lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56ACC622.8000908@kernel.org>
Date:	Sat, 30 Jan 2016 14:18:10 +0000
From:	Jonathan Cameron <jic23@...nel.org>
To:	Arnd Bergmann <arnd@...db.de>,
	Lars-Peter Clausen <lars@...afoo.de>,
	Michael Hennerich <Michael.Hennerich@...log.com>
Cc:	linux-arm-kernel@...ts.infradead.org,
	Hartmut Knaack <knaack.h@....de>,
	Peter Meerwald <pmeerw@...erw.net>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-iio@...r.kernel.org, devel@...verdev.osuosl.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] staging: iio: ad5933: avoid uninitialized variable in
 error case

On 25/01/16 15:50, Arnd Bergmann wrote:
> The ad5933_i2c_read function returns an error code to indicate
> whether it could read data or not. However ad5933_work() ignores
> this return code and just accesses the data unconditionally,
> which gets detected by gcc as a possible bug:
> 
> drivers/staging/iio/impedance-analyzer/ad5933.c: In function 'ad5933_work':
> drivers/staging/iio/impedance-analyzer/ad5933.c:649:16: warning: 'status' may be used uninitialized in this function [-Wmaybe-uninitialized]
> 
> This adds minimal error handling so we only evaluate the
> data if it was correctly read.
> 
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
Hi Arnd,

Thanks for the patch.   The handling in here is a little fiddly
by the look of things. Lars can you take a look at this when
you have a minute?

At a very high level, it doesn't make sense to fix this instance and
not the one in the context of the patch below.
See below...
> ---
>  drivers/staging/iio/impedance-analyzer/ad5933.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/staging/iio/impedance-analyzer/ad5933.c b/drivers/staging/iio/impedance-analyzer/ad5933.c
> index 10c43dda0f5a..304bb464e478 100644
> --- a/drivers/staging/iio/impedance-analyzer/ad5933.c
> +++ b/drivers/staging/iio/impedance-analyzer/ad5933.c
> @@ -647,6 +647,7 @@ static void ad5933_work(struct work_struct *work)
>  	__be16 buf[2];
>  	int val[2];
>  	unsigned char status;
> +	int ret;
>  
>  	mutex_lock(&indio_dev->mlock);
>  	if (st->state == AD5933_CTRL_INIT_START_FREQ) {
> @@ -658,9 +659,9 @@ static void ad5933_work(struct work_struct *work)
>  		return;
>  	}
>  
> -	ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status);
> +	ret = ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status);
>  
> -	if (status & AD5933_STAT_DATA_VALID) {
> +	if (!ret && (status & AD5933_STAT_DATA_VALID)) {
The else is non trivial here as it assumes we will get the data later. If we
get such a failure, we probably want to drop out completely rather than paper
over the gaps..
>  		int scan_count = bitmap_weight(indio_dev->active_scan_mask,
>  					       indio_dev->masklength);
Same issue on the next line - this results in known garbage data being spooled
out.
>  		ad5933_i2c_read(st->client,
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ