lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Feb 2017 22:41:34 +0000 From: Ben Hutchings <ben@...adent.org.uk> To: linux-kernel@...r.kernel.org, stable@...r.kernel.org CC: akpm@...ux-foundation.org, "Jonathan Cameron" <jic23@...nel.org>, "Lars-Peter Clausen" <lars@...afoo.de>, "Arnd Bergmann" <arnd@...db.de> Subject: [PATCH 3.2 055/126] staging: iio: ad5933: avoid uninitialized variable in error case 3.2.85-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Arnd Bergmann <arnd@...db.de> commit 34eee70a7b82b09dbda4cb453e0e21d460dae226 upstream. The ad5933_i2c_read function returns an error code to indicate whether it could read data or not. However ad5933_work() ignores this return code and just accesses the data unconditionally, which gets detected by gcc as a possible bug: drivers/staging/iio/impedance-analyzer/ad5933.c: In function 'ad5933_work': drivers/staging/iio/impedance-analyzer/ad5933.c:649:16: warning: 'status' may be used uninitialized in this function [-Wmaybe-uninitialized] This adds minimal error handling so we only evaluate the data if it was correctly read. Link: https://patchwork.kernel.org/patch/8110281/ Signed-off-by: Arnd Bergmann <arnd@...db.de> Acked-by: Lars-Peter Clausen <lars@...afoo.de> Signed-off-by: Jonathan Cameron <jic23@...nel.org> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <ben@...adent.org.uk> --- drivers/staging/iio/impedance-analyzer/ad5933.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) --- a/drivers/staging/iio/impedance-analyzer/ad5933.c +++ b/drivers/staging/iio/impedance-analyzer/ad5933.c @@ -626,6 +626,7 @@ static void ad5933_work(struct work_stru struct iio_buffer *ring = indio_dev->buffer; signed short buf[2]; unsigned char status; + int ret; mutex_lock(&indio_dev->mlock); if (st->state == AD5933_CTRL_INIT_START_FREQ) { @@ -633,17 +634,20 @@ static void ad5933_work(struct work_stru ad5933_cmd(st, AD5933_CTRL_START_SWEEP); st->state = AD5933_CTRL_START_SWEEP; schedule_delayed_work(&st->work, st->poll_time_jiffies); - mutex_unlock(&indio_dev->mlock); - return; + goto out; } - ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status); + ret = ad5933_i2c_read(st->client, AD5933_REG_STATUS, 1, &status); + if (ret) + goto out; if (status & AD5933_STAT_DATA_VALID) { - ad5933_i2c_read(st->client, + ret = ad5933_i2c_read(st->client, test_bit(1, ring->scan_mask) ? AD5933_REG_REAL_DATA : AD5933_REG_IMAG_DATA, ring->scan_count * 2, (u8 *)buf); + if (ret) + goto out; if (ring->scan_count == 2) { buf[0] = be16_to_cpu(buf[0]); @@ -656,8 +660,7 @@ static void ad5933_work(struct work_stru } else { /* no data available - try again later */ schedule_delayed_work(&st->work, st->poll_time_jiffies); - mutex_unlock(&indio_dev->mlock); - return; + goto out; } if (status & AD5933_STAT_SWEEP_DONE) { @@ -669,7 +672,7 @@ static void ad5933_work(struct work_stru ad5933_cmd(st, AD5933_CTRL_INC_FREQ); schedule_delayed_work(&st->work, st->poll_time_jiffies); } - +out: mutex_unlock(&indio_dev->mlock); }
Powered by blists - more mailing lists