| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c83abdb6-440e-3fff-b7d8-f70d89343be9@gmail.com>
Date: Sat, 31 Jul 2021 14:24:48 +0800
From: Li Tuo <islituo@...il.com>
To: 3chas3@...il.com
Cc: linux-atm-general@...ts.sourceforge.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [BUG] atm: firestream: possible uninitialized-variable access in
fs_open()
Hello,
Our static analysis tool finds a possible uninitialized-variable access
in the firestream driver in Linux 5.14.0-rc3:
In the function fs_open(), a memory block is allocated through
kmalloc(), and its return value is assigned to the pointer vcc.
883: vcc = kmalloc(sizeof(struct fs_vcc), GFP_KERNEL);
If the following condition is false, vcc->channo will remain uninitialized.
898: if (!test_bit(ATM_VF_PARTIAL, &atm_vcc->flags))
However, it is accessed in some statements such as:
1036: submit_command (... , QE_CMD_CONFIG_TX | QE_CMD_IMM_INQ |
vcc->channo, ...);
1040: submit_command (... , QE_CMD_TX_EN | QE_CMD_IMM_INQ |
vcc->channo, ...);
1043: set_bit (vcc->channo, dev->tx_inuse);
1047: dev->atm_vccs[vcc->channo] = atm_vcc;
1057: dev->atm_vccs[vcc->channo] = NULL;
1065: submit_command (... , QE_CMD_CONFIG_RX | QE_CMD_IMM_INQ |
vcc->channo, ...);
1072: submit_command (... , QE_CMD_CONFIG_RX | QE_CMD_IMM_INQ |
vcc->channo, ...);
1085: submit_command (... , QE_CMD_RX_EN | QE_CMD_IMM_INQ |
vcc->channo, ...);
I am not quite sure whether this possible uninitialized-variable access
is real and how to fix it if it is real.
Any feedback would be appreciated, thanks!
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists