On 1 May 2018 at 04:35, Philippe Mathieu-Daudé <f4...@amsat.org> wrote:
> On 04/30/2018 10:49 AM, Edgar E. Iglesias wrote:
>> On Fri, Apr 27, 2018 at 12:55:21PM +0100, Peter Maydell wrote:
>>> On 13 February 2018 at 04:07, Philippe Mathieu-Daudé <f4...@amsat.org>
>>> wrote:
>>>> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
>>>> Reviewed-by: Alistair Francis <alistair.fran...@xilinx.com>
>>>
>>>> @@ -39,6 +45,7 @@ int sdbus_do_command(SDBus *sdbus, SDRequest *req,
>>>> uint8_t *response)
>>>> {
>>>> SDState *card = get_card(sdbus);
>>>>
>>>> + trace_sdbus_command(sdbus_name(sdbus), req->cmd, req->arg, req->crc);
>>>> if (card) {
>>>> SDCardClass *sc = SD_CARD_GET_CLASS(card);
>>>
>>> Hi -- as a result of this trace event being added, we now get
>>> warnings from Coverity that it might use uninitialized data
>>> (CID1386074, CID1390571, CID1386072, CID1386076). This is because not
>>> all of our SD
>>> controllers bother to initialize req->crc, because up til now
>>> nothing in the SD code looks at it. (I think at least bcm2835_sdhost.c
>>> sdhci.c and ssi-sd.c do this).
>
> I was pretty sure we ran Coverity before the stable release :|
> Maybe they added new 'uninitialized data' checks recently.
No, we didn't get a coverity run for a long time (a combination
of Scan being down and then requiring a new version of the local
build tools, which we didn't realize because the website didn't
give a useful error message for that case). So this most recent
run has brought up a pile of accumulated issues since about
mid-february.
thanks
-- PMM
