| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210627051202.1888250-1-nathan@kernel.org>
Date: Sat, 26 Jun 2021 22:12:03 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: "Geoffrey D. Bennett" <g@...vu>, Jaroslav Kysela <perex@...ex.cz>,
Takashi Iwai <tiwai@...e.com>
Cc: Nick Desaulniers <ndesaulniers@...gle.com>,
alsa-devel@...a-project.org, linux-kernel@...r.kernel.org,
clang-built-linux@...glegroups.com,
Nathan Chancellor <nathan@...nel.org>
Subject: [PATCH v5] ALSA: usb-audio: scarlett2: Fix for loop increment in scarlett2_usb_get_config
Clang warns:
sound/usb/mixer_scarlett_gen2.c:1189:32: warning: expression result
unused [-Wunused-value]
for (i = 0; i < count; i++, (u16 *)buf++)
^ ~~~~~
1 warning generated.
It appears the intention was to cast the void pointer to a u16 pointer
so that the data could be iterated through like an array of u16 values.
However, the cast happens after the increment because a cast is an
rvalue, whereas the post-increment operator only works on lvalues, so
the loop does not iterate as expected. This is not a bug in practice
because count is not greater than one at the moment but this could
change in the future so this should be fixed.
Replace the cast with a temporary variable of the proper type, which is
less error prone and fixes the iteration. Do the same thing for the
'u8 *' below this if block.
Fixes: ac34df733d2d ("ALSA: usb-audio: scarlett2: Update get_config to do endian conversion")
Link: https://github.com/ClangBuiltLinux/linux/issues/1408
Acked-by: Geoffrey D. Bennett <g@...vu>
Signed-off-by: Nathan Chancellor <nathan@...nel.org>
---
v1 -> v2:
* Use temporary variables of proper type rather than casting, as
requested by Takashi.
* Mention that there is not a bug at the moment per Geoffrey's comment.
v2 -> v3:
* Restrict scope of buf_16 more, as requested by Geoffrey.
* Add Geoffrey's ack.
v3 -> v4:
* Fix stray newline added below
if (config_item->size >= 8) {
leftover from buf_16's declaration.
v4 -> v5 (or how many times does it take Nathan to get a patch right):
* Re-add note about no bug that was dropped in v3 by accident, as
noticed by Geoffrey. My apologies for the multiple revisions.
sound/usb/mixer_scarlett_gen2.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/sound/usb/mixer_scarlett_gen2.c b/sound/usb/mixer_scarlett_gen2.c
index fcba682cd422..161d832cafef 100644
--- a/sound/usb/mixer_scarlett_gen2.c
+++ b/sound/usb/mixer_scarlett_gen2.c
@@ -1177,6 +1177,7 @@ static int scarlett2_usb_get_config(
const struct scarlett2_config *config_item =
&scarlett2_config_items[info->has_mixer][config_item_num];
int size, err, i;
+ u8 *buf_8;
u8 value;
/* For byte-sized parameters, retrieve directly into buf */
@@ -1185,9 +1186,12 @@ static int scarlett2_usb_get_config(
err = scarlett2_usb_get(mixer, config_item->offset, buf, size);
if (err < 0)
return err;
- if (size == 2)
- for (i = 0; i < count; i++, (u16 *)buf++)
- *(u16 *)buf = le16_to_cpu(*(__le16 *)buf);
+ if (size == 2) {
+ u16 *buf_16 = buf;
+
+ for (i = 0; i < count; i++, buf_16++)
+ *buf_16 = le16_to_cpu(*(__le16 *)buf_16);
+ }
return 0;
}
@@ -1197,8 +1201,9 @@ static int scarlett2_usb_get_config(
return err;
/* then unpack from value into buf[] */
+ buf_8 = buf;
for (i = 0; i < 8 && i < count; i++, value >>= 1)
- *(u8 *)buf++ = value & 1;
+ *buf_8++ = value & 1;
return 0;
}
base-commit: 0cbbeaf370221fc469c95945dd3c1198865c5fe4
--
2.32.0.93.g670b81a890
Powered by blists - more mailing lists