| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 24 May 2017 10:29:26 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>
Cc: Jiri Kosina <jikos@...nel.org>, linux-input@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 1/5] HID: intel_ish-hid: fix potential uninitialized
data usage
On Wed, May 24, 2017 at 12:24 AM, Srinivas Pandruvada
<srinivas.pandruvada@...ux.intel.com> wrote:
> On Thu, 2017-05-18 at 22:21 +0200, Arnd Bergmann wrote:
>> gcc points out an uninialized pointer dereference that could happen
>> if we ever get to recv_ishtp_cl_msg_dma() or recv_ishtp_cl_msg()
>> with an empty &dev->read_list:
> In that case complete_rb should be NULL and it should not go to
>
> if (complete_rb) {
>
> shouldn't enter and cl is not dereferenced.
>
> So not sure why is this warning.
Correct. Unfortunately gcc cannot track this for complex functions, as
figuring this out is a not a solvable problem in general. I think in this
particular case, it gives up either because of the multiple 'goto' and
'continue' statements inside of the loop that get in the way of a full
analysis, or the 'spin_unlock_irqrestore' makes it forget the state.
I've seen both in the past.
However, just like gcc gets confused easily, a human reader trying
to understand the function will have the same issue, so my workaround
also helps there.
Arnd
Powered by blists - more mailing lists