lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20220111135805.GL1978@kadam>
Date:   Tue, 11 Jan 2022 16:58:05 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     Kalle Valo <kvalo@...nel.org>
Cc:     kbuild@...ts.01.org, Wen Gong <quic_wgong@...cinc.com>,
        lkp@...el.com, kbuild-all@...ts.01.org, ath11k@...ts.infradead.org,
        linux-kernel@...r.kernel.org
Subject: Re: [kvalo-ath:pending 52/56]
 drivers/net/wireless/ath/ath11k/wmi.c:5651
 ath11k_wmi_tlv_fw_stats_data_parse() error: uninitialized symbol 'len'.

On Tue, Jan 11, 2022 at 03:35:26PM +0200, Kalle Valo wrote:
> > bc5c448b70ff14 Wen Gong 2021-12-08 5629 static int
> > ath11k_wmi_tlv_fw_stats_data_parse(struct ath11k_base *ab,
> > bc5c448b70ff14 Wen Gong 2021-12-08 5630 struct wmi_tlv_fw_stats_parse
> > *parse,
> > bc5c448b70ff14 Wen Gong 2021-12-08 5631 const void *ptr)
> > bc5c448b70ff14 Wen Gong   2021-12-08  5632  {
> > bc5c448b70ff14 Wen Gong 2021-12-08 5633 struct ath11k_fw_stats *stats
> > = parse->stats;
> > bc5c448b70ff14 Wen Gong 2021-12-08 5634 const struct wmi_stats_event
> > *ev = parse->ev;
> > bc5c448b70ff14 Wen Gong   2021-12-08  5635  	int i;
> > bc5c448b70ff14 Wen Gong   2021-12-08  5636  	const void *data = ptr;
> > bc5c448b70ff14 Wen Gong   2021-12-08  5637  	u32 len;
                                                        ^^^^^^^^
"len" is a local variable, not a parameter.

> > bc5c448b70ff14 Wen Gong   2021-12-08  5638  
> > bc5c448b70ff14 Wen Gong   2021-12-08  5639  	if (!ev) {
> > bc5c448b70ff14 Wen Gong 2021-12-08 5640 ath11k_warn(ab, "failed to
> > fetch update stats ev");
> > bc5c448b70ff14 Wen Gong   2021-12-08  5641  		return -EPROTO;
> > bc5c448b70ff14 Wen Gong   2021-12-08  5642  	}
> > d5c65159f28953 Kalle Valo 2019-11-23  5643  
> > d5c65159f28953 Kalle Valo 2019-11-23  5644  	stats->stats_id = 0;
> > d5c65159f28953 Kalle Valo 2019-11-23  5645  
> > d5c65159f28953 Kalle Valo 2019-11-23 5646 for (i = 0; i <
> > ev->num_pdev_stats; i++) {
> > d5c65159f28953 Kalle Valo 2019-11-23 5647 const struct wmi_pdev_stats
> > *src;
> > d5c65159f28953 Kalle Valo 2019-11-23 5648 struct ath11k_fw_stats_pdev
> > *dst;
> > d5c65159f28953 Kalle Valo 2019-11-23  5649  
> > d5c65159f28953 Kalle Valo 2019-11-23  5650  		src = data;
> > bc5c448b70ff14 Wen Gong   2021-12-08 @5651  		if (len < sizeof(*src))
> >
> > "len" is never initialized.
> 
> I only quickly looked at this, but AFAICS ath11k_wmi_tlv_iter() provides
> len to ath11k_wmi_tlv_fw_stats_parse() which again provides len to
> ath11k_wmi_tlv_fw_stats_data_parse(). I'm not seeing how this is
> uninitalised, did I miss something?

I think the bug was fixed and the tree was rebased?  I only look at the
email and hit forward and the code in the email was clearly buggy but
tree looks okay now as you say.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ