lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 22 May 2021 07:21:46 +0900
From:   Takashi Sakamoto <o-takashi@...amocchi.jp>
To:     Takashi Iwai <tiwai@...e.de>,
        Colin King <colin.king@...onical.com>,
        Clemens Ladisch <clemens@...isch.de>,
        Jaroslav Kysela <perex@...ex.cz>,
        Takashi Iwai <tiwai@...e.com>, alsa-devel@...a-project.org,
        kernel-janitors@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] ALSA: firewire-lib: Fix uninitialized variable err
 issue

Hi,

On Thu, May 20, 2021 at 10:04:09PM +0900, Takashi Sakamoto wrote:
> Hi,
> 
> On Thu, May 20, 2021 at 02:26:24PM +0200, Takashi Iwai wrote:
> > On Thu, 20 May 2021 10:34:24 +0200,
> > Colin King wrote:
> > > 
> > > From: Colin Ian King <colin.king@...onical.com>
> > > 
> > > Currently in the case where the payload_length is less than the
> > > cip_header_size the error return variable err is not being set
> > > and function parse_ir_ctx_header can return an uninitialized
> > > error return value. Fix this by setting err to zero.
> > > 
> > > Addresses-Coverity: ("Uninitialized scalar variable")
> > > Fixes: c09010eeb373 ("ALSA: firewire-lib: handle the case that empty isochronous packet payload for CIP")
> > > Signed-off-by: Colin Ian King <colin.king@...onical.com>
> > 
> > Just a bikeshed, IMO, it'd be more proper to initialize err at the
> > beginning than setting 0 at every branch, e.g.
> > 
> > --- a/sound/firewire/amdtp-stream.c
> > +++ b/sound/firewire/amdtp-stream.c
> > @@ -652,7 +652,7 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
> >  	unsigned int payload_length;
> >  	const __be32 *cip_header;
> >  	unsigned int cip_header_size;
> > -	int err;
> > +	int err = 0;
> >  
> >  	payload_length = be32_to_cpu(ctx_header[0]) >> ISO_DATA_LENGTH_SHIFT;
> >  
> > @@ -683,7 +683,6 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
> >  		}
> >  	} else {
> >  		cip_header = NULL;
> > -		err = 0;
> >  		*data_blocks = payload_length / sizeof(__be32) / s->data_block_quadlets;
> >  		*syt = 0;
> 
> Thanks for the patches.
> 
> The error check is just done for the case to process CIP header, thus we
> can put the auto variable into the branch.
> 
> ======== 8< --------
> From 3fcca0062297e937c665f1c8e3a117e1187f4115 Mon Sep 17 00:00:00 2001
> From: Takashi Sakamoto <o-takashi@...amocchi.jp>
> Date: Thu, 20 May 2021 21:59:50 +0900
> Subject: [PATCH] ALSA: firewire-lib: Fix uninitialized variable err issue
> 
> The check of error is just done for the case that CIP header is available.
> 
> This commit moves auto variable into the branch to process CIP header.
> 
> Addresses-Coverity: ("Uninitialized scalar variable")
> Fixes: c09010eeb373 ("ALSA: firewire-lib: handle the case that empty isochronous packet payload for CIP")
> Suggested-by: Colin Ian King <colin.king@...onical.com>
> Signed-off-by: Takashi Sakamoto <o-takashi@...amocchi.jp>
> ---
>  sound/firewire/amdtp-stream.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/sound/firewire/amdtp-stream.c b/sound/firewire/amdtp-stream.c
> index 37c8de8a..11ae4e88 100644
> --- a/sound/firewire/amdtp-stream.c
> +++ b/sound/firewire/amdtp-stream.c
> @@ -748,7 +748,6 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
>  	unsigned int payload_length;
>  	const __be32 *cip_header;
>  	unsigned int cip_header_size;
> -	int err;
>  
>  	payload_length = be32_to_cpu(ctx_header[0]) >> ISO_DATA_LENGTH_SHIFT;
>  
> @@ -766,6 +765,8 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
>  
>  	if (cip_header_size > 0) {
>  		if (payload_length >= cip_header_size) {
> +			int err;
> +
>  			cip_header = ctx_header + IR_CTX_HEADER_DEFAULT_QUADLETS;
>  			err = check_cip_header(s, cip_header, payload_length - cip_header_size,
>  					       data_blocks, data_block_counter, syt);
> @@ -779,7 +780,6 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
>  		}
>  	} else {
>  		cip_header = NULL;
> -		err = 0;
>  		*data_blocks = payload_length / sizeof(__be32) / s->data_block_quadlets;
>  		*syt = 0;
>  
> @@ -790,7 +790,7 @@ static int parse_ir_ctx_header(struct amdtp_stream *s, unsigned int cycle,
>  	trace_amdtp_packet(s, cycle, cip_header, payload_length, *data_blocks,
>  			   *data_block_counter, packet_index, index);
>  
> -	return err;
> +	return 0;
>  }
>  
>  // In CYCLE_TIMER register of IEEE 1394, 7 bits are used to represent second. On
> -- 
> 2.27.0
> ======== 8< --------

Thanks for applying the patch but the commit in your tree includes
duplicated From/Data/Subject lines and causes failure of git-am for the
patch simply generated by git-am. Is it possible for you to modify
history of your for-next branch with enough correction?

 * https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=b493305483cb609abcf24c56f7415746c7e6939a

Regards

Takashi Sakamoto

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ