| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 4 Dec 2020 13:45:32 +0200
From: Sakari Ailus <sakari.ailus@...ux.intel.com>
To: Andy Shevchenko <andy.shevchenko@...il.com>
Cc: Colin Ian King <colin.king@...onical.com>,
Dongchun Zhu <dongchun.zhu@...iatek.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Mauro Carvalho Chehab <mchehab+huawei@...nel.org>,
Matthias Brugger <matthias.bgg@...il.com>,
linux-media <linux-media@...r.kernel.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>,
"moderated list:ARM/Mediatek SoC support"
<linux-mediatek@...ts.infradead.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: media: i2c: add OV02A10 image sensor driver
On Thu, Dec 03, 2020 at 08:30:03PM +0200, Andy Shevchenko wrote:
> On Thu, Dec 3, 2020 at 8:24 PM Colin Ian King <colin.king@...onical.com> wrote:
> > On 03/12/2020 18:10, Andy Shevchenko wrote:
> > > On Thu, Dec 3, 2020 at 8:03 PM Colin Ian King <colin.king@...onical.com> wrote:
> > >
> > >> Static analysis on linux-next with Coverity has detected an issue with
> > >> the following commit:
> > >
> > > If you want to fix it properly, see my comments below...
> > >
> > >> 529 static int ov02a10_s_stream(struct v4l2_subdev *sd, int on)
> > >> 530 {
> > >> 531 struct ov02a10 *ov02a10 = to_ov02a10(sd);
> > >> 532 struct i2c_client *client =
> > >> v4l2_get_subdevdata(&ov02a10->subdev);
> > >>
> > >> 1. var_decl: Declaring variable ret without initializer.
> > >>
> > >> 533 int ret;
> > >> 534
> > >> 535 mutex_lock(&ov02a10->mutex);
> > >> 536
> > >>
> > >> 2. Condition ov02a10->streaming == on, taking true branch.
> > >>
> > >> 537 if (ov02a10->streaming == on)
> > >>
> > >> 3. Jumping to label unlock_and_return.
> > >>
> > >> 538 goto unlock_and_return;
> > >> 539
> > >> 540 if (on) {
> > >> 541 ret = pm_runtime_get_sync(&client->dev);
> > >> 542 if (ret < 0) {
> > >
> > >> 543 pm_runtime_put_noidle(&client->dev);
> > >> 544 goto unlock_and_return;
> > >
> > > Instead of two above:
> > > goto err_rpm_put;
> > >
> > >> 545 }
> > >> 546
> > >> 547 ret = __ov02a10_start_stream(ov02a10);
> > >> 548 if (ret) {
> > >> 549 __ov02a10_stop_stream(ov02a10);
> > >> 550 ov02a10->streaming = !on;
> > >> 551 goto err_rpm_put;
> > >> 552 }
> > >> 553 } else {
> > >> 554 __ov02a10_stop_stream(ov02a10);
> > >> 555 pm_runtime_put(&client->dev);
> > >> 556 }
> > >> 557
> > >> 558 ov02a10->streaming = on;
> > >
> > > (1)
> > >
> > >> 559 mutex_unlock(&ov02a10->mutex);
> > >> 560
> > >> 561 return 0;
> > >> 562
> > >> 563 err_rpm_put:
> > >> 564 pm_runtime_put(&client->dev);
> > >
> > >> 565 unlock_and_return:
> > >
> > > Should be moved to (1).
> > >
> > >> 566 mutex_unlock(&ov02a10->mutex);
> > >> 567
> > >>
> > >> Uninitialized scalar variable (UNINIT)
> > >> 4. uninit_use: Using uninitialized value ret.
> > >>
> > >> 568 return ret;
> > >> 569 }
> > >>
> > >> Variable ret has not been initialized, so the error return value is a
> > >> garbage value. It should be initialized with some appropriate negative
> > >> error code, or ret could be removed and the return should return a
> > >> literal value of a error code.
> > >>
> > >> I was unsure what value is appropriate to fix this, so instead I'm
> > >> reporting this issue.
> > >
> > Not sure I fully understand how that fixes it.
>
> If you are not sure and have no means to test, then don't bother. This
> is not the priority driver anyway.
Arnd sent a patch to address this:
<URL:https://patchwork.linuxtv.org/project/linux-media/patch/20201204082037.1658297-1-arnd@kernel.org/>
--
Sakari Ailus
Powered by blists - more mailing lists