lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <154948099918.115909.13787183177670759883@swboyd.mtv.corp.google.com>
Date:   Wed, 06 Feb 2019 11:23:19 -0800
From:   Stephen Boyd <sboyd@...nel.org>
To:     Yizhuo <yzhai003@....edu>
Cc:     csong@...ucr.edu, zhiyunq@...ucr.edu, Yizhuo <yzhai003@....edu>,
        Michael Turquette <mturquette@...libre.com>,
        Stephen Boyd <sboyd@...eaurora.org>, linux-clk@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] clk: gemini: Variable "val" in function gemini_clk_probe() could be uninitialized

Quoting Yizhuo (2019-01-26 21:10:12)
> In function gemini_clk_probe(), local variable "val" could
> be uninitialized if function regmap_read() returns -EINVAL.
> However, it will be used as index in the later context, which
> could potentially be unsafe.

Ok. How did you find this? Any pointers?

> 
> Signed-off-by: Yizhuo <yzhai003@....edu>
> ---
>  drivers/clk/clk-gemini.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)

There are other locations in this file where 'val' is used even if
regmap_read() fails. For example gemini_pci_recalc_rate() does this. Can
you fix all the callers in this file? Presumably nobody cares that this
API could fail in this driver because it's a thin wrapper around mmio
read that never fails. Maybe we could have a comment instead that this
is the case and then ignore this patch entirely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ