lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <s5hpoh7q6oj.wl-tiwai@suse.de>
Date:   Fri, 24 Mar 2017 12:02:04 +0100
From:   Takashi Iwai <tiwai@...e.de>
To:     "Arnd Bergmann" <arnd@...db.de>
Cc:     "Jaroslav Kysela" <perex@...ex.cz>, <alsa-devel@...a-project.org>,
        "Colin Ian King" <colin.king@...onical.com>,
        <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ALSA: au88x0: avoid theoretical uninitialized access

On Thu, 23 Mar 2017 16:15:55 +0100,
Arnd Bergmann wrote:
> 
> The latest gcc-7.0.1 snapshot points out that we if nr_ch is zero, we never
> initialize some variables:
> 
> sound/pci/au88x0/au88x0_core.c: In function 'vortex_adb_allocroute':
> sound/pci/au88x0/au88x0_core.c:2304:68: error: 'mix[0]' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> sound/pci/au88x0/au88x0_core.c:2305:58: error: 'src[0]' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> 
> I assume this can never happen in practice, but adding a check here doesn't
> hurt either and avoids the warning. The code has been unchanged since
> the start of git history.
> 
> Signed-off-by: Arnd Bergmann <arnd@...db.de>

Yeah, this shouldn't happen in practice, but better to cover.
I applied the patch now.  Thanks.


Takashi

> ---
>  sound/pci/au88x0/au88x0_core.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/sound/pci/au88x0/au88x0_core.c b/sound/pci/au88x0/au88x0_core.c
> index e1af24f87566..c308a4f70550 100644
> --- a/sound/pci/au88x0/au88x0_core.c
> +++ b/sound/pci/au88x0/au88x0_core.c
> @@ -2279,6 +2279,9 @@ vortex_adb_allocroute(vortex_t *vortex, int dma, int nr_ch, int dir,
>  	} else {
>  		int src[2], mix[2];
>  
> +		if (nr_ch < 1)
> +			return -EINVAL;
> +
>  		/* Get SRC and MIXER hardware resources. */
>  		for (i = 0; i < nr_ch; i++) {
>  			if ((mix[i] =
> -- 
> 2.9.0
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ