lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 14 Feb 2024 10:56:24 +0100
From: Hans Verkuil <hverkuil@...all.nl>
To: Daniil Dulov <d.dulov@...ddin.ru>,
 Mauro Carvalho Chehab <mchehab@...nel.org>
Cc: Takahiro Adachi <tadachi@...achi-net.com>,
 Takeru Komoriya <komoriya@...en.org>, linux-media@...r.kernel.org,
 linux-kernel@...r.kernel.org, lvc-project@...uxtesting.org
Subject: Re: [PATCH 17/17] media: upd64031a: Check return value of
 i2c_master_recv()

On 11/02/2024 16:07, Daniil Dulov wrote:
> i2c_master_recv() may return an error, so add a check
> and return 0xff in case it is passed.
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: add953cecba8 ("V4L/DVB (3665): Add new NEC uPD64031A and uPD64083 i2c drivers")
> Signed-off-by: Daniil Dulov <d.dulov@...ddin.ru>
> ---
>  drivers/media/i2c/upd64031a.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/media/i2c/upd64031a.c b/drivers/media/i2c/upd64031a.c
> index ef35c6574785..f51f86f30c73 100644
> --- a/drivers/media/i2c/upd64031a.c
> +++ b/drivers/media/i2c/upd64031a.c
> @@ -73,11 +73,12 @@ static u8 upd64031a_read(struct v4l2_subdev *sd, u8 reg)
>  {
>  	struct i2c_client *client = v4l2_get_subdevdata(sd);
>  	u8 buf[2];
> +	int rc;
>  
>  	if (reg >= sizeof(buf))
>  		return 0xff;
> -	i2c_master_recv(client, buf, 2);
> -	return buf[reg];
> +	rc = i2c_master_recv(client, buf, 2);
> +	return rc < 0 ? 0xff : buf[reg];

I don't think this patch adds anything useful.

If you just want to avoid uninitialized memory to be returned,
then just do: "u8 buf[2] = {};".

Alternatively, this function should return an int and callers
have to check if an error (<0) was returned and pass that on.

I think the latter is overkill, but I'll take a patch that just
zeroes buf.

Regards,

	Hans

>  }
>  
>  /* ------------------------------------------------------------------------ */

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ