| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Aug 2019 11:21:22 +0100
From: Colin Ian King <colin.king@...onical.com>
To: Lars-Peter Clausen <lars@...afoo.de>,
Jonathan Cameron <jic23@...nel.org>,
Hartmut Knaack <knaack.h@....de>,
Peter Meerwald-Stadler <pmeerw@...erw.ne>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Michael Hennerich <Michael.Hennerich@...log.com>,
Stefan Popa <stefan.popa@...log.com>,
linux-iio@...r.kernel.org,
"devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: static analysis bug report in drivers/staging/iio/dac/ad5380.c
Hi,
Static analysis with Coverity Scan has detected a potential assignment
bug in ad5380.c:
217 case IIO_CHAN_INFO_CALIBBIAS:
218 ret = regmap_read(st->regmap,
AD5380_REG_OFFSET(chan->address),
219 val);
220 if (ret)
221 return ret;
222 *val >>= chan->scan_type.shift;
CID 43178 (#1 of 1): Unused value (UNUSED_VALUE)assigned_pointer:
Assigning value from val - (1 << chan->scan_type.realbits) / 2 to val
here, but that stored value is not used.
223 val -= (1 << chan->scan_type.realbits) / 2;
224 return IIO_VAL_INT;
val is a pointer and so updating it before a return is probably not the
intention. I suspect the intention was probably:
*val -= (1 << chan->scan_type.realbits) / 2;
However, I'm not confident about this as the following case has:
225 case IIO_CHAN_INFO_SCALE:
226 *val = 2 * st->vref;
227 *val2 = chan->scan_type.realbits;
228 return IIO_VAL_FRACTIONAL_LOG2;
which may imply the update maybe to *val2 instead, e.g.:
*val2 -= (1 << chan->scan_type.realbits) / 2;
Any ideas?
Colin
Powered by blists - more mailing lists