| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 28 Feb 2022 11:55:38 +0100
From: Christian König <christian.koenig@....com>
To: trix@...hat.com, alexander.deucher@....com, Xinhui.Pan@....com,
airlied@...ux.ie, daniel@...ll.ch, nathan@...nel.org,
ndesaulniers@...gle.com, lijo.lazar@....com, nirmoy.das@....com,
kevin1.wang@....com, tom.stdenis@....com, evan.quan@....com,
Amaranath.Somalapuram@....com
Cc: amd-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v2] drm/amdgpu: Fix realloc of ptr
Am 27.02.22 um 16:33 schrieb trix@...hat.com:
> From: Tom Rix <trix@...hat.com>
>
> Clang static analysis reports this error
> amdgpu_debugfs.c:1690:9: warning: 1st function call
> argument is an uninitialized value
> tmp = krealloc_array(tmp, i + 1,
> ^~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> realloc uses tmp, so tmp can not be garbage.
> And the return needs to be checked.
>
> Fixes: 5ce5a584cb82 ("drm/amdgpu: add debugfs for reset registers list")
> Signed-off-by: Tom Rix <trix@...hat.com>
Yeah, stuff I missed because of the long review. I was already wondering
what semantics krealloc_array is following for freeing up the pointer on
error.
Reviewed-by: Christian König <christian.koenig@....com>
Thanks,
Christian.
> ---
> v2:
> use 'new' to hold/check the ralloc return
> fix commit log mistake on ralloc freeing to using input ptr
>
> drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> index 9eb9b440bd438..2f4f8c5618d81 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c
> @@ -1676,7 +1676,7 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> {
> struct amdgpu_device *adev = (struct amdgpu_device *)file_inode(f)->i_private;
> char reg_offset[11];
> - uint32_t *tmp;
> + uint32_t *new, *tmp = NULL;
> int ret, i = 0, len = 0;
>
> do {
> @@ -1687,7 +1687,12 @@ static ssize_t amdgpu_reset_dump_register_list_write(struct file *f,
> goto error_free;
> }
>
> - tmp = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> + new = krealloc_array(tmp, i + 1, sizeof(uint32_t), GFP_KERNEL);
> + if (!new) {
> + ret = -ENOMEM;
> + goto error_free;
> + }
> + tmp = new;
> if (sscanf(reg_offset, "%X %n", &tmp[i], &ret) != 1) {
> ret = -EINVAL;
> goto error_free;
Powered by blists - more mailing lists