From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:59164)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1ROFOi-00039U-RT
	for qemu-devel@nongnu.org; Wed, 09 Nov 2011 16:09:29 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1ROFOh-0007pZ-Ee
	for qemu-devel@nongnu.org; Wed, 09 Nov 2011 16:09:28 -0500
Received: from mnementh.archaic.org.uk ([81.2.115.146]:35086)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pm215@archaic.org.uk>) id 1ROFOh-0007pN-7w
	for qemu-devel@nongnu.org; Wed, 09 Nov 2011 16:09:27 -0500
From: Peter Maydell <peter.maydell@linaro.org>
Date: Wed,  9 Nov 2011 21:09:23 +0000
Message-Id: <1320872963-10402-1-git-send-email-peter.maydell@linaro.org>
Subject: [Qemu-devel] [PATCH] hw/usb-net.c: Fix precedence bug when checking
	rndis_state
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>, patches@linaro.org

"!X == 2" is always false (spotted by Coverity), so the checks
for whether rndis is in the correct state would never fire.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
NB that although I tested that this doesn't break non-rndis
usb-net, I don't have a test image that uses rndis usb-net,
so treat this patch with the appropriate degree of caution.
(Probably safer not putting it into 1.0 unless tested.)

 hw/usb-net.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/hw/usb-net.c b/hw/usb-net.c
index a8b7c8d..f91fa32 100644
--- a/hw/usb-net.c
+++ b/hw/usb-net.c
@@ -1268,8 +1268,9 @@ static ssize_t usbnet_receive(VLANClientState *nc, const uint8_t *buf, size_t si
 
     if (is_rndis(s)) {
         msg = (struct rndis_packet_msg_type *) s->in_buf;
-        if (!s->rndis_state == RNDIS_DATA_INITIALIZED)
+        if (s->rndis_state != RNDIS_DATA_INITIALIZED) {
             return -1;
+        }
         if (size + sizeof(struct rndis_packet_msg_type) > sizeof(s->in_buf))
             return -1;
 
@@ -1302,7 +1303,7 @@ static int usbnet_can_receive(VLANClientState *nc)
 {
     USBNetState *s = DO_UPCAST(NICState, nc, nc)->opaque;
 
-    if (is_rndis(s) && !s->rndis_state == RNDIS_DATA_INITIALIZED) {
+    if (is_rndis(s) && s->rndis_state != RNDIS_DATA_INITIALIZED) {
         return 1;
     }
 
-- 
1.7.1