lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <9af089ea-2532-68ac-5d22-97a669ccec91@canonical.com>
Date:   Thu, 3 Dec 2020 18:00:20 +0000
From:   Colin Ian King <colin.king@...onical.com>
To:     Dongchun Zhu <dongchun.zhu@...iatek.com>
Cc:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Sakari Ailus <sakari.ailus@...ux.intel.com>,
        Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
        Matthias Brugger <matthias.bgg@...il.com>,
        linux-media <linux-media@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>,
        linux-mediatek@...ts.infradead.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: re: media: i2c: add OV02A10 image sensor driver

Hi,

Static analysis on linux-next with Coverity has detected an issue with
the following commit:

529 static int ov02a10_s_stream(struct v4l2_subdev *sd, int on)
530 {
531        struct ov02a10 *ov02a10 = to_ov02a10(sd);
532        struct i2c_client *client =
v4l2_get_subdevdata(&ov02a10->subdev);

   1. var_decl: Declaring variable ret without initializer.

533        int ret;
534
535        mutex_lock(&ov02a10->mutex);
536

   2. Condition ov02a10->streaming == on, taking true branch.

537        if (ov02a10->streaming == on)

   3. Jumping to label unlock_and_return.

538                goto unlock_and_return;
539
540        if (on) {
541                ret = pm_runtime_get_sync(&client->dev);
542                if (ret < 0) {
543                        pm_runtime_put_noidle(&client->dev);
544                        goto unlock_and_return;
545                }
546
547                ret = __ov02a10_start_stream(ov02a10);
548                if (ret) {
549                        __ov02a10_stop_stream(ov02a10);
550                        ov02a10->streaming = !on;
551                        goto err_rpm_put;
552                }
553        } else {
554                __ov02a10_stop_stream(ov02a10);
555                pm_runtime_put(&client->dev);
556        }
557
558        ov02a10->streaming = on;
559        mutex_unlock(&ov02a10->mutex);
560
561        return 0;
562
563 err_rpm_put:
564        pm_runtime_put(&client->dev);
565 unlock_and_return:
566        mutex_unlock(&ov02a10->mutex);
567

Uninitialized scalar variable (UNINIT)
    4. uninit_use: Using uninitialized value ret.

568        return ret;
569 }

Variable ret has not been initialized, so the error return value is a
garbage value. It should be initialized with some appropriate negative
error code, or ret could be removed and the return should return a
literal value of a error code.

I was unsure what value is appropriate to fix this, so instead I'm
reporting this issue.

Colin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ