lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Sun, 1 Jun 2014 14:10:14 +0200
From:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
To:	Lars-Peter Clausen <lars@...afoo.de>
Cc:	Jonathan Cameron <jic23@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Walleij <linus.walleij@...aro.org>,
	Wolfram Sang <wsa@...-dreams.de>, linux-iio@...r.kernel.org,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] iio: adc: ad_sigma_delta.c: Cleaning up uninitialized variables

Aaa, that is true!  Sorry my mistake :(


Best regards
Rickard Strandqvist


2014-06-01 14:03 GMT+02:00 Lars-Peter Clausen <lars@...afoo.de>:
> On 06/01/2014 01:51 PM, Rickard Strandqvist wrote:
>>
>> Hi
>>
>> Believe it reacted to the code below.
>>
>> If raw_sample = 0 is the correct starting value, I am not sure. But
>> leaving it uninitialized, I think is the worst choice.
>>
>>
>>      if (ret < 0)
>>          goto out;
>>
>>      ret = ad_sd_read_reg(sigma_delta, AD_SD_REG_DATA,
>>          DIV_ROUND_UP(chan->scan_type.realbits + chan->scan_type.shift,
>> 8),
>>          &raw_sample);
>> ....
>> out:
>> ....
>
>
> you skipped the:
>
>     if (ret)
>         return ret;
>
> that is here.
>
>
>>      sample = raw_sample >> chan->scan_type.shift;
>>
>
> The code is a bit confusing and it is understandable that a static checker
> might generate a false positive. The fix though is not to silence the false
> positive as this will hide actual problems if they should come up by future
> modifications of the code.
>
>
>>
>> Best regards
>> Rickard Strandqvist
>>
>>
>> 2014-06-01 11:15 GMT+02:00 Lars-Peter Clausen <lars@...afoo.de>:
>>>
>>> On 06/01/2014 01:11 AM, Rickard Strandqvist wrote:
>>>>
>>>>
>>>> There is a risk that the variable will be used without being
>>>> initialized.
>>>>
>>>> This was largely found by using a static code analysis program called
>>>> cppcheck.
>>>
>>>
>>>
>>> This looks like a false positive. And if it was not a false positive the
>>> correct fix certainly is not to initialize the variable to some random
>>> value
>>> to silence the warning.
>>>
>>> - Lars
>>>
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ