't, the standard guarantees that those two constructs
are identical. Any elements that don't have initializer values get zeroed.
Not quite. This is true for global/static variables. Anything allocated on the stack that is not explicitly initialized gets whatever was on already the stack.

Sorry, but this is incorrect.  What you say is true if I omit the initializer list completely.  But if I provide a PARTIAL initializer list, then the rest of the structure is zeroed, regardless of the storage class.

C99 Standard 6.7.8.21
If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, or fewer characters in a string literal used to initialize an array of known size than there are elements in the array, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.
 

Ah. Ok. Wasn't aware of that case. The code is question is ISO C89 to support MSVC. Do you know if the C89 standard also guarantees the rest of the struct is zeroed?

-Nathan

On Mar 21, 2014, at 11:49 AM, Sean McBride <***@rogue-research.com> wrote:

On Tue, 21 Jan 2014 07:43:10 -0700, Nathan Hjelm said:

       >        > (2) os/darwin_usb.c:531:10: Implicit conversion loses integer
       >precision: 'size_t' (aka 'unsigned long') to 'int'
       >        >
       >        > A cast would silence this, but actually I worry the last line of the
       >function is returning entirely the wrong thing. Shouldn't it return
       >'ret' not 'len'? The docs for 'get_config_descriptor' say 'Return 0 on
       >success or a LIBUSB_ERROR code on failure.'
       >        >
       >        >
       >        > (3) core.c:1163:7: Use of memory after it is freed
       >        >
       >        > This could be a false positive as it's from the static analyzer. It's
       >code path dependant, and really you need the Xcode GUI to follow the
       >flow. Nathan, could you look?
       >
       >I will take a look at both 2 and 3 today.

Nathan,

Just wanted to ping you on these. Both issues still exist in master.
 
I can't get scan-build to give me the the first one but I do get the second one. The second one is an interesting flow and will take some thought to see if it identifies a real issue or not. clang assumes that the call to libusb_unref_device in discovered_devs_free will result in a call to free on a device that is being returned. I am not convinced that can ever be the case.

-Nathan

On Mar 21, 2014, at 12:44 PM, Nathan Hjelm <***@me.com> wrote:



On Mar 21, 2014, at 11:49 AM, Sean McBride <***@rogue-research.com> wrote:

On Tue, 21 Jan 2014 07:43:10 -0700, Nathan Hjelm said:

       >        > (2) os/darwin_usb.c:531:10: Implicit conversion loses integer
       >precision: 'size_t' (aka 'unsigned long') to 'int'
       >        >
       >        > A cast would silence this, but actually I worry the last line of the
       >function is returning entirely the wrong thing. Shouldn't it return
       >'ret' not 'len'? The docs for 'get_config_descriptor' say 'Return 0 on
       >success or a LIBUSB_ERROR code on failure.'
       >        >
       >        >
       >        > (3) core.c:1163:7: Use of memory after it is freed
       >        >
       >        > This could be a false positive as it's from the static analyzer. It's
       >code path dependant, and really you need the Xcode GUI to follow the
       >flow. Nathan, could you look?
       >
       >I will take a look at both 2 and 3 today.

Nathan,

Just wanted to ping you on these. Both issues still exist in master.
 
I can't get scan-build to give me the the first one but I do get the second one. The second one is an interesting flow and will take some thought to see if it identifies a real issue or not. clang assumes that the call to libusb_unref_device in discovered_devs_free will result in a call to free on a device that is being returned. I am not convinced that can ever be the case.
 
Hmm, looking closer there might be a race condition in here. In the case that we have hotplug the device could get released between the generation of the discovered devices array and the call to reference the device. If this is a race then the window is very small.

-Nathan

On Mar 21, 2014, at 12:50 PM, Sean McBride <***@rogue-research.com> wrote:

On Fri, 21 Mar 2014 18:44:01 +0000, Nathan Hjelm said:

       >I can't get scan-build to give me the the first one

It's a compiler warning, not a static analyzer warning. I get it just building with Xcode 5.0.2. Again, I think last line of the function is returning entirely the wrong thing. Shouldn't it return 'ret' not 'len'? The docs for 'get_config_descriptor' say 'Return 0 on success or a LIBUSB_ERROR code on failure.'
 
We should probably update the documentation for the internal call. Both the darwin and linux backends return the length actually read. The code calling get_config_descriptor also assumes the returned value is the length. I will push an update to the documentation and fix the warning.


       >but I do get the
       >second one. The second one is an interesting flow and will take some
       >thought to see if it identifies a real issue or not.

Agreed, it's not at all clear to me either. The analyzer sometimes catches amazing things and sometimes is amazingly wrong. Thanks for looking into it.
 
No problem. I hope to have a determination on whether this is a bug later today.

-Nathan