lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <56B6F95A.7040003@canonical.com>
Date:	Sun, 7 Feb 2016 07:59:22 +0000
From:	Colin Ian King <colin.king@...onical.com>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:	James Hogan <james.hogan@...tec.com>, Jiri Slaby <jslaby@...e.com>,
	linux-metag@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tty/metag_da: initialize number_written to zero

On 07/02/16 07:41, Greg Kroah-Hartman wrote:
> On Thu, Jan 28, 2016 at 06:48:17PM +0000, Colin Ian King wrote:
>> On 27/01/16 11:42, James Hogan wrote:
>>> Hi Colin,
>>>
>>> On Tue, Jan 26, 2016 at 11:37:25PM +0000, Colin King wrote:
>>>> From: Colin Ian King <colin.king@...onical.com>
>>>>
>>>> number_written is not initialized, so it can be any value. In the
>>>> case where dport->xmit_cnt is zero, number_written is not set
>>>> and subsequent accesses to it will be reading a garbage value.
>>>
>>> the only subsequent accesses when dport->xmit_cnt == 0 are:
>>>
>>> 	/* if we've made more data available, wake up tty */
>>> 	if (count && number_written) {
>>>
>>> and:
>>>
>>> 	/* did the write fail? */
>>> 	return count && !number_written;
>>>
>>> but dport->xmit_cnt == 0 implies count == 0, so number_written shouldn
>> 't
>>> be used, and both will evaluate to false regardless of the uninitialis
>> ed
>>> value, so it looks fine as it is to me.
>>>
>>> Is this tripping up some static analysis tool or something?
>>
>> It was found using cppcheck, namely:
>>
>> [drivers/tty/metag_da.c:269]: (error) Uninitialized variable: number_wri
>> tten
> 
> Please fix the broken tool, don't paper over it by doing unnecessary
> work in the kernel.
> 
> thanks,
> 
> greg k-h
> 
Sorry Greg, this was my first thinko out of 80 or so fixes I've found
with static analysis. I'll try harder next time not to make a mistake.

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ