lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMuHMdVKbyE0rGUgZw9htqNG1uNx_hBR_G+5BEFEwu8QTa9sfg@mail.gmail.com>
Date:	Fri, 18 Mar 2016 13:41:19 +0100
From:	Geert Uytterhoeven <geert@...ux-m68k.org>
To:	Christian Gromm <christian.gromm@...rochip.com>,
	Greg KH <gregkh@...uxfoundation.org>
Cc:	driverdevel <devel@...verdev.osuosl.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: staging: most: warning: ‘mbo’ may be used uninitialized in this function

On Fri, Mar 18, 2016 at 6:42 AM, Linux Kernel Mailing List
<linux-kernel@...r.kernel.org> wrote:
> Web:        https://git.kernel.org/torvalds/c/f45b0fba43f415f69982df743dfa9b5d1b57785e
> Commit:     f45b0fba43f415f69982df743dfa9b5d1b57785e
> Parent:     b3c9f3c56c41cbebe7804b48ba8e6e484509c2c0
> Refname:    refs/heads/master
> Author:     Christian Gromm <christian.gromm@...rochip.com>
> AuthorDate: Tue Dec 22 10:53:06 2015 +0100
> Committer:  Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> CommitDate: Sun Feb 7 17:34:58 2016 -0800
>
>     staging: most: remove stacked_mbo
>
>     This patch makes use of kfifo_peek and kfifo_skip, which renders the
>     variable stacked_mbo useless. It is therefore removed.
>
>     Signed-off-by: Christian Gromm <christian.gromm@...rochip.com>
>     Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> ---
>  drivers/staging/most/aim-cdev/cdev.c | 16 +++-------------
>  1 file changed, 3 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/staging/most/aim-cdev/cdev.c b/drivers/staging/most/aim-cdev/cdev.c
> index d9c3f56..0ee2f08 100644
> --- a/drivers/staging/most/aim-cdev/cdev.c
> +++ b/drivers/staging/most/aim-cdev/cdev.c

> @@ -249,11 +246,7 @@ aim_read(struct file *filp, char __user *buf, size_t count, loff_t *offset)
>         struct aim_channel *c = filp->private_data;
>
>         mutex_lock(&c->io_mutex);
> -       if (c->stacked_mbo) {
> -               mbo = c->stacked_mbo;
> -               goto start_copy;
> -       }
> -       while ((!kfifo_out(&c->fifo, &mbo, 1)) && (c->dev)) {
> +       while (c->dev && !kfifo_peek(&c->fifo, &mbo)) {

drivers/staging/most/aim-cdev/cdev.c:241: warning: ‘mbo’ may be used
uninitialized in this function

>From looking at the code, it's not obvious to me if this is a false
positive or not.
Can it happen that mbo is not initialized fully, e.g. if less than sizeof(mbo)
bytes have been read from the kfifo?

Other callers initialize the pointer to NULL, and check the returned length.

>                 mutex_unlock(&c->io_mutex);
>                 if (filp->f_flags & O_NONBLOCK)
>                         return -EAGAIN;

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ