| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 Jan 2022 15:35:26 +0200
From: Kalle Valo <kvalo@...nel.org>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: kbuild@...ts.01.org, Wen Gong <quic_wgong@...cinc.com>,
lkp@...el.com, kbuild-all@...ts.01.org, ath11k@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: Re: [kvalo-ath:pending 52/56] drivers/net/wireless/ath/ath11k/wmi.c:5651 ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol 'len'.
(moving from ath10k list to ath11k list)
Dan Carpenter <dan.carpenter@...cle.com> writes:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git pending
> head: 34cbb4043dca455fca888e1ced323e588912b6a2
> commit: bc5c448b70ff141f8a2b5cbbab79fba08d7a1be0 [52/56] ath11k:
> report rssi of each chain to mac80211 for QCA6390/WCN6855
> config: riscv-randconfig-m031-20211210
> (https://download.01.org/0day-ci/archive/20211211/202112110427.o6xDAKfE-lkp@intel.com/config)
> compiler: riscv64-linux-gcc (GCC) 11.2.0
This was a test commit in the pending branch, I applied the actual
commit as:
b488c766442f ath11k: report rssi of each chain to mac80211 for QCA6390/WCN6855
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@...el.com>
> Reported-by: Dan Carpenter <dan.carpenter@...cle.com>
>
> New smatch warnings:
> drivers/net/wireless/ath/ath11k/wmi.c:5651
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
>
> Old smatch warnings:
> arch/riscv/include/asm/atomic.h:317 arch_atomic_sub_if_positive()
> warn: inconsistent indenting
> drivers/net/wireless/ath/ath11k/wmi.c:5674
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
> drivers/net/wireless/ath/ath11k/wmi.c:5695
> ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol
> 'len'.
>
> vim +/len +5651 drivers/net/wireless/ath/ath11k/wmi.c
>
> bc5c448b70ff14 Wen Gong 2021-12-08 5629 static int
> ath11k_wmi_tlv_fw_stats_data_parse(struct ath11k_base *ab,
> bc5c448b70ff14 Wen Gong 2021-12-08 5630 struct wmi_tlv_fw_stats_parse
> *parse,
> bc5c448b70ff14 Wen Gong 2021-12-08 5631 const void *ptr)
> bc5c448b70ff14 Wen Gong 2021-12-08 5632 {
> bc5c448b70ff14 Wen Gong 2021-12-08 5633 struct ath11k_fw_stats *stats
> = parse->stats;
> bc5c448b70ff14 Wen Gong 2021-12-08 5634 const struct wmi_stats_event
> *ev = parse->ev;
> bc5c448b70ff14 Wen Gong 2021-12-08 5635 int i;
> bc5c448b70ff14 Wen Gong 2021-12-08 5636 const void *data = ptr;
> bc5c448b70ff14 Wen Gong 2021-12-08 5637 u32 len;
> bc5c448b70ff14 Wen Gong 2021-12-08 5638
> bc5c448b70ff14 Wen Gong 2021-12-08 5639 if (!ev) {
> bc5c448b70ff14 Wen Gong 2021-12-08 5640 ath11k_warn(ab, "failed to
> fetch update stats ev");
> bc5c448b70ff14 Wen Gong 2021-12-08 5641 return -EPROTO;
> bc5c448b70ff14 Wen Gong 2021-12-08 5642 }
> d5c65159f28953 Kalle Valo 2019-11-23 5643
> d5c65159f28953 Kalle Valo 2019-11-23 5644 stats->stats_id = 0;
> d5c65159f28953 Kalle Valo 2019-11-23 5645
> d5c65159f28953 Kalle Valo 2019-11-23 5646 for (i = 0; i <
> ev->num_pdev_stats; i++) {
> d5c65159f28953 Kalle Valo 2019-11-23 5647 const struct wmi_pdev_stats
> *src;
> d5c65159f28953 Kalle Valo 2019-11-23 5648 struct ath11k_fw_stats_pdev
> *dst;
> d5c65159f28953 Kalle Valo 2019-11-23 5649
> d5c65159f28953 Kalle Valo 2019-11-23 5650 src = data;
> bc5c448b70ff14 Wen Gong 2021-12-08 @5651 if (len < sizeof(*src))
>
> "len" is never initialized.
I only quickly looked at this, but AFAICS ath11k_wmi_tlv_iter() provides
len to ath11k_wmi_tlv_fw_stats_parse() which again provides len to
ath11k_wmi_tlv_fw_stats_data_parse(). I'm not seeing how this is
uninitalised, did I miss something?
--
https://patchwork.kernel.org/project/linux-wireless/list/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists