lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAK8P3a22KdSVTG0LbL4UJZghbR-ENFxjOUqGArNfV73ekx_A1A@mail.gmail.com>
Date:   Wed, 17 May 2017 21:44:16 +0200
From:   Arnd Bergmann <arnd@...db.de>
To:     Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
        Jiri Kosina <jikos@...nel.org>
Cc:     linux-input@...r.kernel.org,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH 1/5] HID: intel_ish-hid: fix potential uninitialized data usage

On Tue, May 16, 2017 at 1:09 PM, Arnd Bergmann <arnd@...db.de> wrote:
> gcc points out an uninialized pointer dereference that could happen
> if we ever get to recv_ishtp_cl_msg_dma() or recv_ishtp_cl_msg()
> with an empty &dev->read_list:
>
> drivers/hid/intel-ish-hid/ishtp/client.c: In function 'recv_ishtp_cl_msg_dma':
> drivers/hid/intel-ish-hid/ishtp/client.c:1049:3: error: 'cl' may be used uninitialized in this function [-Werror=maybe-uninitialized]
>
> The warning only appeared in very few randconfig builds, as the
> spinlocks tend to prevent gcc from tracing the variables. I only
> saw it in configurations that had neither SMP nor LOCKDEP enabled.
>
> I have not been able to figure out whether this case can happen in
> practice, but it's better to be defensive here and handle the case
> explicitly by returning from the function.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>

Embarrassingly, this did not fix the warning in all cases after all, I ran
into the same warning with the patch applied now. The other patches
in the series are probably still good, but they might not apply without
the first, so I'll have to come up with a better fix here and resend the
series.

      Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ