| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 Feb 2022 17:48:50 +0000
From: Jonathan Cameron <jic23@...nel.org>
To: trix@...hat.com
Cc: roan@...tonic.nl, lars@...afoo.de, nathan@...nel.org,
ndesaulniers@...gle.com, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH] iio: scd4x: check return of scd4x_write_and_fetch
On Sun, 27 Feb 2022 07:43:31 -0800
trix@...hat.com wrote:
> From: Tom Rix <trix@...hat.com>
>
> Clang static analysis reports this problem
> scd4x.c:474:10: warning: The left operand of '==' is a
> garbage value
> if (val == 0xff) {
> ~~~ ^
> val is only set from a successful call to scd4x_write_and_fetch()
> So check it's return.
>
> Fixes: 49d22b695cbb ("drivers: iio: chemical: Add support for Sensirion SCD4x CO2 sensor")
> Signed-off-by: Tom Rix <trix@...hat.com>
Good find, but I'd prefer a separate check on ret inline with what the
other error checking paths in that function are doing.
> ---
> drivers/iio/chemical/scd4x.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/iio/chemical/scd4x.c b/drivers/iio/chemical/scd4x.c
> index 20d4e7584e923..b978330fb761c 100644
> --- a/drivers/iio/chemical/scd4x.c
> +++ b/drivers/iio/chemical/scd4x.c
> @@ -471,7 +471,7 @@ static ssize_t calibration_forced_value_store(struct device *dev,
> ret = scd4x_write_and_fetch(state, CMD_FRC, arg, &val, sizeof(val));
> mutex_unlock(&state->lock);
>
> - if (val == 0xff) {
> + if (!ret && val == 0xff) {
> dev_err(dev, "forced calibration has failed");
> return -EINVAL;
> }
Prefer
if (ret)
return ret;
if (val == 0xff) {
dev_err(dev, "...
return -EINVAL;
}
Thanks,
Jonathan
Powered by blists - more mailing lists