lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20210731073806.60142-1-islituo@gmail.com>
Date:   Sat, 31 Jul 2021 00:38:06 -0700
From:   Tuo Li <islituo@...il.com>
To:     mchehab@...nel.org
Cc:     linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        baijiaju1990@...il.com, Tuo Li <islituo@...il.com>,
        TOTE Robot <oslab@...nghua.edu.cn>
Subject: [PATCH] media: isl6421: fix possible uninitialized-variable access in isl6421_set_voltage()

A memory block is allocated through kmalloc(), and its return value is
assigned to the pointer isl6421. Then isl6421 is assigned to the
varialbe fe->sec_priv. The function isl6421_set_voltage() is called with
the argument fe. In this function, fe->sec_priv is assigned to isl6421.
Thus the pointer isl6421 in the function isl6421_attach() and the function
isl6421_set_voltage() point to the same memory. However, isl6421->is_off
is not initialized but it is accessed at line 75:
  if (isl6421->is_off && !is_off)

To fix this possible uninitialized-variable access, isl6421->is_off is
initialized to false in the function isl6421_attach().

Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Signed-off-by: Tuo Li <islituo@...il.com>
---
 drivers/media/dvb-frontends/isl6421.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/drivers/media/dvb-frontends/isl6421.c b/drivers/media/dvb-frontends/isl6421.c
index 43b0dfc6f453..ea101f66ea88 100644
--- a/drivers/media/dvb-frontends/isl6421.c
+++ b/drivers/media/dvb-frontends/isl6421.c
@@ -185,6 +185,7 @@ struct dvb_frontend *isl6421_attach(struct dvb_frontend *fe, struct i2c_adapter
 	isl6421->config = ISL6421_ISEL1;
 	isl6421->i2c = i2c;
 	isl6421->i2c_addr = i2c_addr;
+	isl6421->is_off = false;
 	fe->sec_priv = isl6421;
 
 	/* bits which should be forced to '1' */
-- 
2.25.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ