| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Jan 2016 14:18:10 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: Arnd Bergmann <arnd@...db.de>,
Lars-Peter Clausen <lars@...afoo.de>,
Michael Hennerich <Michael.Hennerich@...log.com>
Cc: linux-arm-kernel@...ts.infradead.org,
Hartmut Knaack <knaack.h@....de>,
Peter Meerwald <pmeerw@...erw.net>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-iio@...r.kernel.org, devel@...verdev.osuosl.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: iio: ad5933: avoid uninitialized variable in
error case
On 25/01/16 15:50, Arnd Bergmann wrote:
> The ad5933_i2c_read function returns an error code to indicate
> whether it could read data or not. However ad5933_work() ignores
> this return code and just accesses the data unconditionally,
> which gets detected by gcc as a possible bug:
>
> drivers/staging/iio/impedance-analyzer/ad5933.c: In function 'ad5933_work':
> drivers/staging/iio/impedance-analyzer/ad5933.c:649:16: warning: 'status' may be used uninitialized in this function [-Wmaybe-uninitialized]
>
> This adds minimal error handling so we only evaluate the
> data if it was correctly read.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
Hi Arnd,
Thanks for the patch. The handling in here is a little fiddly
by the look of things. Lars can you take a look at this when
you have a minute?
At a very high level, it doesn't make sense to fix this instance and
not the one in the context of the patch below.
See below...
> ---
> drivers/staging/iio/impedance-analyzer/ad5933.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/iio/impedance-analyzer/ad5933.c b/drivers/staging/iio/impedance-analyzer/ad5933.c
> index 10c43dda0f5a..304bb464e478 100644
> --- a/drivers/staging/iio/impedance-analyzer/ad5933.c
> +++ b/drivers/staging/iio/impedance-analyzer/ad5933.c
> @@ -647,6 +647,7 @@ static void ad5933_work(struct work_struct *work)
> __be16 buf[2];
> int val[2];
> unsigned char status;
> + int ret;
>
> mutex_lock(&indio_dev->mlock);
> if (st->state == AD5933_CTRL_INIT_START_FREQ) {
> @@ -658,9 +659,9 @@ static void ad5933_work(struct work_struct *work)
> return;
> }
>
> - ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status);
> + ret = ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status);
>
> - if (status & AD5933_STAT_DATA_VALID) {
> + if (!ret && (status & AD5933_STAT_DATA_VALID)) {
The else is non trivial here as it assumes we will get the data later. If we
get such a failure, we probably want to drop out completely rather than paper
over the gaps..
> int scan_count = bitmap_weight(indio_dev->active_scan_mask,
> indio_dev->masklength);
Same issue on the next line - this results in known garbage data being spooled
out.
> ad5933_i2c_read(st->client,
>
Powered by blists - more mailing lists