lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240424202031.syigrtrtipbq5f2l@fpc>
Date: Wed, 24 Apr 2024 23:20:31 +0300
From: Fedor Pchelkin <pchelkin@...ras.ru>
To: Roman Smirnov <r.smirnov@....ru>
Cc: Michael Krufky <mkrufky@...uxtv.org>,
	Mauro Carvalho Chehab <mchehab@...nel.org>,
	Jia-Ju Bai <baijiaju1990@...il.com>,
	Hans Verkuil <hverkuil-cisco@...all.nl>,
	lvc-project@...uxtesting.org, Sergey Shtylyov <s.shtylyov@....ru>,
	linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [lvc-project] [PATCH 1/3] media: tuners: tda18271: fix error
 code handling in tda18271_attach()

On Wed, 24. Apr 21:06, Fedor Pchelkin wrote:
> Hello Roman,
> 
> On Tue, 16. Apr 14:45, Roman Smirnov wrote:
> > tda18271_attach() uses the hybrid_tuner_request_state() macro.
> > It may return the error code -ENOMEM, but the function handle
> > the value 0 instead.
> 
> Maybe hybrid_tuner_request_state macro declaration should be fixed to
> generate zero in case of a memory allocation failure?
> 
> At least it has a comment stating the following
>  * 0 - no instances, indicates an error - kzalloc must have failed
> 
> And supposedly a number of drivers implemented the error handling based on
> this assumption.
> 
> The drivers mentioned in this series are not the only ones susceptible to
> the problem. Grepping through "hybrid_tuner_request_state" calls also gives
> out tda9887, xc2028, r820t and others.
> 
> > 
> > Found by Linux Verification Center (linuxtesting.org) with Svace.
> > 
> > Fixes: b9302fa7ed97 ("media: tuners: fix error return code of hybrid_tuner_request_state()")

Looking more thoroughly, I think commit b9302fa7ed97 ("media: tuners: fix
error return code of hybrid_tuner_request_state()") should be reverted
because it just contradicts with the return values contract which is stated
in the comment for the macro and which is followed by all the existing
drivers.

__ret should be assigned 0 in error case as was before the commit.

> > Signed-off-by: Roman Smirnov <r.smirnov@....ru>
> > ---
> >  drivers/media/tuners/tda18271-fe.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/media/tuners/tda18271-fe.c b/drivers/media/tuners/tda18271-fe.c
> > index a7e721baaa99..23432210f06a 100644
> > --- a/drivers/media/tuners/tda18271-fe.c
> > +++ b/drivers/media/tuners/tda18271-fe.c
> > @@ -1255,7 +1255,7 @@ struct dvb_frontend *tda18271_attach(struct dvb_frontend *fe, u8 addr,
> >  					      hybrid_tuner_instance_list,
> >  					      i2c, addr, "tda18271");
> >  	switch (instance) {
> > -	case 0:
> > +	case -ENOMEM:
> >  		goto fail;
> >  	case 1:
> >  		/* new tuner instance */
> > -- 
> > 2.34.1
> > 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ