lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <202201201534.RoB5fAbP-lkp@intel.com>
Date:   Thu, 20 Jan 2022 11:19:11 +0300
From:   Dan Carpenter <dan.carpenter@...cle.com>
To:     kbuild@...ts.01.org,
        Srinivas Kandagatla <srinivas.kandagatla@...aro.org>
Cc:     lkp@...el.com, kbuild-all@...ts.01.org,
        linux-kernel@...r.kernel.org, Mark Brown <broonie@...nel.org>,
        Pierre-Louis Bossart <pierre-louis.bossart@...ux.intel.com>
Subject: sound/soc/qcom/qdsp6/topology.c:336 audioreach_parse_sg_tokens()
 error: potentially dereferencing uninitialized 'sg'.

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
head:   1d1df41c5a33359a00e919d54eaebfb789711fdc
commit: 36ad9bf1d93d66b901342eab9f8ed6c1537655a6 ASoC: qdsp6: audioreach: add topology support
config: arc-randconfig-m031-20220117 (https://download.01.org/0day-ci/archive/20220120/202201201534.RoB5fAbP-lkp@intel.com/config)
compiler: arceb-elf-gcc (GCC) 11.2.0

If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@...el.com>
Reported-by: Dan Carpenter <dan.carpenter@...cle.com>

New smatch warnings:
sound/soc/qcom/qdsp6/topology.c:336 audioreach_parse_sg_tokens() error: potentially dereferencing uninitialized 'sg'.
sound/soc/qcom/qdsp6/topology.c:355 audioreach_parse_sg_tokens() error: uninitialized symbol 'sg'.
sound/soc/qcom/qdsp6/topology.c:382 audioreach_parse_cont_tokens() error: potentially dereferencing uninitialized 'cont'.
sound/soc/qcom/qdsp6/topology.c:402 audioreach_parse_cont_tokens() error: uninitialized symbol 'cont'.

Old smatch warnings:
sound/soc/qcom/qdsp6/topology.c:339 audioreach_parse_sg_tokens() error: potentially dereferencing uninitialized 'sg'.
sound/soc/qcom/qdsp6/topology.c:342 audioreach_parse_sg_tokens() error: potentially dereferencing uninitialized 'sg'.
sound/soc/qcom/qdsp6/topology.c:357 audioreach_parse_sg_tokens() error: uninitialized symbol 'sg'.
sound/soc/qcom/qdsp6/topology.c:385 audioreach_parse_cont_tokens() error: potentially dereferencing uninitialized 'cont'.
sound/soc/qcom/qdsp6/topology.c:388 audioreach_parse_cont_tokens() error: potentially dereferencing uninitialized 'cont'.
sound/soc/qcom/qdsp6/topology.c:391 audioreach_parse_cont_tokens() error: potentially dereferencing uninitialized 'cont'.

vim +/sg +336 sound/soc/qcom/qdsp6/topology.c

36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  303  static struct audioreach_sub_graph *audioreach_parse_sg_tokens(struct q6apm *apm,
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  304  						       struct snd_soc_tplg_private *private)
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  305  {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  306  	struct snd_soc_tplg_vendor_value_elem *sg_elem;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  307  	struct snd_soc_tplg_vendor_array *sg_array;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  308  	struct audioreach_graph_info *info = NULL;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  309  	int graph_id, sub_graph_id, tkn_count = 0;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  310  	struct audioreach_sub_graph *sg;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  311  	bool found;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  312  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  313  	sg_array = audioreach_get_sg_array(private);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  314  	sg_elem = sg_array->value;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  315  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  316  	while (tkn_count <= (le32_to_cpu(sg_array->num_elems) - 1)) {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  317  		switch (le32_to_cpu(sg_elem->token)) {

This code is very trustful of endian data.  Probably that means it comes
from the firmware or something?  People will file for CVEs when they
find that we're trusting firmware to be correct...

Also I really wish that some day we will be able to turn on GCC's
unitialized variable checking again.  There is no way I'm going to put
up with looking through these warnings for year after year.  At least
fix the W=2 uninitialized variable warnings.

sound/soc/qcom/qdsp6/topology.c:342:20: warning: ‘sg’ may be used uninitialized in this function [-Wmaybe-uninitialized]
    sg->scenario_id = le32_to_cpu(sg_elem->value);
sound/soc/qcom/qdsp6/topology.c:310:31: note: ‘sg’ was declared here
  struct audioreach_sub_graph *sg;
                               ^~
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  318  		case AR_TKN_U32_SUB_GRAPH_INSTANCE_ID:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  319  			sub_graph_id = le32_to_cpu(sg_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  320  			sg = audioreach_tplg_alloc_sub_graph(apm, sub_graph_id, &found);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  321  			if (IS_ERR(sg)) {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  322  				return sg;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  323  			} else if (found) {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  324  				/* Already parsed data for this sub-graph */
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  325  				return sg;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  326  			}
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  327  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  328  		case AR_TKN_DAI_INDEX:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  329  			/* Sub graph is associated with predefined graph */
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  330  			graph_id = le32_to_cpu(sg_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  331  			info = audioreach_tplg_alloc_graph_info(apm, graph_id, &found);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  332  			if (IS_ERR(info))
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  333  				return ERR_CAST(info);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  334  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  335  		case AR_TKN_U32_SUB_GRAPH_PERF_MODE:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26 @336  			sg->perf_mode = le32_to_cpu(sg_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  337  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  338  		case AR_TKN_U32_SUB_GRAPH_DIRECTION:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  339  			sg->direction = le32_to_cpu(sg_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  340  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  341  		case AR_TKN_U32_SUB_GRAPH_SCENARIO_ID:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  342  			sg->scenario_id = le32_to_cpu(sg_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  343  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  344  		default:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  345  			dev_err(apm->dev, "Not a valid token %d for graph\n", sg_elem->token);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  346  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  347  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  348  		}
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  349  		tkn_count++;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  350  		sg_elem++;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  351  	}
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  352  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  353  	/* Sub graph is associated with predefined graph */
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  354  	if (info)
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26 @355  		audioreach_tplg_add_sub_graph(sg, info);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  356  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  357  	return sg;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  358  }
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  359  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  360  static struct audioreach_container *audioreach_parse_cont_tokens(struct q6apm *apm,
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  361  							 struct audioreach_sub_graph *sg,
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  362  							 struct snd_soc_tplg_private *private)
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  363  {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  364  	struct snd_soc_tplg_vendor_value_elem *cont_elem;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  365  	struct snd_soc_tplg_vendor_array *cont_array;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  366  	struct audioreach_container *cont;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  367  	int container_id, tkn_count = 0;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  368  	bool found = false;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  369  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  370  	cont_array = audioreach_get_cont_array(private);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  371  	cont_elem = cont_array->value;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  372  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  373  	while (tkn_count <= (le32_to_cpu(cont_array->num_elems) - 1)) {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  374  		switch (le32_to_cpu(cont_elem->token)) {
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  375  		case AR_TKN_U32_CONTAINER_INSTANCE_ID:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  376  			container_id = le32_to_cpu(cont_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  377  			cont = audioreach_tplg_alloc_container(apm, sg, container_id, &found);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  378  			if (IS_ERR(cont) || found)/* Error or Already parsed container data */
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  379  				return cont;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  380  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  381  		case AR_TKN_U32_CONTAINER_CAPABILITY_ID:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26 @382  			cont->capability_id = le32_to_cpu(cont_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  383  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  384  		case AR_TKN_U32_CONTAINER_STACK_SIZE:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  385  			cont->stack_size = le32_to_cpu(cont_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  386  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  387  		case AR_TKN_U32_CONTAINER_GRAPH_POS:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  388  			cont->graph_pos = le32_to_cpu(cont_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  389  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  390  		case AR_TKN_U32_CONTAINER_PROC_DOMAIN:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  391  			cont->proc_domain = le32_to_cpu(cont_elem->value);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  392  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  393  		default:
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  394  			dev_err(apm->dev, "Not a valid token %d for graph\n", cont_elem->token);
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  395  			break;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  396  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  397  		}
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  398  		tkn_count++;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  399  		cont_elem++;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  400  	}
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  401  
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26 @402  	return cont;
36ad9bf1d93d66 Srinivas Kandagatla 2021-10-26  403  }

---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ