Blame SOURCES/BZ_1633235-sg3_utils-1.44-covscan-fix.patch

c00092
From 7a39d7758c9c799bc6341a8a339a91692ec8a9dd Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Tue, 25 Sep 2018 18:52:26 +0800
c00092
Subject: [PATCH 01/30] Fix overrunning array.
c00092
c00092
Issue:
c00092
 * `jrp` might pointing outside of join_arr after the for loop.
c00092
 * Out of index: `op->cdb`.
c00092
c00092
Fix:
c00092
 * Check index number before dereferencing `jpr` pointer.
c00092
 * Check index number before access `op->cdb` array.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_raw.c | 2 +-
c00092
 src/sg_ses.c | 2 +-
c00092
 2 files changed, 2 insertions(+), 2 deletions(-)
c00092
c00092
diff --git a/src/sg_raw.c b/src/sg_raw.c
c00092
index 92c2287..90c3d9c 100644
c00092
--- a/src/sg_raw.c
c00092
+++ b/src/sg_raw.c
c00092
@@ -454,7 +454,7 @@ parse_cmd_line(struct opts_t * op, int argc, char *argv[])
c00092
             return SG_LIB_SYNTAX_ERROR;
c00092
         }
c00092
 
c00092
-        if (op->cdb_length > MAX_SCSI_CDBSZ) {
c00092
+        if (op->cdb_length >= MAX_SCSI_CDBSZ) {
c00092
             pr2serr("CDB too long (max. %d bytes)\n", MAX_SCSI_CDBSZ);
c00092
             return SG_LIB_SYNTAX_ERROR;
c00092
         }
c00092
diff --git a/src/sg_ses.c b/src/sg_ses.c
c00092
index abb1fea..29b66b3 100644
c00092
--- a/src/sg_ses.c
c00092
+++ b/src/sg_ses.c
c00092
@@ -5310,7 +5310,7 @@ ses_cgs(struct sg_pt_base * ptvp, const struct tuple_acronym_val * tavp,
c00092
         if (op->ind_indiv_last <= op->ind_indiv)
c00092
             break;
c00092
     }   /* end of loop over join array */
c00092
-    if ((NULL == jrp->enc_statp) || (k >= MX_JOIN_ROWS)) {
c00092
+    if ((k >= MX_JOIN_ROWS) || (NULL == jrp->enc_statp)) {
c00092
         if (op->desc_name)
c00092
             pr2serr("descriptor name: %s not found (check the 'ed' page "
c00092
                     "[0x7])\n", op->desc_name);
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From ad7d26c94ad555a647528c31eb11b78fc0ac4474 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Tue, 25 Sep 2018 18:59:01 +0800
c00092
Subject: [PATCH 02/30] sg_persist: Workaround for false warning of covscan.
c00092
c00092
The covscan think we might access out of index on `tid_arr` but
c00092
actually we did the index check before.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_persist.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_persist.c b/src/sg_persist.c
c00092
index f582d32..b565a5a 100644
c00092
--- a/src/sg_persist.c
c00092
+++ b/src/sg_persist.c
c00092
@@ -824,7 +824,7 @@ decode_file_tids(const char * fnp, struct opts_t * op)
c00092
                     pr2serr("%s: array length exceeded\n", __func__);
c00092
                     goto bad;
c00092
                 }
c00092
-                tid_arr[off + k] = h;
c00092
+                op->transportid_arr[off + k] = h;
c00092
                 lcp = strpbrk(lcp, " ,\t");
c00092
                 if (NULL == lcp)
c00092
                     break;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 24e54cf4c04fa7aa3bdf8e7315ce6240ab306c5f Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Tue, 25 Sep 2018 19:12:34 +0800
c00092
Subject: [PATCH 03/30] sg_opcodes: Fix overrun of array.
c00092
c00092
Overrunning array `b` as 4 + m might bigger than the size of array `b`.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_opcodes.c | 3 ++-
c00092
 1 file changed, 2 insertions(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_opcodes.c b/src/sg_opcodes.c
c00092
index 21897c4..a8cf762 100644
c00092
--- a/src/sg_opcodes.c
c00092
+++ b/src/sg_opcodes.c
c00092
@@ -799,7 +799,8 @@ list_all_codes(uint8_t * rsoc_buff, int rsoc_len, struct opts_t * op,
c00092
                         printf("             usage: ");
c00092
                     else
c00092
                         printf("        cdb usage: ");
c00092
-                    for (m = 0; m < cdb_sz; ++m)
c00092
+                    for (m = 0; (m < cdb_sz) && ((size_t) (4 + m) < sizeof(b));
c00092
+                         ++m)
c00092
                         printf("%.2x ", b[4 + m]);
c00092
                     printf("\n");
c00092
                 }
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From ca241cf82c746391edb3b460550310da40202fe4 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 20:34:42 +0800
c00092
Subject: [PATCH 04/30] sg_lib: Fix overruning of array
c00092
 `sg_lib_scsi_status_sense_arr`
c00092
c00092
Check index before dereferencing `mp`.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 include/sg_lib_data.h | 2 ++
c00092
 lib/sg_lib.c          | 3 +++
c00092
 lib/sg_lib_data.c     | 6 ++++++
c00092
 3 files changed, 11 insertions(+)
c00092
c00092
diff --git a/include/sg_lib_data.h b/include/sg_lib_data.h
c00092
index a870043..9739453 100644
c00092
--- a/include/sg_lib_data.h
c00092
+++ b/include/sg_lib_data.h
c00092
@@ -122,6 +122,8 @@ extern struct sg_lib_simple_value_name_t sg_lib_nvme_nvm_cmd_arr[];
c00092
 extern struct sg_lib_value_name_t sg_lib_nvme_cmd_status_arr[];
c00092
 extern struct sg_lib_4tuple_u8 sg_lib_scsi_status_sense_arr[];
c00092
 
c00092
+size_t sg_lib_scsi_status_sense_arr_len(void);
c00092
+
c00092
 extern struct sg_value_2names_t sg_exit_str_arr[];
c00092
 
c00092
 #ifdef __cplusplus
c00092
diff --git a/lib/sg_lib.c b/lib/sg_lib.c
c00092
index c2c5891..c281cce 100644
c00092
--- a/lib/sg_lib.c
c00092
+++ b/lib/sg_lib.c
c00092
@@ -2585,6 +2585,9 @@ sg_nvme_status2scsi(uint16_t sct_sc, uint8_t * status_p, uint8_t * sk_p,
c00092
         return false;
c00092
     } else if (ind >= k)
c00092
         return false;
c00092
+    /* Check whether `ind` is out of index of sg_lib_scsi_status_sense_arr */
c00092
+    if (ind >= (int) sg_lib_scsi_status_sense_arr_len())
c00092
+        return false;
c00092
     mp = sg_lib_scsi_status_sense_arr + ind;
c00092
     if (status_p)
c00092
         *status_p = mp->t1;
c00092
diff --git a/lib/sg_lib_data.c b/lib/sg_lib_data.c
c00092
index d5ca380..3a898e5 100644
c00092
--- a/lib/sg_lib_data.c
c00092
+++ b/lib/sg_lib_data.c
c00092
@@ -1850,3 +1850,9 @@ struct sg_value_2names_t sg_exit_str_arr[] = {
c00092
 };
c00092
 
c00092
 #endif           /* (SG_SCSI_STRINGS && HAVE_NVME && (! IGNORE_NVME)) */
c00092
+
c00092
+size_t sg_lib_scsi_status_sense_arr_len(void)
c00092
+{
c00092
+    return sizeof(sg_lib_scsi_status_sense_arr)/
c00092
+        sizeof(struct sg_lib_4tuple_u8) - 1;
c00092
+}
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 36a487285d9e7c9afce9acaefa8fad25017cacd8 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Fri, 28 Sep 2018 20:56:26 +0800
c00092
Subject: [PATCH 05/30] sginfo,sg_dd: Fix resource leak.
c00092
c00092
 * sginfo: Free the memory of `headsp`.
c00092
 * sg_dd: Close infd/outfd before return error.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_dd.c  | 6 ++++++
c00092
 src/sginfo.c | 1 +
c00092
 2 files changed, 7 insertions(+)
c00092
c00092
diff --git a/src/sg_dd.c b/src/sg_dd.c
c00092
index edd8f9c..6bdbcdb 100644
c00092
--- a/src/sg_dd.c
c00092
+++ b/src/sg_dd.c
c00092
@@ -1276,6 +1276,7 @@ open_if(const char * inf, int64_t skip, int bpt, struct flags_t * ifp,
c00092
                 perror(ME "SG_SET_RESERVED_SIZE error");
c00092
             res = ioctl(infd, SG_GET_VERSION_NUM, &t);
c00092
             if ((res < 0) || (t < 30000)) {
c00092
+                close(infd);
c00092
                 if (FT_BLOCK & *in_typep)
c00092
                     pr2serr(ME "SG_IO unsupported on this block device\n");
c00092
                 else
c00092
@@ -1308,6 +1309,7 @@ open_if(const char * inf, int64_t skip, int bpt, struct flags_t * ifp,
c00092
                     snprintf(ebuff, EBUFF_SZ, ME "couldn't skip to "
c00092
                              "required position on %s", inf);
c00092
                     perror(ebuff);
c00092
+                    close(infd);
c00092
                     goto file_err;
c00092
                 }
c00092
                 if (vb)
c00092
@@ -1341,6 +1343,7 @@ open_if(const char * inf, int64_t skip, int bpt, struct flags_t * ifp,
c00092
 file_err:
c00092
     return -SG_LIB_FILE_ERROR;
c00092
 other_err:
c00092
+    close(infd);
c00092
     return -SG_LIB_CAT_OTHER;
c00092
 }
c00092
 
c00092
@@ -1398,6 +1401,7 @@ open_of(const char * outf, int64_t seek, int bpt, struct flags_t * ofp,
c00092
                 perror(ME "SG_SET_RESERVED_SIZE error");
c00092
             res = ioctl(outfd, SG_GET_VERSION_NUM, &t);
c00092
             if ((res < 0) || (t < 30000)) {
c00092
+                close(outfd);
c00092
                 pr2serr(ME "sg driver prior to 3.x.y\n");
c00092
                 goto file_err;
c00092
             }
c00092
@@ -1447,6 +1451,7 @@ open_of(const char * outf, int64_t seek, int bpt, struct flags_t * ofp,
c00092
                 snprintf(ebuff, EBUFF_SZ,
c00092
                     ME "couldn't seek to required position on %s", outf);
c00092
                 perror(ebuff);
c00092
+                close(outfd);
c00092
                 goto file_err;
c00092
             }
c00092
             if (vb)
c00092
@@ -1469,6 +1474,7 @@ open_of(const char * outf, int64_t seek, int bpt, struct flags_t * ofp,
c00092
 file_err:
c00092
     return -SG_LIB_FILE_ERROR;
c00092
 other_err:
c00092
+    close(outfd);
c00092
     return -SG_LIB_CAT_OTHER;
c00092
 }
c00092
 
c00092
diff --git a/src/sginfo.c b/src/sginfo.c
c00092
index bddc964..1032f05 100644
c00092
--- a/src/sginfo.c
c00092
+++ b/src/sginfo.c
c00092
@@ -1825,6 +1825,7 @@ trytenbyte:
c00092
         }
c00092
     }
c00092
     printf("\n");
c00092
+    free(headsp);
c00092
     return status;
c00092
 }
c00092
 
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 5bd764553056b2182db8ef8d6c1a1ab09b0d5a24 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 21:10:23 +0800
c00092
Subject: [PATCH 06/30] covscan: Calling func without checking return value
c00092
c00092
* Use the macro `_ignore_return()` defined in `misc.h` to ignore the
c00092
  return value of functions.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/misc.h          | 34 ++++++++++++++++++++++++++++++++++
c00092
 src/sg_get_config.c |  6 ++++--
c00092
 src/sg_logs.c       |  6 ++++--
c00092
 src/sg_persist.c    | 13 +++++++++----
c00092
 src/sg_xcopy.c      | 23 +++++++++++++----------
c00092
 5 files changed, 64 insertions(+), 18 deletions(-)
c00092
 create mode 100644 src/misc.h
c00092
c00092
diff --git a/src/misc.h b/src/misc.h
c00092
new file mode 100644
c00092
index 0000000..6289eae
c00092
--- /dev/null
c00092
+++ b/src/misc.h
c00092
@@ -0,0 +1,34 @@
c00092
+/*
c00092
+ * Copyright (c) 2018 Red Hat, Inc.
c00092
+ * All rights reserved.
c00092
+ *
c00092
+ * Redistribution and use in source and binary forms, with or without
c00092
+ * modification, are permitted provided that the following conditions
c00092
+ * are met:
c00092
+ * 1. Redistributions of source code must retain the above copyright
c00092
+ *    notice, this list of conditions and the following disclaimer.
c00092
+ * 2. Redistributions in binary form must reproduce the above copyright
c00092
+ *    notice, this list of conditions and the following disclaimer in the
c00092
+ *    documentation and/or other materials provided with the distribution.
c00092
+ *
c00092
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
c00092
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
c00092
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
c00092
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
c00092
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
c00092
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
c00092
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
c00092
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
c00092
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
c00092
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
c00092
+ * SUCH DAMAGE.
c00092
+ *
c00092
+ * Author:  Gris Ge <fge@redhat.com>
c00092
+ */
c00092
+#ifndef __SG_UTILS_MISC_H__
c00092
+#define __SG_UTILS_MISC_H__
c00092
+
c00092
+/* Just make coverity scan happy. */
c00092
+#define _ignore_return(x) if (x) {}
c00092
+
c00092
+#endif /* End of __SG_UTILS_MISC_H__ */
c00092
diff --git a/src/sg_get_config.c b/src/sg_get_config.c
c00092
index 28af720..4d2cc9b 100644
c00092
--- a/src/sg_get_config.c
c00092
+++ b/src/sg_get_config.c
c00092
@@ -24,6 +24,8 @@
c00092
 #include "sg_unaligned.h"
c00092
 #include "sg_pr2serr.h"
c00092
 
c00092
+#include "misc.h"
c00092
+
c00092
 /* A utility program originally written for the Linux OS SCSI subsystem.
c00092
  *
c00092
  * This program outputs information provided by a SCSI "Get Configuration"
c00092
@@ -1091,7 +1093,7 @@ main(int argc, char * argv[])
c00092
         pr2serr(ME "%s doesn't respond to a SCSI INQUIRY\n", device_name);
c00092
         return SG_LIB_CAT_OTHER;
c00092
     }
c00092
-    sg_cmds_close_device(sg_fd);
c00092
+    _ignore_return(sg_cmds_close_device(sg_fd));
c00092
 
c00092
     sg_fd = sg_cmds_open_device(device_name, readonly, verbose);
c00092
     if (sg_fd < 0) {
c00092
@@ -1122,7 +1124,7 @@ main(int argc, char * argv[])
c00092
     } else {
c00092
         char b[80];
c00092
 
c00092
-        sg_get_category_sense_str(res, sizeof(b), b, verbose);
c00092
+        _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verbose));
c00092
         pr2serr("Get Configuration command: %s\n", b);
c00092
         if (0 == verbose)
c00092
             pr2serr("    try '-v' option for more information\n");
c00092
diff --git a/src/sg_logs.c b/src/sg_logs.c
c00092
index 61443ff..e4f265e 100644
c00092
--- a/src/sg_logs.c
c00092
+++ b/src/sg_logs.c
c00092
@@ -34,6 +34,8 @@
c00092
 #include "sg_unaligned.h"
c00092
 #include "sg_pr2serr.h"
c00092
 
c00092
+#include "misc.h"
c00092
+
c00092
 static const char * version_str = "1.69 20180911";    /* spc5r19 + sbc4r11 */
c00092
 
c00092
 #define MX_ALLOC_LEN (0xfffc)
c00092
@@ -6776,7 +6778,7 @@ fetchTemperature(int sg_fd, uint8_t * resp, int max_len, struct opts_t * op)
c00092
             pr2serr("Unable to find temperature in either Temperature or "
c00092
                     "IE log page\n");
c00092
     }
c00092
-    sg_cmds_close_device(sg_fd);
c00092
+    _ignore_return(sg_cmds_close_device(sg_fd));
c00092
     return (res >= 0) ? res : SG_LIB_CAT_OTHER;
c00092
 }
c00092
 
c00092
@@ -7246,7 +7248,7 @@ err_out:
c00092
     if (free_parr)
c00092
         free(free_parr);
c00092
     if (sg_fd >= 0)
c00092
-        sg_cmds_close_device(sg_fd);
c00092
+        _ignore_return(sg_cmds_close_device(sg_fd));
c00092
     if (0 == vb) {
c00092
         if (! sg_if_can2stderr("sg_logs failed: ", ret))
c00092
             pr2serr("Some error occurred, try again with '-v' or '-vv' for "
c00092
diff --git a/src/sg_persist.c b/src/sg_persist.c
c00092
index b565a5a..2e10aff 100644
c00092
--- a/src/sg_persist.c
c00092
+++ b/src/sg_persist.c
c00092
@@ -33,6 +33,8 @@
c00092
 #include "sg_unaligned.h"
c00092
 #include "sg_pr2serr.h"
c00092
 
c00092
+#include "misc.h"
c00092
+
c00092
 static const char * version_str = "0.66 20180615";
c00092
 
c00092
 
c00092
@@ -303,7 +305,8 @@ prin_work(int sg_fd, const struct opts_t * op)
c00092
             pr2serr("PR in (%s): bad field in cdb or parameter list (perhaps "
c00092
                     "unsupported service action)\n", b);
c00092
         else {
c00092
-            sg_get_category_sense_str(res, sizeof(bb), bb, op->verbose);
c00092
+            _ignore_return(sg_get_category_sense_str(res, sizeof(bb), bb,
c00092
+                                                     op->verbose));
c00092
             pr2serr("PR in (%s): %s\n", b, bb);
c00092
         }
c00092
         goto fini;
c00092
@@ -519,7 +522,8 @@ prout_work(int sg_fd, struct opts_t * op)
c00092
                 pr2serr("PR out (%s): bad field in cdb or parameter list "
c00092
                         "(perhaps unsupported service action)\n", b);
c00092
             else {
c00092
-                sg_get_category_sense_str(res, sizeof(bb), bb, op->verbose);
c00092
+                _ignore_return(sg_get_category_sense_str(res, sizeof(bb), bb,
c00092
+                                                         op->verbose));
c00092
                 pr2serr("PR out (%s): %s\n", b, bb);
c00092
             }
c00092
             goto fini;
c00092
@@ -573,7 +577,8 @@ prout_reg_move_work(int sg_fd, struct opts_t * op)
c00092
         else {
c00092
             char bb[80];
c00092
 
c00092
-            sg_get_category_sense_str(res, sizeof(bb), bb, op->verbose);
c00092
+            _ignore_return(sg_get_category_sense_str(res, sizeof(bb), bb,
c00092
+                                                     op->verbose));
c00092
             pr2serr("PR out (register and move): %s\n", bb);
c00092
         }
c00092
         goto fini;
c00092
@@ -1277,7 +1282,7 @@ main(int argc, char * argv[])
c00092
             flagged = true;
c00092
             goto fini;
c00092
         }
c00092
-        sg_cmds_close_device(sg_fd);
c00092
+        _ignore_return(sg_cmds_close_device(sg_fd));
c00092
     }
c00092
 
c00092
     if (! op->readwrite_force) {
c00092
diff --git a/src/sg_xcopy.c b/src/sg_xcopy.c
c00092
index 5facfc8..6230685 100644
c00092
--- a/src/sg_xcopy.c
c00092
+++ b/src/sg_xcopy.c
c00092
@@ -67,6 +67,8 @@
c00092
 #include "sg_unaligned.h"
c00092
 #include "sg_pr2serr.h"
c00092
 
c00092
+#include "misc.h"
c00092
+
c00092
 static const char * version_str = "0.68 20180811";
c00092
 
c00092
 #define ME "sg_xcopy: "
c00092
@@ -341,7 +343,7 @@ open_sg(struct xcopy_fp_t * fp, int vb)
c00092
     }
c00092
     if (sg_simple_inquiry(fp->sg_fd, &sir, false, vb)) {
c00092
         pr2serr("INQUIRY failed on %s\n", ebuff);
c00092
-        sg_cmds_close_device(fp->sg_fd);
c00092
+        _ignore_return(sg_cmds_close_device(fp->sg_fd));
c00092
         fp->sg_fd = -1;
c00092
         return -1;
c00092
     }
c00092
@@ -415,7 +417,7 @@ dd_filetype_str(int ft, char * buff)
c00092
     if (FT_OTHER & ft)
c00092
         off += sg_scnpr(buff + off, 32, "other (perhaps ordinary file) ");
c00092
     if (FT_ERROR & ft)
c00092
-        sg_scnpr(buff + off, 32, "unable to 'stat' file ");
c00092
+        _ignore_return(sg_scnpr(buff + off, 32, "unable to 'stat' file "));
c00092
     return buff;
c00092
 }
c00092
 
c00092
@@ -640,7 +642,7 @@ scsi_extended_copy(int sg_fd, uint8_t list_id,
c00092
                                 DEF_GROUP_NUM, DEF_3PC_OUT_TIMEOUT,
c00092
                                 xcopyBuff, desc_offset, true, verb);
c00092
     if (res) {
c00092
-        sg_get_category_sense_str(res, sizeof(b), b, verb);
c00092
+        _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verb));
c00092
         pr2serr("Xcopy(LID1): %s\n", b);
c00092
     }
c00092
     return res;
c00092
@@ -660,7 +662,7 @@ scsi_read_capacity(struct xcopy_fp_t *xfp)
c00092
     res = sg_ll_readcap_10(xfp->sg_fd, false /* pmi */, 0, rcBuff,
c00092
                            READ_CAP_REPLY_LEN, true, verb);
c00092
     if (0 != res) {
c00092
-        sg_get_category_sense_str(res, sizeof(b), b, verb);
c00092
+        _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verb));
c00092
         pr2serr("Read capacity(10): %s\n", b);
c00092
         return res;
c00092
     }
c00092
@@ -672,7 +674,7 @@ scsi_read_capacity(struct xcopy_fp_t *xfp)
c00092
         res = sg_ll_readcap_16(xfp->sg_fd, false /* pmi */, 0, rcBuff,
c00092
                                RCAP16_REPLY_LEN, true, verb);
c00092
         if (0 != res) {
c00092
-            sg_get_category_sense_str(res, sizeof(b), b, verb);
c00092
+            _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verb));
c00092
             pr2serr("Read capacity(16): %s\n", b);
c00092
             return res;
c00092
         }
c00092
@@ -714,7 +716,7 @@ scsi_operating_parameter(struct xcopy_fp_t *xfp, int is_target)
c00092
     res = sg_ll_receive_copy_results(xfp->sg_fd, SA_COPY_OP_PARAMS, 0, rcBuff,
c00092
                                      rcBuffLen, true, verb);
c00092
     if (0 != res) {
c00092
-        sg_get_category_sense_str(res, sizeof(b), b, verb);
c00092
+        _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verb));
c00092
         pr2serr("Xcopy operating parameters: %s\n", b);
c00092
         return -res;
c00092
     }
c00092
@@ -1006,8 +1008,8 @@ decode_designation_descriptor(const uint8_t * bp, int i_len)
c00092
 {
c00092
     char c[2048];
c00092
 
c00092
-    sg_get_designation_descriptor_str(NULL, bp, i_len, 1, verbose,
c00092
-                                      sizeof(c), c);
c00092
+    _ignore_return(sg_get_designation_descriptor_str(NULL, bp, i_len, 1,
c00092
+                                                     verbose, sizeof(c), c));
c00092
     pr2serr("%s", c);
c00092
 }
c00092
 
c00092
@@ -1029,7 +1031,8 @@ desc_from_vpd_id(int sg_fd, uint8_t *desc, int desc_len,
c00092
         if (SG_LIB_CAT_ILLEGAL_REQ == res)
c00092
             pr2serr("Device identification VPD page not found\n");
c00092
         else {
c00092
-            sg_get_category_sense_str(res, sizeof(b), b, verbose);
c00092
+            _ignore_return(sg_get_category_sense_str(res, sizeof(b), b,
c00092
+                                                     verbose));
c00092
             pr2serr("VPD inquiry (Device ID): %s\n", b);
c00092
             pr2serr("   try again with '-vv'\n");
c00092
         }
c00092
@@ -1042,7 +1045,7 @@ desc_from_vpd_id(int sg_fd, uint8_t *desc, int desc_len,
c00092
     res = sg_ll_inquiry(sg_fd, false, true, VPD_DEVICE_ID, rcBuff, len, true,
c00092
                         verb);
c00092
     if (0 != res) {
c00092
-        sg_get_category_sense_str(res, sizeof(b), b, verbose);
c00092
+        _ignore_return(sg_get_category_sense_str(res, sizeof(b), b, verbose));
c00092
         pr2serr("VPD inquiry (Device ID): %s\n", b);
c00092
         return res;
c00092
     } else if (rcBuff[1] != VPD_DEVICE_ID) {
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 3a99f93d11cea7d4273477c698eb6bfb2f6d4696 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:14:11 +0800
c00092
Subject: [PATCH 07/30] sg_dd: flock does not allows negative fd.
c00092
c00092
 * The `outfd` could be -1 in line 1408. We do negative number check on
c00092
   `outfd` before sending to flock.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_dd.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_dd.c b/src/sg_dd.c
c00092
index 6bdbcdb..8696ee7 100644
c00092
--- a/src/sg_dd.c
c00092
+++ b/src/sg_dd.c
c00092
@@ -1459,7 +1459,7 @@ open_of(const char * outf, int64_t seek, int bpt, struct flags_t * ofp,
c00092
                         "\n", (uint64_t)offset);
c00092
         }
c00092
     }
c00092
-    if (ofp->flock) {
c00092
+    if ((ofp->flock) && (outfd >= 0)) {
c00092
         res = flock(outfd, LOCK_EX | LOCK_NB);
c00092
         if (res < 0) {
c00092
             close(outfd);
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 158f6547f156b8a7fc175904b4bd502642ed56a5 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:21:00 +0800
c00092
Subject: [PATCH 08/30] sginfo: Suspend the fallthrough warning.
c00092
c00092
* The GCC and Clang will complain about fallthrough of switch statement,
c00092
  use maker comments to suspend that.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sginfo.c | 3 +++
c00092
 1 file changed, 3 insertions(+)
c00092
c00092
diff --git a/src/sginfo.c b/src/sginfo.c
c00092
index 1032f05..9c626ee 100644
c00092
--- a/src/sginfo.c
c00092
+++ b/src/sginfo.c
c00092
@@ -1757,6 +1757,7 @@ trytenbyte:
c00092
                     }
c00092
                     else if (!sorthead) printf("|");
c00092
                 }
c00092
+                /* fall through */
c00092
             case 5:     /* physical sector */
c00092
                 while (len > 0) {
c00092
                     snprintf((char *)cbuffer1, 40, "%6d:%2u:%5d",
c00092
@@ -1775,6 +1776,7 @@ trytenbyte:
c00092
                     }
c00092
                     else if (!sorthead) printf("|");
c00092
                 }
c00092
+                /* fall through */
c00092
             case 0:     /* lba (32 bit) */
c00092
                 while (len > 0) {
c00092
                     printf("%10d", getnbyte(df, 4));
c00092
@@ -1788,6 +1790,7 @@ trytenbyte:
c00092
                     else
c00092
                         printf("|");
c00092
                 }
c00092
+                /* fall through */
c00092
             case 3:     /* lba (64 bit) */
c00092
                 while (len > 0) {
c00092
                     printf("%15" PRId64 , getnbyte_ll(df, 8));
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 7e90f135eeb3900735847df32ed878d8207c59dc Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:24:01 +0800
c00092
Subject: [PATCH 09/30] sg_get_lba_status: Fix incorrect use of
c00092
 sg_ll_get_lba_status32.
c00092
c00092
Fix the incorrect argument order of `sg_get_lba_status()`.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_get_lba_status.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_get_lba_status.c b/src/sg_get_lba_status.c
c00092
index 91c7a96..61a823b 100644
c00092
--- a/src/sg_get_lba_status.c
c00092
+++ b/src/sg_get_lba_status.c
c00092
@@ -340,7 +340,7 @@ main(int argc, char * argv[])
c00092
         res = sg_ll_get_lba_status16(sg_fd, lba, rt, glbasBuffp, maxlen, true,
c00092
                                      verbose);
c00092
     else if (do_32)     /* keep analyser happy since do_32 must be true */
c00092
-        res = sg_ll_get_lba_status32(sg_fd, lba, element_id, scan_len, rt,
c00092
+        res = sg_ll_get_lba_status32(sg_fd, lba, scan_len, element_id, rt,
c00092
                                      glbasBuffp, maxlen, true, verbose);
c00092
 
c00092
     ret = res;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From c86a7be69c8601722ba39ef6eacc6aaa993b3d5a Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:35:35 +0800
c00092
Subject: [PATCH 10/30] rescan-scsi-bus.sh: Fix shellcheck warning of SC2155.
c00092
c00092
Declare and assign separately to avoid masking return values:
c00092
    https://github.com/koalaman/shellcheck/wiki/SC2155
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 scripts/rescan-scsi-bus.sh | 24 ++++++++++++++++--------
c00092
 1 file changed, 16 insertions(+), 8 deletions(-)
c00092
c00092
diff --git a/scripts/rescan-scsi-bus.sh b/scripts/rescan-scsi-bus.sh
c00092
index 6989208..75e169a 100755
c00092
--- a/scripts/rescan-scsi-bus.sh
c00092
+++ b/scripts/rescan-scsi-bus.sh
c00092
@@ -314,8 +314,10 @@ testonline ()
c00092
       fi
c00092
   else
c00092
       # Ignore disk revision change
c00092
-      local old_str_no_rev=`echo "$TMPSTR" | sed -e 's/.\{4\}$//'`
c00092
-      local new_str_no_rev=`echo "$STR" | sed -e 's/.\{4\}$//'`
c00092
+      local old_str_no_rev
c00092
+      old_str_no_rev=`echo "$TMPSTR" | sed -e 's/.\{4\}$//'`
c00092
+      local new_str_no_rev
c00092
+      new_str_no_rev=`echo "$STR" | sed -e 's/.\{4\}$//'`
c00092
       if [ "$old_str_no_rev" != "$new_str_no_rev" ]; then
c00092
         echo -e "\e[A\e[A\e[A\e[A${red}$SGDEV changed: ${bold}\nfrom:${SCSISTR#* } \nto: $STR ${norm} \n\n\n"
c00092
         return 1
c00092
@@ -696,7 +698,8 @@ searchexisting()
c00092
   local tmpch;
c00092
   local tmpid
c00092
   local match=0
c00092
-  local targets=`ls -d /sys/class/scsi_device/$host:* 2> /dev/null | egrep -o $host:[0-9]+:[0-9]+ | sort | uniq`
c00092
+  local targets
c00092
+  targets=`ls -d /sys/class/scsi_device/$host:* 2> /dev/null | egrep -o $host:[0-9]+:[0-9]+ | sort | uniq`
c00092
 
c00092
   # Nothing came back on this host, so we should skip it
c00092
   test -z "$targets" && return
c00092
@@ -742,13 +745,15 @@ searchexisting()
c00092
 findremapped()
c00092
 {
c00092
   local hctl=;
c00092
-  local devs=`ls /sys/class/scsi_device/`
c00092
+  local devs
c00092
+  devs=`ls /sys/class/scsi_device/`
c00092
   local sddev=
c00092
   local id_serial=
c00092
   local id_serial_old=
c00092
   local remapped=
c00092
   mpaths=""
c00092
-  local tmpfile=$(mktemp /tmp/rescan-scsi-bus.XXXXXXXX 2> /dev/null)
c00092
+  local tmpfile
c00092
+  tmpfile=$(mktemp /tmp/rescan-scsi-bus.XXXXXXXX 2> /dev/null)
c00092
 
c00092
   if [ -z "$tmpfile" ] ; then
c00092
     tmpfile="/tmp/rescan-scsi-bus.$$"
c00092
@@ -835,7 +840,8 @@ incrchgd()
c00092
   fi
c00092
 
c00092
   if test -n "$mp_enable" ; then
c00092
-    local sdev="`findsddev \"$hctl\"`"
c00092
+    local sdev
c00092
+    sdev="`findsddev \"$hctl\"`"
c00092
     if test -n "$sdev" ; then
c00092
       findmultipath "$sdev"
c00092
     fi
c00092
@@ -853,7 +859,8 @@ incrrmvd()
c00092
   fi
c00092
 
c00092
   if test -n "$mp_enable" ; then
c00092
-    local sdev="`findsddev \"$hctl\"`"
c00092
+    local sdev
c00092
+    sdev="`findsddev \"$hctl\"`"
c00092
     if test -n "$sdev" ; then
c00092
       findmultipath "$sdev"
c00092
     fi
c00092
@@ -902,7 +909,8 @@ findmultipath()
c00092
     return 1
c00092
   fi
c00092
 
c00092
-  local maj_min=`cat /sys/block/$dev/dev`
c00092
+  local maj_min
c00092
+  maj_min=`cat /sys/block/$dev/dev`
c00092
   for mp in $($DMSETUP ls --target=multipath | cut -f 1) ; do
c00092
     [ "$mp" = "No" ] && break;
c00092
     if $DMSETUP status $mp | grep -q " $maj_min "; then
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 0185fcb6527b331082eb10ef733a2a2f746578d8 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:36:44 +0800
c00092
Subject: [PATCH 11/30] rescan-scsi-bus.sh: Fix incorrect use of `break`.
c00092
c00092
Should use `return` instead in `if` code block.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 scripts/rescan-scsi-bus.sh | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/scripts/rescan-scsi-bus.sh b/scripts/rescan-scsi-bus.sh
c00092
index 75e169a..37f121d 100755
c00092
--- a/scripts/rescan-scsi-bus.sh
c00092
+++ b/scripts/rescan-scsi-bus.sh
c00092
@@ -548,7 +548,7 @@ dolunscan()
c00092
       printf "\r\e[A";
c00092
       # Optimization: if lun==0, stop here (only if in non-remove mode)
c00092
       if test $lun = 0 -a -z "$remove" -a $optscan = 1; then 
c00092
-        break;
c00092
+        return;
c00092
       fi
c00092
     else 
c00092
       if test "$remappedlun0" != "2" ; then
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 533e455337251971a94b5d9bce2183fb55383db6 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:39:13 +0800
c00092
Subject: [PATCH 12/30] rescan-scsi-bus.sh: Use dummy for throwaway variable.
c00092
c00092
* The `offset` is unused and should be replaced by dummy `_`.
c00092
    https://github.com/koalaman/shellcheck/wiki/SC2034
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 scripts/rescan-scsi-bus.sh | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/scripts/rescan-scsi-bus.sh b/scripts/rescan-scsi-bus.sh
c00092
index 37f121d..ed3cf49 100755
c00092
--- a/scripts/rescan-scsi-bus.sh
c00092
+++ b/scripts/rescan-scsi-bus.sh
c00092
@@ -235,7 +235,7 @@ is_removable ()
c00092
   p=/sys/class/scsi_device/${host}:${channel}:${id}:${lun}/device/inquiry
c00092
   # Extract the second byte of the INQUIRY response and check bit 7 (mask 0x80).
c00092
   b=$(od -tx1 -j1 -N1 "$p" 2>/dev/null |
c00092
-           { read -r offset byte rest; echo -n "$byte"; })
c00092
+           { read -r _ byte rest; echo -n "$byte"; })
c00092
   if [ -n "$b" ]; then
c00092
     echo $(((0x$b & 0x80) != 0))
c00092
   else
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 751afef7a7a5049a6d1a6171efb65e9e2f515911 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:55:08 +0800
c00092
Subject: [PATCH 13/30] sg_write_x: parameter string might overflow a char
c00092
 array.
c00092
c00092
 * The `lcp` might overflow the char array `c`. Use `snprintf` instead.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_write_x.c | 6 ++++--
c00092
 1 file changed, 4 insertions(+), 2 deletions(-)
c00092
c00092
diff --git a/src/sg_write_x.c b/src/sg_write_x.c
c00092
index 3b8f091..89b5616 100644
c00092
--- a/src/sg_write_x.c
c00092
+++ b/src/sg_write_x.c
c00092
@@ -671,8 +671,10 @@ parse_scat_pi_line(const char * lcp, uint8_t * up, uint32_t * sum_num)
c00092
     if (cp) {   /* copy from first non whitespace ... */
c00092
         memcpy(c, lcp, cp - lcp);  /* ... to just prior to first '#' */
c00092
         c[cp - lcp] = '\0';
c00092
-    } else
c00092
-        strcpy(c, lcp);         /* ... to end of line, including null */
c00092
+    } else {
c00092
+        /* ... to end of line, including null */
c00092
+        snprintf(c, sizeof(c)/sizeof(char), "%s", lcp);
c00092
+    }
c00092
     ll = sg_get_llnum(bp);
c00092
     ok = ((-1 != ll) || all_ascii_f_s(bp, 16));
c00092
     if (! ok) {
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From cd7fdbdeffabd41fe9e9c65e1158cbdb6f906f20 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 22:56:48 +0800
c00092
Subject: [PATCH 14/30] sg_vpd_vendor: Fix potential string overflow.
c00092
c00092
Currently, none of `vendor_vpd_pg` name string is longer than 64,
c00092
to ease the coverity scan, change strcpy to snprintf.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_vpd_vendor.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_vpd_vendor.c b/src/sg_vpd_vendor.c
c00092
index 3c75177..9a73748 100644
c00092
--- a/src/sg_vpd_vendor.c
c00092
+++ b/src/sg_vpd_vendor.c
c00092
@@ -1420,7 +1420,7 @@ svpd_decode_vendor(int sg_fd, struct opts_t * op, int off)
c00092
     if (0 == res) {
c00092
         vnp = svpd_get_v_detail(op->vpd_pn, op->vend_prod_num, 0xf & rp[0]);
c00092
         if (vnp && vnp->name)
c00092
-            strcpy(name, vnp->name);
c00092
+            snprintf(name, sizeof(name)/sizeof(char), "%s", vnp->name);
c00092
         else
c00092
             snprintf(name, sizeof(name) - 1, "Vendor VPD page=0x%x",
c00092
                      op->vpd_pn);
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 7ddd2de9d7c7ebcfcb3c33da9993cb60a91b0525 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 23:38:05 +0800
c00092
Subject: [PATCH 15/30] sg_write_x: Remove dead code.
c00092
c00092
* The `k` is always smaller than 3, `default:` will never be reached.
c00092
* The `ok` is already checked for non-zero.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_write_x.c | 10 +---------
c00092
 1 file changed, 1 insertion(+), 9 deletions(-)
c00092
c00092
diff --git a/src/sg_write_x.c b/src/sg_write_x.c
c00092
index 89b5616..d6949ed 100644
c00092
--- a/src/sg_write_x.c
c00092
+++ b/src/sg_write_x.c
c00092
@@ -750,10 +750,6 @@ parse_scat_pi_line(const char * lcp, uint8_t * up, uint32_t * sum_num)
c00092
             } else if (up)
c00092
                 sg_put_unaligned_be16((uint16_t)ll, up + 18);
c00092
             break;
c00092
-        default:
c00092
-            pr2serr("%s: k=%d should not be >= 3\n", __func__, k);
c00092
-            ok = false;
c00092
-            break;
c00092
         }
c00092
         if (! ok)
c00092
             break;
c00092
@@ -774,13 +770,9 @@ parse_scat_pi_line(const char * lcp, uint8_t * up, uint32_t * sum_num)
c00092
             if (up)
c00092
                 sg_put_unaligned_be16((uint16_t)DEF_TM, up + 18);
c00092
             break;
c00092
-        default:
c00092
-            pr2serr("%s: k=%d should not be >= 3\n", __func__, k);
c00092
-            ok = false;
c00092
-            break;
c00092
         }
c00092
     }
c00092
-    return ok ? 0 : SG_LIB_SYNTAX_ERROR;
c00092
+    return 0;
c00092
 }
c00092
 
c00092
 /* Read pairs or quintets from a scat_file and places them in a T10 scatter
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 2ff6254d584b2c673b9d6289da2f6af6e293a3d3 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 23:36:58 +0800
c00092
Subject: [PATCH 16/30] sg_vpd: Remove dead code.
c00092
c00092
 * The `n` is between 0 and 7, the `default` statement is never reached.
c00092
c00092
 * The `do_hex` will never been bigger than 2 at that line.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_vpd.c | 7 -------
c00092
 1 file changed, 7 deletions(-)
c00092
c00092
diff --git a/src/sg_vpd.c b/src/sg_vpd.c
c00092
index a15ed74..081232d 100644
c00092
--- a/src/sg_vpd.c
c00092
+++ b/src/sg_vpd.c
c00092
@@ -1233,9 +1233,6 @@ decode_x_inq_vpd(uint8_t * b, int len, int do_hex, bool do_long,
c00092
             case 7:
c00092
                 printf(" [protection types 1, 2 and 3 supported]\n");
c00092
                 break;
c00092
-            default:
c00092
-                printf("\n");
c00092
-                break;
c00092
             }
c00092
         } else
c00092
             printf("\n");
c00092
@@ -1991,8 +1988,6 @@ decode_proto_lu_vpd(uint8_t * buff, int len, int do_hex)
c00092
             continue;
c00092
         if (2 == do_hex)
c00092
             hex2stdout(bp + 8, desc_len, 1);
c00092
-        else if (do_hex > 2)
c00092
-            hex2stdout(bp, bump, 1);
c00092
         else {
c00092
             switch (proto) {
c00092
             case TPROTO_SAS:
c00092
@@ -2042,8 +2037,6 @@ decode_proto_port_vpd(uint8_t * buff, int len, int do_hex)
c00092
             continue;
c00092
         if (2 == do_hex)
c00092
             hex2stdout(bp + 8, desc_len, 1);
c00092
-        else if (do_hex > 2)
c00092
-            hex2stdout(bp, bump, 1);
c00092
         else {
c00092
             switch (proto) {
c00092
             case TPROTO_SAS:    /* page added in spl3r02 */
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 013eb336d61d56eb7dc3c67b6551096a8175527a Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 23:41:46 +0800
c00092
Subject: [PATCH 17/30] sg_test_rwbuf: Fix incorrect initial value of
c00092
 `version_given`.
c00092
c00092
* With current code, no real code could be execute as
c00092
  `version_give` is always true(if not in debug mode).
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_test_rwbuf.c | 4 ++--
c00092
 1 file changed, 2 insertions(+), 2 deletions(-)
c00092
c00092
diff --git a/src/sg_test_rwbuf.c b/src/sg_test_rwbuf.c
c00092
index f187ba0..52b7e81 100644
c00092
--- a/src/sg_test_rwbuf.c
c00092
+++ b/src/sg_test_rwbuf.c
c00092
@@ -386,8 +386,8 @@ void usage ()
c00092
 
c00092
 int main (int argc, char * argv[])
c00092
 {
c00092
-        bool verbose_given = true;
c00092
-        bool version_given = true;
c00092
+        bool verbose_given = false;
c00092
+        bool version_given = false;
c00092
         int sg_fd, res;
c00092
         const char * device_name = NULL;
c00092
         int times = 1;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From bf1ee2b1ecc966f50b19bec4126a58b3c4c53111 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Wed, 26 Sep 2018 23:53:52 +0800
c00092
Subject: [PATCH 18/30] sg_ses: Remove dead code.
c00092
c00092
* The `n` is always '>= 1' after the for loop.
c00092
* All the possible value between 0x20 to 0x2f is covered by preview
c00092
  switch statements.
c00092
* The cp is pointing to a stack memory, is always not NULL.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_ses.c | 11 +----------
c00092
 1 file changed, 1 insertion(+), 10 deletions(-)
c00092
c00092
diff --git a/src/sg_ses.c b/src/sg_ses.c
c00092
index 29b66b3..9c4b0c0 100644
c00092
--- a/src/sg_ses.c
c00092
+++ b/src/sg_ses.c
c00092
@@ -1405,9 +1405,6 @@ parse_cmd_line(struct opts_t *op, int argc, char *argv[])
c00092
             else if (1 == n) {
c00092
                 op->page_code_given = true;
c00092
                 op->page_code = pc;
c00092
-            } else {
c00092
-                pr2serr("No dpage found --data= argument\n");
c00092
-                goto err_help;
c00092
             }
c00092
             if (op->verbose > 3) {
c00092
                 int k;
c00092
@@ -2431,9 +2428,6 @@ find_sas_connector_type(int conn_type, bool abridged, char * buff,
c00092
         else if (conn_type < 0x20)
c00092
             snprintf(buff, buff_len, "unknown internal wide connector type: "
c00092
                      "0x%x", conn_type);
c00092
-        else if (conn_type < 0x30)
c00092
-            snprintf(buff, buff_len, "unknown internal connector to end "
c00092
-                     "device, type: 0x%x", conn_type);
c00092
         else if (conn_type < 0x3f)
c00092
             snprintf(buff, buff_len, "reserved for internal connector, "
c00092
                      "type: 0x%x", conn_type);
c00092
@@ -2637,8 +2631,6 @@ enc_status_helper(const char * pad, const uint8_t * statp, int etype,
c00092
             printf("%slast 3 bytes (hex): %02x %02x %02x\n", pad, statp[1],
c00092
                    statp[2], statp[3]);
c00092
             break;
c00092
-        default:
c00092
-            break;
c00092
         }
c00092
         break;
c00092
     case UI_POWER_SUPPLY_ETC:   /* Uninterruptible power supply */
c00092
@@ -4260,8 +4252,7 @@ process_status_dpage(struct sg_pt_base * ptvp, int page_code, uint8_t * resp,
c00092
         subenc_nickname_sdg(resp, resp_len);
c00092
         break;
c00092
     default:
c00092
-        printf("Cannot decode response from diagnostic "
c00092
-               "page: %s\n", (cp ? cp : "<unknown>"));
c00092
+        printf("Cannot decode response from diagnostic page: %s\n", cp);
c00092
         hex2stdout(resp, resp_len, 0);
c00092
     }
c00092
 
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From d1a53f72716e0013c6ff4e76c4ccae575e32e35d Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:07:56 +0800
c00092
Subject: [PATCH 19/30] sg_sanitize: Remove dead code.
c00092
c00092
 * The `has_di` will always be 0 at that line.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_sanitize.c | 5 -----
c00092
 1 file changed, 5 deletions(-)
c00092
c00092
diff --git a/src/sg_sanitize.c b/src/sg_sanitize.c
c00092
index b45462f..b810128 100644
c00092
--- a/src/sg_sanitize.c
c00092
+++ b/src/sg_sanitize.c
c00092
@@ -388,11 +388,6 @@ print_dev_id(int fd, uint8_t * sinq_resp, int max_rlen, int verbose)
c00092
         n = (SAFE_STD_INQ_RESP_LEN - 4);
c00092
     for (k = 0, has_sn = 0, has_di = 0; k < n; ++k) {
c00092
         if (VPD_UNIT_SERIAL_NUM == b[4 + k]) {
c00092
-            if (has_di) {
c00092
-                if (verbose)
c00092
-                    pr2serr("VPD_SUPPORTED_VPDS dis-ordered\n");
c00092
-                return 0;
c00092
-            }
c00092
             ++has_sn;
c00092
         } else if (VPD_DEVICE_ID == b[4 + k]) {
c00092
             ++has_di;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 880d18e2e0296a91a65f7f94dcd8ad5e2497cfa6 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:09:08 +0800
c00092
Subject: [PATCH 20/30] sg_rbuf: Remove dead code.
c00092
c00092
The `res` is always >=0 at that line.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_rbuf.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_rbuf.c b/src/sg_rbuf.c
c00092
index 61604d3..6b74436 100644
c00092
--- a/src/sg_rbuf.c
c00092
+++ b/src/sg_rbuf.c
c00092
@@ -681,5 +681,5 @@ main(int argc, char * argv[])
c00092
     else
c00092
         printf("read buffer non-zero\n");
c00092
 #endif
c00092
-    return (res >= 0) ? res : SG_LIB_CAT_OTHER;
c00092
+    return res;
c00092
 }
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From d58bc5904989a381b9ab541409b83578a56b75da Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:17:07 +0800
c00092
Subject: [PATCH 21/30] sg_luns: Remove dead code.
c00092
c00092
The `a_method` is always between 0 and 3.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_luns.c | 3 ---
c00092
 1 file changed, 3 deletions(-)
c00092
c00092
diff --git a/src/sg_luns.c b/src/sg_luns.c
c00092
index 904b2ce..9115070 100644
c00092
--- a/src/sg_luns.c
c00092
+++ b/src/sg_luns.c
c00092
@@ -306,9 +306,6 @@ decode_lun(const char * leadin, const uint8_t * lunp, bool lu_cong,
c00092
                 }
c00092
             }
c00092
             break;
c00092
-        default:
c00092
-            printf("%s<<%s: faulty logic>>\n", l_leadin, __func__);
c00092
-            break;
c00092
         }
c00092
         if (next_level)
c00092
             continue;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 601fe8621fa0fb1d2674d67181dd368936354cb4 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:18:57 +0800
c00092
Subject: [PATCH 22/30] sg_logs: Fix typo in variable name.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_logs.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_logs.c b/src/sg_logs.c
c00092
index e4f265e..7001ee4 100644
c00092
--- a/src/sg_logs.c
c00092
+++ b/src/sg_logs.c
c00092
@@ -7109,7 +7109,7 @@ main(int argc, char * argv[])
c00092
         if (k) {
c00092
             if (SG_LIB_CAT_NOT_READY == k)
c00092
                 pr2serr("log_select: device not ready\n");
c00092
-            else if (SG_LIB_CAT_ILLEGAL_REQ == res)
c00092
+            else if (SG_LIB_CAT_ILLEGAL_REQ == k)
c00092
                 pr2serr("log_select: field in cdb illegal\n");
c00092
             else if (SG_LIB_CAT_INVALID_OP == k)
c00092
                 pr2serr("log_select: not supported\n");
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From e921a23e89f91b50929e9f4dc2f5902021f689d9 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:19:40 +0800
c00092
Subject: [PATCH 23/30] sg_inq: Remove dead code.
c00092
c00092
The `support_num` is always between 0 and 7.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_inq.c | 1 -
c00092
 1 file changed, 1 deletion(-)
c00092
c00092
diff --git a/src/sg_inq.c b/src/sg_inq.c
c00092
index b32ab87..1664345 100644
c00092
--- a/src/sg_inq.c
c00092
+++ b/src/sg_inq.c
c00092
@@ -3428,7 +3428,6 @@ cmddt_process(int sg_fd, const struct opts_t * op)
c00092
                         break;
c00092
                 case 6: desc_p = "vendor specific (6)"; break;
c00092
                 case 7: desc_p = "reserved (7)"; break;
c00092
-                default: desc_p = "impossible value > 7"; break;
c00092
                 }
c00092
                 if (prnt_cmd) {
c00092
                     printf("  Support field: %s [", desc_p);
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 27a19f00c6c58e91296e918a34afb2b2bdcac822 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:20:32 +0800
c00092
Subject: [PATCH 24/30] sg_format: Remove dead code.
c00092
c00092
The `has_di` is always 0 in that line.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_format.c | 6 ------
c00092
 1 file changed, 6 deletions(-)
c00092
c00092
diff --git a/src/sg_format.c b/src/sg_format.c
c00092
index af1a033..61ee77f 100644
c00092
--- a/src/sg_format.c
c00092
+++ b/src/sg_format.c
c00092
@@ -700,12 +700,6 @@ print_dev_id(int fd, uint8_t * sinq_resp, int max_rlen,
c00092
                 n = (SAFE_STD_INQ_RESP_LEN - 4);
c00092
         for (k = 0, has_sn = 0, has_di = 0; k < n; ++k) {
c00092
                 if (VPD_UNIT_SERIAL_NUM == b[4 + k]) {
c00092
-                        if (has_di) {
c00092
-                                if (op->verbose)
c00092
-                                        pr2serr("VPD_SUPPORTED_VPDS "
c00092
-                                                "dis-ordered\n");
c00092
-                                goto out;
c00092
-                        }
c00092
                         ++has_sn;
c00092
                 } else if (VPD_DEVICE_ID == b[4 + k]) {
c00092
                         ++has_di;
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 8292e3e96cac1f234f1139161c5e92e29b545da1 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:22:35 +0800
c00092
Subject: [PATCH 25/30] sg_dd: Remove dead code.
c00092
c00092
The `ret` there is always non-zero.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_dd.c | 2 +-
c00092
 1 file changed, 1 insertion(+), 1 deletion(-)
c00092
c00092
diff --git a/src/sg_dd.c b/src/sg_dd.c
c00092
index 8696ee7..aa544c7 100644
c00092
--- a/src/sg_dd.c
c00092
+++ b/src/sg_dd.c
c00092
@@ -976,7 +976,7 @@ err_out:
c00092
         }
c00092
         return may_coe ? 0 : ret;
c00092
     } else
c00092
-        return ret ? ret : -1;
c00092
+        return ret;
c00092
 }
c00092
 
c00092
 
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 50ba84424a1226dfef9a2746fd797cffbc544aad Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:23:49 +0800
c00092
Subject: [PATCH 26/30] sg_pt_linux_nvme: Remove dead code.
c00092
c00092
The `return 0` already stop the `if (dout_len > 0)` check.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 lib/sg_pt_linux_nvme.c | 5 -----
c00092
 1 file changed, 5 deletions(-)
c00092
c00092
diff --git a/lib/sg_pt_linux_nvme.c b/lib/sg_pt_linux_nvme.c
c00092
index 18b1374..98feaef 100644
c00092
--- a/lib/sg_pt_linux_nvme.c
c00092
+++ b/lib/sg_pt_linux_nvme.c
c00092
@@ -899,11 +899,6 @@ sntl_senddiag(struct sg_pt_linux_scsi * ptp, const uint8_t * cdbp,
c00092
             return 0;
c00092
         } else
c00092
             return 0;     /* nothing to do */
c00092
-        if (dout_len > 0) {
c00092
-            if (vb)
c00092
-                pr2ws("%s: dout given but PF clear\n", __func__);
c00092
-            return SCSI_PT_DO_BAD_PARAMS;
c00092
-        }
c00092
     }
c00092
     if (dout_len < 4) {
c00092
         if (vb)
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 570105df861066e0943fc6a7511172acdeb212c0 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Fri, 28 Sep 2018 19:50:11 +0800
c00092
Subject: [PATCH 27/30] sg_lib: Remove dead code.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 lib/sg_lib.c | 8 +-------
c00092
 1 file changed, 1 insertion(+), 7 deletions(-)
c00092
c00092
diff --git a/lib/sg_lib.c b/lib/sg_lib.c
c00092
index c281cce..e7cac29 100644
c00092
--- a/lib/sg_lib.c
c00092
+++ b/lib/sg_lib.c
c00092
@@ -2123,14 +2123,11 @@ sg_get_command_size(uint8_t opcode)
c00092
     switch ((opcode >> 5) & 0x7) {
c00092
     case 0:
c00092
         return 6;
c00092
-    case 1: case 2: case 6: case 7:
c00092
-        return 10;
c00092
     case 3: case 5:
c00092
         return 12;
c00092
-        break;
c00092
     case 4:
c00092
         return 16;
c00092
-    default:
c00092
+    default:        /* 1, 2, 6, 7 */
c00092
         return 10;
c00092
     }
c00092
 }
c00092
@@ -2267,9 +2264,6 @@ sg_get_opcode_name(uint8_t cmd_byte0, int peri_type, int buff_len,
c00092
     case 7:
c00092
         sg_scnpr(buff, buff_len, "Vendor specific [0x%x]", (int)cmd_byte0);
c00092
         break;
c00092
-    default:
c00092
-        sg_scnpr(buff, buff_len, "Opcode=0x%x", (int)cmd_byte0);
c00092
-        break;
c00092
     }
c00092
 }
c00092
 
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 26932a6b4e5a1e844df3edcef86d399391f4b18c Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Thu, 27 Sep 2018 00:33:00 +0800
c00092
Subject: [PATCH 28/30] sg_vpd: Fix protantially overflowing of uint64_t.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 src/sg_vpd.c | 6 +++---
c00092
 1 file changed, 3 insertions(+), 3 deletions(-)
c00092
c00092
diff --git a/src/sg_vpd.c b/src/sg_vpd.c
c00092
index 081232d..2865af4 100644
c00092
--- a/src/sg_vpd.c
c00092
+++ b/src/sg_vpd.c
c00092
@@ -1929,9 +1929,9 @@ decode_3party_copy_vpd(uint8_t * buff, int len, int do_hex, int pdt,
c00092
                 printf("  Maximum identified concurrent copies: %u\n", u);
c00092
                 u = sg_get_unaligned_be32(bp + 12);
c00092
                 printf("  Maximum segment length: %u\n", u);
c00092
-                ull = (1 << bp[16]); /* field is power of 2 */
c00092
+                ull = (1 << bp[16]) & UINT64_MAX; /* field is power of 2 */
c00092
                 printf("  Data segment granularity: %" PRIu64 "\n", ull);
c00092
-                ull = (1 << bp[17]);
c00092
+                ull = (1 << bp[17]) & UINT64_MAX;
c00092
                 printf("  Inline data granularity: %" PRIu64 "\n", ull);
c00092
                 break;
c00092
             case 0x9101:
c00092
@@ -1943,7 +1943,7 @@ decode_3party_copy_vpd(uint8_t * buff, int len, int do_hex, int pdt,
c00092
                 printf(" Held data:\n");
c00092
                 u = sg_get_unaligned_be32(bp + 4);
c00092
                 printf("  Held data limit: %u\n", u);
c00092
-                ull = (1 << bp[8]);
c00092
+                ull = (1 << bp[8]) & UINT64_MAX;
c00092
                 printf("  Held data granularity: %" PRIu64 "\n", ull);
c00092
                 break;
c00092
             default:
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 5b2e117dee27ec7cebecd042b2d505f2b6dcb461 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Fri, 28 Sep 2018 19:45:26 +0800
c00092
Subject: [PATCH 29/30] sg_lib: Removed dead code.
c00092
c00092
 * The value 32 stored in `len` is never used afterwords.
c00092
 * The `bump` initial value is always been overridden.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 lib/sg_lib.c | 4 ----
c00092
 1 file changed, 4 deletions(-)
c00092
c00092
diff --git a/lib/sg_lib.c b/lib/sg_lib.c
c00092
index e7cac29..a691b02 100644
c00092
--- a/lib/sg_lib.c
c00092
+++ b/lib/sg_lib.c
c00092
@@ -545,7 +545,6 @@ sg_decode_transportid_str(const char * lip, uint8_t * bp, int bplen,
c00092
     }
c00092
     if (NULL == lip)
c00092
         lip = "";
c00092
-    bump = TRANSPORT_ID_MIN_LEN; /* should be overwritten in all loop paths */
c00092
     for (k = 0, n = 0; bplen > 0; ++k, bp += bump, bplen -= bump) {
c00092
         if ((k > 0) && only_one)
c00092
             break;
c00092
@@ -1846,9 +1845,6 @@ sg_get_sense_str(const char * lip, const uint8_t * sbp, int sb_len,
c00092
             sg_scnpr(b + r, blen - r, "%s  lba=0x%x\n", lip,
c00092
                      sg_get_unaligned_be24(sbp + 1) & 0x1fffff);
c00092
         n += sg_scnpr(cbp + n, cblen - n, "%s\n", b);
c00092
-        len = sb_len;
c00092
-        if (len > 32)
c00092
-            len = 32;   /* trim in case there is a lot of rubbish */
c00092
     }
c00092
 check_raw:
c00092
     if (raw_sinfo) {
c00092
-- 
c00092
1.8.3.1
c00092
c00092
c00092
From 8ebcd159bbc41f63fa96e904dee9307b2ee7aec2 Mon Sep 17 00:00:00 2001
c00092
From: Gris Ge <fge@redhat.com>
c00092
Date: Fri, 28 Sep 2018 19:59:28 +0800
c00092
Subject: [PATCH 30/30] sg_cmds_basic: Check resp for NULL before doing memset.
c00092
c00092
Signed-off-by: Gris Ge <fge@redhat.com>
c00092
---
c00092
 lib/sg_cmds_basic.c | 7 +++++++
c00092
 1 file changed, 7 insertions(+)
c00092
c00092
diff --git a/lib/sg_cmds_basic.c b/lib/sg_cmds_basic.c
c00092
index e625465..f4021bb 100644
c00092
--- a/lib/sg_cmds_basic.c
c00092
+++ b/lib/sg_cmds_basic.c
c00092
@@ -324,6 +324,13 @@ sg_ll_inquiry_com(struct sg_pt_base * ptvp, bool cmddt, bool evpd, int pg_op,
c00092
     uint8_t sense_b[SENSE_BUFF_LEN];
c00092
     uint8_t * up;
c00092
 
c00092
+    if (resp == NULL) {
c00092
+        if (verbose)
c00092
+            pr2ws("Got NULL `resp` pointer");
c00092
+        return SG_LIB_CAT_MALFORMED;
c00092
+    }
c00092
+
c00092
+
c00092
     if (cmddt)
c00092
         inq_cdb[1] |= 0x2;
c00092
     if (evpd)
c00092
-- 
c00092
1.8.3.1
c00092