lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230126152147.3585874-1-harshit.m.mogalapalli@oracle.com>
Date:   Thu, 26 Jan 2023 07:21:46 -0800
From:   Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
To:     unlisted-recipients:; (no To-header on input)
Cc:     harshit.m.mogalapalli@...cle.com, error27@...il.com,
        Jonathan Cameron <jic23@...nel.org>,
        Lars-Peter Clausen <lars@...afoo.de>,
        Irina Tirdea <irina.tirdea@...el.com>,
        Vlad Dogaru <ddvlad@...il.com>, linux-iio@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH] iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()

Smatch Warns: drivers/iio/accel/mma9551_core.c:357
	mma9551_read_status_word() error: uninitialized symbol 'v'.

When (offset >= 1 << 12) is true mma9551_transfer() will return -EINVAL
without 'v' being initialized, so check for the error and return.

Fixes: d5b97f5c7dfc ("iio: accel: mma9551: split driver to expose mma955x api")
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>
---
This is detected using static analysis with smatch, and could probably
be detected by syzkaller fuzzing in future.
---
 drivers/iio/accel/mma9551_core.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/iio/accel/mma9551_core.c b/drivers/iio/accel/mma9551_core.c
index 75eee7f7303a..b898f865fb87 100644
--- a/drivers/iio/accel/mma9551_core.c
+++ b/drivers/iio/accel/mma9551_core.c
@@ -357,9 +357,12 @@ int mma9551_read_status_word(struct i2c_client *client, u8 app_id,
 
 	ret = mma9551_transfer(client, app_id, MMA9551_CMD_READ_STATUS,
 			       reg, NULL, 0, (u8 *)&v, 2);
+	if (ret < 0)
+		return ret;
+
 	*val = be16_to_cpu(v);
 
-	return ret;
+	return 0;
 }
 EXPORT_SYMBOL_NS(mma9551_read_status_word, IIO_MMA9551);
 
-- 
2.38.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ