lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 01 Jun 2014 14:03:10 +0200
From:	Lars-Peter Clausen <lars@...afoo.de>
To:	Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
CC:	Jonathan Cameron <jic23@...nel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Walleij <linus.walleij@...aro.org>,
	Wolfram Sang <wsa@...-dreams.de>, linux-iio@...r.kernel.org,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] iio: adc: ad_sigma_delta.c: Cleaning up uninitialized
 variables

On 06/01/2014 01:51 PM, Rickard Strandqvist wrote:
> Hi
>
> Believe it reacted to the code below.
>
> If raw_sample = 0 is the correct starting value, I am not sure. But
> leaving it uninitialized, I think is the worst choice.
>
>
>      if (ret < 0)
>          goto out;
>
>      ret = ad_sd_read_reg(sigma_delta, AD_SD_REG_DATA,
>          DIV_ROUND_UP(chan->scan_type.realbits + chan->scan_type.shift, 8),
>          &raw_sample);
> ....
> out:
> ....

you skipped the:

     if (ret)
         return ret;

that is here.

>      sample = raw_sample >> chan->scan_type.shift;
>

The code is a bit confusing and it is understandable that a static checker 
might generate a false positive. The fix though is not to silence the false 
positive as this will hide actual problems if they should come up by future 
modifications of the code.

>
> Best regards
> Rickard Strandqvist
>
>
> 2014-06-01 11:15 GMT+02:00 Lars-Peter Clausen <lars@...afoo.de>:
>> On 06/01/2014 01:11 AM, Rickard Strandqvist wrote:
>>>
>>> There is a risk that the variable will be used without being initialized.
>>>
>>> This was largely found by using a static code analysis program called
>>> cppcheck.
>>
>>
>> This looks like a false positive. And if it was not a false positive the
>> correct fix certainly is not to initialize the variable to some random value
>> to silence the warning.
>>
>> - Lars
>>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ