clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name usbhid.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/usr.bin/usbhidctl/obj -resource-dir /usr/local/llvm16/lib/clang/16 -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/usr.bin/usbhidctl/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/usr.bin/usbhidctl/usbhid.c
1 | |
2 | |
3 | |
4 | |
5 | |
6 | |
7 | |
8 | |
9 | |
10 | |
11 | |
12 | |
13 | |
14 | |
15 | |
16 | |
17 | |
18 | |
19 | |
20 | |
21 | |
22 | |
23 | |
24 | |
25 | |
26 | |
27 | |
28 | |
29 | |
30 | |
31 | |
32 | |
33 | #include <sys/types.h> |
34 | |
35 | #include <dev/usb/usb.h> |
36 | #include <dev/usb/usbhid.h> |
37 | |
38 | #include <ctype.h> |
39 | #include <err.h> |
40 | #include <errno.h> |
41 | #include <fcntl.h> |
42 | #include <limits.h> |
43 | #include <stdio.h> |
44 | #include <stdlib.h> |
45 | #include <string.h> |
46 | #include <unistd.h> |
47 | #include <usbhid.h> |
48 | |
49 | |
50 | |
51 | |
52 | |
53 | unsigned int verbose; |
54 | |
55 | |
56 | #define DELIM_USAGE '.' |
57 | #define DELIM_PAGE ':' |
58 | #define DELIM_SET '=' |
59 | |
60 | static int reportid; |
61 | |
62 | struct Susbvar { |
63 | |
64 | char const *variable; |
65 | size_t varlen; |
66 | |
67 | char const *value; |
68 | |
69 | #define MATCH_ALL (1 << 0) |
70 | #define MATCH_COLLECTIONS (1 << 1) |
71 | #define MATCH_NODATA (1 << 2) |
72 | #define MATCH_CONSTANTS (1 << 3) |
73 | #define MATCH_WASMATCHED (1 << 4) |
74 | #define MATCH_SHOWPAGENAME (1 << 5) |
75 | #define MATCH_SHOWNUMERIC (1 << 6) |
76 | #define MATCH_WRITABLE (1 << 7) |
77 | #define MATCH_SHOWVALUES (1 << 8) |
78 | unsigned int mflags; |
79 | |
80 | |
81 | ssize_t matchindex; |
82 | |
83 | int (*opfunc)(struct hid_item *item, struct Susbvar *var, |
84 | u_int32_t const *collist, size_t collen, u_char *buf); |
85 | }; |
86 | |
87 | struct Sreport { |
88 | struct usb_ctl_report *buffer; |
89 | |
90 | enum {srs_uninit, srs_clean, srs_dirty} status; |
91 | int report_id; |
92 | size_t size; |
93 | }; |
94 | |
95 | static struct { |
96 | int uhid_report; |
97 | hid_kind_t hid_kind; |
98 | char const *name; |
99 | } const reptoparam[] = { |
100 | #define REPORT_INPUT 0 |
101 | { UHID_INPUT_REPORT, hid_input, "input" }, |
102 | #define REPORT_OUTPUT 1 |
103 | { UHID_OUTPUT_REPORT, hid_output, "output" }, |
104 | #define REPORT_FEATURE 2 |
105 | { UHID_FEATURE_REPORT, hid_feature, "feature" } |
106 | #define REPORT_MAXVAL 2 |
107 | }; |
108 | |
109 | |
110 | |
111 | |
112 | |
113 | static int |
114 | strtousage(const char *nptr, size_t nlen) |
115 | { |
116 | char *endptr; |
117 | long result; |
118 | char numstr[16]; |
119 | |
120 | if (nlen >= sizeof(numstr) || !isdigit((unsigned char)*nptr)) |
121 | return -1; |
122 | |
123 | |
124 | |
125 | |
126 | |
127 | |
128 | memcpy(numstr, nptr, nlen); |
129 | numstr[nlen] = '\0'; |
130 | |
131 | result = strtol(numstr, &endptr, 0); |
132 | |
133 | if (result < 0 || result > 0xffff || endptr != &numstr[nlen]) |
134 | return -1; |
135 | |
136 | return result; |
137 | } |
138 | |
139 | struct usagedata { |
140 | char const *page_name; |
141 | char const *usage_name; |
142 | size_t page_len; |
143 | size_t usage_len; |
144 | int isfinal; |
145 | u_int32_t usage_id; |
146 | }; |
147 | |
148 | |
149 | |
150 | |
151 | |
152 | static int |
153 | hidtestrule(struct Susbvar *var, struct usagedata *cache) |
154 | { |
155 | char const *varname; |
156 | ssize_t matchindex, pagesplit; |
157 | size_t strind, varlen; |
158 | int numusage; |
159 | u_int32_t usage_id; |
160 | |
161 | matchindex = var->matchindex; |
162 | varname = var->variable; |
163 | varlen = var->varlen; |
164 | |
165 | usage_id = cache->usage_id; |
166 | |
167 | |
168 | |
169 | |
170 | |
171 | |
172 | pagesplit = -1; |
173 | for (strind = matchindex; strind < varlen; strind++) { |
174 | if (varname[strind] == DELIM_USAGE) |
175 | break; |
176 | if (varname[strind] == DELIM_PAGE) |
177 | pagesplit = strind; |
178 | } |
179 | |
180 | if (cache->isfinal && strind != varlen) |
181 | |
182 | |
183 | |
184 | |
185 | return -1; |
186 | |
187 | if (pagesplit >= 0) { |
188 | |
189 | |
190 | |
191 | |
192 | char const *strstart; |
193 | int numpage; |
194 | |
195 | strstart = &varname[matchindex]; |
196 | |
197 | numpage = strtousage(strstart, pagesplit - matchindex); |
198 | |
199 | if (numpage >= 0) { |
200 | |
201 | |
202 | if (numpage != HID_PAGE(usage_id)) |
203 | |
204 | return -1; |
205 | } else { |
206 | |
207 | |
208 | |
209 | |
210 | |
211 | |
212 | |
213 | if (cache->page_name == NULL) { |
214 | cache->page_name = hid_usage_page(HID_PAGE(usage_id)); |
215 | cache->page_len = strlen(cache->page_name); |
216 | } |
217 | |
218 | |
219 | |
220 | |
221 | |
222 | if (cache->page_len != |
223 | (size_t)(pagesplit - matchindex) || |
224 | memcmp(cache->page_name, |
225 | &varname[matchindex], |
226 | cache->page_len) != 0) |
227 | |
228 | return -1; |
229 | } |
230 | |
231 | |
232 | matchindex = pagesplit + 1; |
233 | } |
234 | |
235 | numusage = strtousage(&varname[matchindex], strind - matchindex); |
236 | |
237 | if (numusage >= 0) { |
238 | |
239 | |
240 | if (numusage != HID_USAGE(usage_id)) |
241 | |
242 | return -1; |
243 | } else { |
244 | |
245 | |
246 | |
247 | if (cache->usage_name == NULL) { |
248 | cache->usage_name = hid_usage_in_page(usage_id); |
249 | cache->usage_len = strlen(cache->usage_name); |
250 | } |
251 | |
252 | |
253 | |
254 | |
255 | if (cache->usage_len != (size_t)(strind - matchindex) || |
256 | memcmp(cache->usage_name, &varname[matchindex], |
257 | cache->usage_len) != 0) |
258 | |
259 | return -1; |
260 | } |
261 | |
262 | if (cache->isfinal) |
263 | |
264 | return 1; |
265 | |
266 | |
267 | |
268 | |
269 | |
270 | var->matchindex = strind + 1; |
271 | |
272 | return 0; |
273 | } |
274 | |
275 | |
276 | |
277 | |
278 | |
279 | |
280 | |
281 | static struct Susbvar* |
282 | hidmatch(u_int32_t const *collist, size_t collen, struct hid_item *item, |
283 | struct Susbvar *varlist, size_t vlsize) |
284 | { |
285 | size_t colind, vlactive, vlind; |
286 | int iscollection; |
287 | |
288 | |
289 | |
290 | |
291 | |
292 | |
293 | vlactive = vlsize; |
294 | |
295 | iscollection = item->kind == hid_collection || |
296 | item->kind == hid_endcollection; |
297 | |
298 | for (vlind = 0; vlind < vlsize; vlind++) { |
299 | struct Susbvar *var; |
300 | |
301 | var = &varlist[vlind]; |
302 | |
303 | var->matchindex = 0; |
304 | |
305 | if (!(var->mflags & MATCH_COLLECTIONS) && iscollection) { |
306 | |
307 | var->matchindex = -1; |
308 | vlactive--; |
309 | } else if (!iscollection && !(var->mflags & MATCH_CONSTANTS) && |
310 | (item->flags & HIO_CONST)) { |
311 | |
312 | |
313 | |
314 | |
315 | var->matchindex = -1; |
316 | vlactive--; |
317 | } else if ((var->mflags & MATCH_WRITABLE) && |
318 | ((item->kind != hid_output && |
319 | item->kind != hid_feature) || |
320 | (item->flags & HIO_CONST))) { |
321 | |
322 | |
323 | |
324 | |
325 | |
326 | var->matchindex = -1; |
327 | vlactive--; |
328 | } else if (var->mflags & MATCH_ALL) { |
329 | |
330 | return &varlist[vlind]; |
331 | } |
332 | } |
333 | |
334 | |
335 | |
336 | |
337 | |
338 | |
339 | |
340 | for (colind = 0; vlactive > 0 && colind <= collen; colind++) { |
341 | struct usagedata cache; |
342 | |
343 | cache.isfinal = (colind == collen); |
344 | if (cache.isfinal) |
345 | cache.usage_id = item->usage; |
346 | else |
347 | cache.usage_id = collist[colind]; |
348 | |
349 | cache.usage_name = NULL; |
350 | cache.page_name = NULL; |
351 | |
352 | |
353 | |
354 | |
355 | |
356 | |
357 | |
358 | |
359 | for (vlind = 0; vlind < vlsize; vlind++) { |
360 | struct Susbvar *var; |
361 | int matchres; |
362 | |
363 | var = &varlist[vlind]; |
364 | |
365 | if (var->matchindex < 0) |
366 | |
367 | continue; |
368 | |
369 | matchres = hidtestrule(var, &cache); |
370 | |
371 | if (matchres < 0) { |
372 | |
373 | var->matchindex = -1; |
374 | vlactive--; |
375 | continue; |
376 | } else if (matchres > 0) { |
377 | |
378 | return var; |
379 | } |
380 | } |
381 | } |
382 | |
383 | return NULL; |
384 | } |
385 | |
386 | static void |
387 | allocreport(struct Sreport *report, report_desc_t rd, int repindex) |
388 | { |
389 | int reptsize; |
390 | |
391 | reptsize = hid_report_size(rd, reptoparam[repindex].hid_kind, reportid); |
392 | if (reptsize < 0) |
| 65 | | Assuming 'reptsize' is >= 0 | |
|
| |
393 | errx(1, "Negative report size"); |
394 | report->size = reptsize; |
395 | |
396 | if (report->size > 0) { |
| 67 | | Assuming field 'size' is <= 0 | |
|
| |
397 | report->buffer = malloc(sizeof(*report->buffer)); |
398 | if (report->buffer == NULL) |
399 | err(1, NULL); |
400 | } else |
401 | report->buffer = NULL; |
| 69 | | Null pointer value stored to field 'buffer' | |
|
402 | |
403 | report->status = srs_clean; |
404 | } |
405 | |
406 | static void |
407 | freereport(struct Sreport *report) |
408 | { |
409 | free(report->buffer); |
410 | report->status = srs_uninit; |
411 | } |
412 | |
413 | static void |
414 | getreport(struct Sreport *report, int hidfd, report_desc_t rd, int repindex) |
415 | { |
416 | if (report->status == srs_uninit) { |
| |
417 | allocreport(report, rd, repindex); |
| |
| 70 | | Returning from 'allocreport' | |
|
418 | if (report->size == 0) |
| |
419 | return; |
420 | |
421 | report->buffer->ucr_report = reptoparam[repindex].uhid_report; |
422 | if (ioctl(hidfd, USB_GET_REPORT, report->buffer) == -1) |
423 | err(1, "USB_GET_REPORT (probably not supported by " |
424 | "device)"); |
425 | } |
426 | } |
427 | |
428 | static void |
429 | setreport(struct Sreport *report, int hidfd, int repindex) |
430 | { |
431 | if (report->status == srs_dirty) { |
| |
432 | report->buffer->ucr_report = reptoparam[repindex].uhid_report; |
| 80 | | Access to field 'ucr_report' results in a dereference of a null pointer (loaded from field 'buffer') |
|
433 | |
434 | if (ioctl(hidfd, USB_SET_REPORT, report->buffer) == -1) |
435 | err(1, "USB_SET_REPORT(%s)", |
436 | reptoparam[repindex].name); |
437 | |
438 | report->status = srs_clean; |
439 | } |
440 | } |
441 | |
442 | static int |
443 | varop_value(struct hid_item *item, struct Susbvar *var, |
444 | u_int32_t const *collist, size_t collen, u_char *buf) |
445 | { |
446 | printf("%d\n", hid_get_data(buf, item)); |
447 | return 0; |
448 | } |
449 | |
450 | static int |
451 | varop_display(struct hid_item *item, struct Susbvar *var, |
452 | u_int32_t const *collist, size_t collen, u_char *buf) |
453 | { |
454 | size_t colitem; |
455 | int val, i; |
456 | |
457 | for (i = 0; i < item->report_count; i++) { |
458 | for (colitem = 0; colitem < collen; colitem++) { |
459 | if (var->mflags & MATCH_SHOWPAGENAME) |
460 | printf("%s:", |
461 | hid_usage_page(HID_PAGE(collist[colitem]))); |
462 | printf("%s.", hid_usage_in_page(collist[colitem])); |
463 | } |
464 | if (var->mflags & MATCH_SHOWPAGENAME) |
465 | printf("%s:", hid_usage_page(HID_PAGE(item->usage))); |
466 | val = hid_get_data(buf, item); |
467 | item->pos += item->report_size; |
468 | if (item->usage_minimum != 0 || item->usage_maximum != 0) { |
469 | val += item->usage_minimum; |
470 | printf("%s=1", hid_usage_in_page(val)); |
471 | } else { |
472 | printf("%s=%d%s", hid_usage_in_page(item->usage), |
473 | val, item->flags & HIO_CONST ? " (const)" : ""); |
474 | } |
475 | if (item->report_count > 1) |
476 | printf(" [%d]", i); |
477 | printf("\n"); |
478 | } |
479 | return 0; |
480 | } |
481 | |
482 | static int |
483 | varop_modify(struct hid_item *item, struct Susbvar *var, |
484 | u_int32_t const *collist, size_t collen, u_char *buf) |
485 | { |
486 | u_int dataval; |
487 | |
488 | dataval = (u_int)strtol(var->value, NULL, 10); |
489 | |
490 | hid_set_data(buf, item, dataval); |
491 | |
492 | if (var->mflags & MATCH_SHOWVALUES) |
493 | |
494 | varop_display(item, var, collist, collen, buf); |
495 | |
496 | return 1; |
497 | } |
498 | |
499 | static void |
500 | reportitem(char const *label, struct hid_item const *item, unsigned int mflags) |
501 | { |
502 | int isconst = item->flags & HIO_CONST, |
503 | isvar = item->flags & HIO_VARIABLE; |
504 | printf("%s size=%d count=%d%s%s page=%s", label, |
505 | item->report_size, item->report_count, |
506 | isconst ? " Const" : "", |
507 | !isvar && !isconst ? " Array" : "", |
508 | hid_usage_page(HID_PAGE(item->usage))); |
509 | if (item->usage_minimum != 0 || item->usage_maximum != 0) { |
510 | printf(" usage=%s..%s", hid_usage_in_page(item->usage_minimum), |
511 | hid_usage_in_page(item->usage_maximum)); |
512 | if (mflags & MATCH_SHOWNUMERIC) |
513 | printf(" (%u:0x%x..%u:0x%x)", |
514 | HID_PAGE(item->usage_minimum), |
515 | HID_USAGE(item->usage_minimum), |
516 | HID_PAGE(item->usage_maximum), |
517 | HID_USAGE(item->usage_maximum)); |
518 | } else { |
519 | printf(" usage=%s", hid_usage_in_page(item->usage)); |
520 | if (mflags & MATCH_SHOWNUMERIC) |
521 | printf(" (%u:0x%x)", |
522 | HID_PAGE(item->usage), HID_USAGE(item->usage)); |
523 | } |
524 | printf(", logical range %d..%d", |
525 | item->logical_minimum, item->logical_maximum); |
526 | if (item->physical_minimum != item->physical_maximum) |
527 | printf(", physical range %d..%d", |
528 | item->physical_minimum, item->physical_maximum); |
529 | if (item->unit) |
530 | printf(", unit=0x%02x exp=%d", item->unit, |
531 | item->unit_exponent); |
532 | printf("\n"); |
533 | } |
534 | |
535 | static int |
536 | varop_report(struct hid_item *item, struct Susbvar *var, |
537 | u_int32_t const *collist, size_t collen, u_char *buf) |
538 | { |
539 | switch (item->kind) { |
540 | case hid_collection: |
541 | printf("Collection page=%s usage=%s", |
542 | hid_usage_page(HID_PAGE(item->usage)), |
543 | hid_usage_in_page(item->usage)); |
544 | if (var->mflags & MATCH_SHOWNUMERIC) |
545 | printf(" (%u:0x%x)\n", |
546 | HID_PAGE(item->usage), HID_USAGE(item->usage)); |
547 | else |
548 | printf("\n"); |
549 | break; |
550 | case hid_endcollection: |
551 | printf("End collection\n"); |
552 | break; |
553 | case hid_input: |
554 | reportitem("Input ", item, var->mflags); |
555 | break; |
556 | case hid_output: |
557 | reportitem("Output ", item, var->mflags); |
558 | break; |
559 | case hid_feature: |
560 | reportitem("Feature", item, var->mflags); |
561 | break; |
562 | } |
563 | |
564 | return 0; |
565 | } |
566 | |
567 | static void |
568 | devloop(int hidfd, report_desc_t rd, struct Susbvar *varlist, size_t vlsize) |
569 | { |
570 | u_char *dbuf; |
571 | struct hid_data *hdata; |
572 | size_t collind, dlen; |
573 | struct hid_item hitem; |
574 | u_int32_t colls[128]; |
575 | struct Sreport inreport; |
576 | |
577 | allocreport(&inreport, rd, REPORT_INPUT); |
578 | |
579 | if (inreport.size <= 0) |
580 | errx(1, "Input report descriptor invalid length"); |
581 | |
582 | dlen = inreport.size; |
583 | dbuf = inreport.buffer->ucr_data; |
584 | |
585 | for (;;) { |
586 | ssize_t readlen; |
587 | |
588 | readlen = read(hidfd, dbuf, dlen); |
589 | if (readlen == -1) |
590 | err(1, "Device read error"); |
591 | if (dlen != (size_t)readlen) |
592 | errx(1, "Unexpected response length: %lu != %lu", |
593 | (unsigned long)readlen, (unsigned long)dlen); |
594 | |
595 | collind = 0; |
596 | hdata = hid_start_parse(rd, 1 << hid_input, reportid); |
597 | if (hdata == NULL) |
598 | errx(1, "Failed to start parser"); |
599 | |
600 | while (hid_get_item(hdata, &hitem)) { |
601 | struct Susbvar *matchvar; |
602 | |
603 | switch (hitem.kind) { |
604 | case hid_collection: |
605 | if (collind >= (sizeof(colls) / sizeof(*colls))) |
606 | errx(1, "Excessive nested collections"); |
607 | colls[collind++] = hitem.usage; |
608 | break; |
609 | case hid_endcollection: |
610 | if (collind == 0) |
611 | errx(1, "Excessive collection ends"); |
612 | collind--; |
613 | break; |
614 | case hid_input: |
615 | break; |
616 | case hid_output: |
617 | case hid_feature: |
618 | errx(1, "Unexpected non-input item returned"); |
619 | } |
620 | |
621 | if (reportid != -1 && hitem.report_ID != reportid) |
622 | continue; |
623 | |
624 | matchvar = hidmatch(colls, collind, &hitem, |
625 | varlist, vlsize); |
626 | |
627 | if (matchvar != NULL) |
628 | matchvar->opfunc(&hitem, matchvar, |
629 | colls, collind, |
630 | inreport.buffer->ucr_data); |
631 | } |
632 | hid_end_parse(hdata); |
633 | printf("\n"); |
634 | } |
635 | |
636 | } |
637 | |
638 | static void |
639 | devshow(int hidfd, report_desc_t rd, struct Susbvar *varlist, size_t vlsize, |
640 | int kindset) |
641 | { |
642 | struct hid_data *hdata; |
643 | size_t collind, repind, vlind; |
644 | struct hid_item hitem; |
645 | u_int32_t colls[128]; |
646 | struct Sreport reports[REPORT_MAXVAL + 1]; |
647 | |
648 | |
649 | for (repind = 0; repind < (sizeof(reports) / sizeof(*reports)); |
| 40 | | Loop condition is true. Entering loop body | |
|
| 41 | | Loop condition is true. Entering loop body | |
|
| 42 | | Loop condition is true. Entering loop body | |
|
| 43 | | Loop condition is false. Execution continues on line 655 | |
|
650 | repind++) { |
651 | reports[repind].status = srs_uninit; |
652 | reports[repind].buffer = NULL; |
653 | } |
654 | |
655 | collind = 0; |
656 | hdata = hid_start_parse(rd, kindset, reportid); |
657 | if (hdata == NULL) |
| 44 | | Assuming 'hdata' is not equal to NULL | |
|
| |
658 | errx(1, "Failed to start parser"); |
659 | |
660 | while (hid_get_item(hdata, &hitem)) { |
| 46 | | Loop condition is true. Entering loop body | |
|
| 55 | | Loop condition is true. Entering loop body | |
|
| 76 | | Loop condition is false. Execution continues on line 718 | |
|
661 | struct Susbvar *matchvar; |
662 | int repindex; |
663 | |
664 | if (verbose > 3) |
| |
| |
665 | printf("item: kind=%d repid=%d usage=0x%x\n", |
666 | hitem.kind, hitem.report_ID, hitem.usage); |
667 | repindex = -1; |
668 | switch (hitem.kind) { |
| 48 | | Control jumps to 'case hid_feature:' at line 685 | |
|
| 57 | | Control jumps to 'case hid_input:' at line 679 | |
|
669 | case hid_collection: |
670 | if (collind >= (sizeof(colls) / sizeof(*colls))) |
671 | errx(1, "Excessive nested collections"); |
672 | colls[collind++] = hitem.usage; |
673 | break; |
674 | case hid_endcollection: |
675 | if (collind == 0) |
676 | errx(1, "Excessive collection ends"); |
677 | collind--; |
678 | break; |
679 | case hid_input: |
680 | repindex = REPORT_INPUT; |
681 | break; |
| 58 | | Execution continues on line 690 | |
|
682 | case hid_output: |
683 | repindex = REPORT_OUTPUT; |
684 | break; |
685 | case hid_feature: |
686 | repindex = REPORT_FEATURE; |
687 | break; |
688 | } |
689 | |
690 | if (reportid != -1 && hitem.report_ID != reportid) |
| 49 | | Assuming the condition is false | |
|
691 | continue; |
692 | |
693 | matchvar = hidmatch(colls, collind, &hitem, varlist, vlsize); |
694 | |
695 | if (matchvar != NULL) { |
| |
| |
696 | u_char *bufdata; |
697 | struct Sreport *repptr; |
698 | |
699 | matchvar->mflags |= MATCH_WASMATCHED; |
700 | |
701 | if (repindex >= 0) |
| |
| |
702 | repptr = &reports[repindex]; |
703 | else |
704 | repptr = NULL; |
705 | |
706 | if (repptr != NULL && |
| |
| |
707 | !(matchvar->mflags & MATCH_NODATA)) |
708 | getreport(repptr, hidfd, rd, repindex); |
| |
| 72 | | Returning from 'getreport' | |
|
709 | |
710 | bufdata = (repptr == NULL || repptr->buffer == NULL) ? |
| |
| |
711 | NULL : repptr->buffer->ucr_data; |
712 | |
713 | if (matchvar->opfunc(&hitem, matchvar, colls, collind, |
| |
| 74 | | Assuming the condition is true | |
|
| |
714 | bufdata)) |
715 | repptr->status = srs_dirty; |
716 | } |
717 | } |
718 | hid_end_parse(hdata); |
719 | |
720 | for (repind = 0; repind < (sizeof(reports) / sizeof(*reports)); |
| 77 | | Loop condition is true. Entering loop body | |
|
721 | repind++) { |
722 | setreport(&reports[repind], hidfd, repind); |
| |
723 | freereport(&reports[repind]); |
724 | } |
725 | |
726 | |
727 | for (vlind = 0; vlind < vlsize; vlind++) { |
728 | struct Susbvar *var; |
729 | |
730 | var = &varlist[vlind]; |
731 | |
732 | if (var->variable != NULL && |
733 | !(var->mflags & MATCH_WASMATCHED)) |
734 | warnx("Failed to match: %.*s", (int)var->varlen, |
735 | var->variable); |
736 | } |
737 | } |
738 | |
739 | static void |
740 | usage(void) |
741 | { |
742 | extern char *__progname; |
743 | |
744 | fprintf(stderr, "usage: %s -f device [-t table] [-alv]\n", |
745 | __progname); |
746 | fprintf(stderr, " %s -f device [-t table] [-v] -r\n", |
747 | __progname); |
748 | fprintf(stderr, |
749 | " %s -f device [-t table] [-lnv] name ...\n", |
750 | __progname); |
751 | fprintf(stderr, |
752 | " %s -f device [-t table] -w name=value ...\n", |
753 | __progname); |
754 | fprintf(stderr, " %s -f device -R\n", __progname); |
755 | exit(1); |
756 | } |
757 | |
758 | int |
759 | main(int argc, char **argv) |
760 | { |
761 | char const *dev; |
762 | char const *table; |
763 | size_t varnum; |
764 | uint32_t repsize; |
765 | int aflag, lflag, nflag, rflag, Rflag, wflag; |
766 | int ch, hidfd, x; |
767 | uint8_t *repdata; |
768 | report_desc_t repdesc; |
769 | char devnamebuf[PATH_MAX]; |
770 | struct Susbvar variables[128]; |
771 | |
772 | wflag = aflag = nflag = verbose = rflag = Rflag = lflag = 0; |
773 | dev = NULL; |
774 | table = NULL; |
775 | while ((ch = getopt(argc, argv, "af:lnRrt:vw")) != -1) { |
| 1 | Assuming the condition is true | |
|
| 2 | | Loop condition is true. Entering loop body | |
|
| 4 | | Execution continues on line 775 | |
|
| 5 | | Assuming the condition is false | |
|
| 6 | | Loop condition is false. Execution continues on line 809 | |
|
776 | switch (ch) { |
| 3 | | Control jumps to 'case 102:' at line 780 | |
|
777 | case 'a': |
778 | aflag = 1; |
779 | break; |
780 | case 'f': |
781 | dev = optarg; |
782 | break; |
783 | case 'l': |
784 | lflag = 1; |
785 | break; |
786 | case 'n': |
787 | nflag = 1; |
788 | break; |
789 | case 'r': |
790 | rflag = 1; |
791 | break; |
792 | case 'R': |
793 | Rflag = 1; |
794 | break; |
795 | case 't': |
796 | table = optarg; |
797 | break; |
798 | case 'v': |
799 | verbose++; |
800 | break; |
801 | case 'w': |
802 | wflag = 1; |
803 | break; |
804 | default: |
805 | usage(); |
806 | |
807 | } |
808 | } |
809 | argc -= optind; |
810 | argv += optind; |
811 | if (dev == NULL || (lflag && (wflag || rflag || Rflag)) || |
| 7 | | Assuming 'dev' is not equal to NULL | |
|
812 | (rflag && Rflag)) { |
813 | |
814 | |
815 | |
816 | |
817 | usage(); |
818 | |
819 | } |
820 | |
821 | if (argc == 0 && rflag == 0) |
| 8 | | Assuming 'argc' is not equal to 0 | |
|
822 | aflag = 1; |
823 | |
824 | for (varnum = 0; varnum < (size_t)argc; varnum++) { |
| 9 | | Assuming 'varnum' is < 'argc' | |
|
| 10 | | Loop condition is true. Entering loop body | |
|
| 16 | | Assuming 'varnum' is >= 'argc' | |
|
825 | char const *name, *valuesep; |
826 | struct Susbvar *svar; |
827 | |
828 | svar = &variables[varnum]; |
829 | name = argv[varnum]; |
830 | valuesep = strchr(name, DELIM_SET); |
831 | |
832 | svar->variable = name; |
833 | svar->mflags = 0; |
834 | |
835 | if (valuesep == NULL) { |
| 11 | | Assuming 'valuesep' is equal to NULL | |
|
| |
836 | |
837 | if (wflag) |
| |
838 | errx(1, "Must not specify -w to read variables"); |
839 | svar->value = NULL; |
840 | svar->varlen = strlen(name); |
841 | |
842 | if (nflag) { |
| |
843 | |
844 | svar->opfunc = varop_value; |
845 | } else { |
846 | |
847 | svar->opfunc = varop_display; |
848 | |
849 | if (verbose >= 1) |
| |
850 | |
851 | svar->mflags |= MATCH_SHOWPAGENAME; |
852 | } |
853 | } else { |
854 | |
855 | if (!wflag) |
856 | errx(2, "Must specify -w to set variables"); |
857 | svar->mflags |= MATCH_WRITABLE; |
858 | if (verbose >= 1) |
859 | |
860 | |
861 | |
862 | |
863 | |
864 | |
865 | svar->mflags |= MATCH_SHOWVALUES; |
866 | svar->varlen = valuesep - name; |
867 | svar->value = valuesep + 1; |
868 | svar->opfunc = varop_modify; |
869 | } |
870 | } |
871 | |
872 | if (aflag || rflag) { |
| |
873 | struct Susbvar *svar; |
874 | |
875 | svar = &variables[varnum++]; |
876 | |
877 | svar->variable = NULL; |
878 | svar->mflags = MATCH_ALL; |
879 | |
880 | if (rflag) { |
881 | |
882 | |
883 | |
884 | |
885 | |
886 | svar->opfunc = varop_report; |
887 | svar->mflags |= MATCH_COLLECTIONS | MATCH_NODATA; |
888 | |
889 | switch (verbose) { |
890 | default: |
891 | |
892 | svar->mflags |= MATCH_SHOWNUMERIC; |
893 | |
894 | case 1: |
895 | |
896 | svar->mflags |= MATCH_CONSTANTS; |
897 | |
898 | case 0: |
899 | break; |
900 | } |
901 | } else { |
902 | |
903 | svar->opfunc = varop_display; |
904 | |
905 | switch (verbose) { |
906 | default: |
907 | |
908 | svar->mflags |= MATCH_CONSTANTS; |
909 | |
910 | case 1: |
911 | |
912 | svar->mflags |= MATCH_SHOWPAGENAME; |
913 | |
914 | case 0: |
915 | break; |
916 | } |
917 | } |
918 | } |
919 | |
920 | if (varnum == 0) { |
| |
921 | |
922 | usage(); |
923 | |
924 | } |
925 | |
926 | if (hid_start(table) == -1) |
| 19 | | Assuming the condition is false | |
|
| |
927 | errx(1, "hid_init"); |
928 | |
929 | if (dev[0] != '/') { |
| 21 | | Assuming the condition is false | |
|
| |
930 | snprintf(devnamebuf, sizeof(devnamebuf), "/dev/%s%s", |
931 | isdigit((unsigned char)dev[0]) ? "uhid" : "", dev); |
932 | dev = devnamebuf; |
933 | } |
934 | |
935 | hidfd = open(dev, wflag ? O_RDWR : O_RDONLY); |
| |
936 | if (hidfd == -1) |
| 24 | | Assuming the condition is false | |
|
| |
937 | err(1, "%s", dev); |
938 | |
939 | if (unveil("/", "") == -1) |
| 26 | | Assuming the condition is false | |
|
| |
940 | err(1, "unveil /"); |
941 | if (unveil(NULL, NULL) == -1) |
| 28 | | Assuming the condition is false | |
|
| |
942 | err(1, "unveil"); |
943 | |
944 | if (ioctl(hidfd, USB_GET_REPORT_ID, &reportid) == -1) |
| 30 | | Assuming the condition is false | |
|
| |
945 | reportid = -1; |
946 | if (verbose > 1) |
| |
947 | printf("report ID=%d\n", reportid); |
948 | repdesc = hid_get_report_desc(hidfd); |
949 | if (repdesc == 0) |
| 33 | | Assuming 'repdesc' is not equal to null | |
|
| |
950 | errx(1, "USB_GET_REPORT_DESC"); |
951 | |
952 | if (Rflag) { |
| |
953 | hid_get_report_desc_data(repdesc, &repdata, &repsize); |
954 | |
955 | for (x = 0; x < repsize; x++) |
956 | printf("%s0x%02x", x > 0 ? " " : "", repdata[x]); |
957 | printf("\n"); |
958 | } |
959 | |
960 | if (lflag) { |
| |
961 | devloop(hidfd, repdesc, variables, varnum); |
962 | |
963 | } |
964 | |
965 | if (rflag) |
| |
966 | |
967 | printf("Report descriptor:\n"); |
968 | |
969 | if (!Rflag) |
| |
970 | devshow(hidfd, repdesc, variables, varnum, |
| |
971 | 1 << hid_input | |
972 | 1 << hid_output | |
973 | 1 << hid_feature); |
974 | |
975 | if (rflag) { |
976 | |
977 | size_t repindex; |
978 | for (repindex = 0; |
979 | repindex < (sizeof(reptoparam) / sizeof(*reptoparam)); |
980 | repindex++) { |
981 | int size; |
982 | size = hid_report_size(repdesc, |
983 | reptoparam[repindex].hid_kind, |
984 | reportid); |
985 | printf("Total %7s size %d bytes\n", |
986 | reptoparam[repindex].name, size); |
987 | } |
988 | } |
989 | |
990 | hid_dispose_report_desc(repdesc); |
991 | exit(0); |
992 | |
993 | } |