lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Sun, 24 Mar 2019 15:34:46 +0000
From:   Jonathan Cameron <jic23@...nel.org>
To:     Nathan Chancellor <natechancellor@...il.com>
Cc:     Arnd Bergmann <arnd@...db.de>, clang-built-linux@...glegroups.com,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Hartmut Knaack <knaack.h@....de>,
        Lars-Peter Clausen <lars@...afoo.de>,
        Peter Meerwald-Stadler <pmeerw@...erw.net>,
        linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] iio: ssp_sensors: avoid uninitialized variable usage

On Fri, 22 Mar 2019 08:01:19 -0700
Nathan Chancellor <natechancellor@...il.com> wrote:

> On Fri, Mar 22, 2019 at 03:09:22PM +0100, Arnd Bergmann wrote:
> > clang points out that 'calculated_time' is only sometimes
> > initialized here, which leads to incorrect data being
> > passed into another function:
> > 
> > drivers/iio/common/ssp_sensors/ssp_iio.c:95:6: error: variable 'calculated_time' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
> >         if (indio_dev->scan_timestamp) {
> >             ^~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/iio/common/ssp_sensors/ssp_iio.c:102:9: note: uninitialized use occurs here
> >                                                   calculated_time);
> >                                                   ^~~~~~~~~~~~~~~
> > drivers/iio/common/ssp_sensors/ssp_iio.c:95:2: note: remove the 'if' if its condition is always true
> >         if (indio_dev->scan_timestamp) {
> >         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > drivers/iio/common/ssp_sensors/ssp_iio.c:84:25: note: initialize the variable 'calculated_time' to silence this warning
> >         int64_t calculated_time;
> >                                ^
> > The data is subsequently ignored by iio_push_to_buffers_with_timestamp(),
> > but the warning still feels legitimate and to work around it, we can
> > initialize the time in the other case.
> > 
> > Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=18501
> > Signed-off-by: Arnd Bergmann <arnd@...db.de>
> > ---
> >  drivers/iio/common/ssp_sensors/ssp_iio.c | 2 ++
> >  1 file changed, 2 insertions(+)
> > 
> > diff --git a/drivers/iio/common/ssp_sensors/ssp_iio.c b/drivers/iio/common/ssp_sensors/ssp_iio.c
> > index 645f2e3975db..81e8f4844c90 100644
> > --- a/drivers/iio/common/ssp_sensors/ssp_iio.c
> > +++ b/drivers/iio/common/ssp_sensors/ssp_iio.c
> > @@ -96,6 +96,8 @@ int ssp_common_process_data(struct iio_dev *indio_dev, void *buf,
> >  		memcpy(&time, &((char *)buf)[len], SSP_TIME_SIZE);
> >  		calculated_time =
> >  			timestamp + (int64_t)le32_to_cpu(time) * 1000000;
> > +	} else {
> > +		calculated_time = 0;
> >  	}
> >  
> >  	return iio_push_to_buffers_with_timestamp(indio_dev, spd->buffer,
> > -- 
> > 2.20.0
> >   
> 
> I sent a similar change, which is sitting in Jonathan's testing branch:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio.git/commit/?id=0643039b4fee4aa54a233ead15dc0b2286f059d7
> 
> You made a good point previously that initializing the variable at the
> beginning of a function may not always be the best choice. I don't have
> a personal preference for which patch stays around so:
> 
> Reviewed-by: Nathan Chancellor <natechancellor@...il.com>
> 
> Just in case.
> 
> Nathan
I'll stick to the original, mostly to avoid unnecessary churn.
Apologies for the delay in pull requests making these more generally visible.
Always takes me a while to get one out after RC1.  Would imagine these
will go to Greg and hence linux-next sometime in the next week.

Jonathan


Powered by blists - more mailing lists