lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <4aa9b897-4596-4e2c-8dda-f24ab51e9b7c@gmail.com>
Date: Fri, 12 Jul 2024 01:07:16 +0200
From: Mirsad Todorovac <mtodorovac69@...il.com>
To: linux-mtd@...ts.infradead.org
Cc: Miquel Raynal <miquel.raynal@...tlin.com>,
 Richard Weinberger <richard@....at>, Vignesh Raghavendra <vigneshr@...com>,
 Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [PATCH v1 1/1] mtd: slram: insert break after errors in parsing the
 map

The GCC 12.3.0 compiler on linux-next next-20240709 tree found the execution
path in which, due to lazy evaluation, devlength isn't initialised with the
parsed string:

   289          while (map) {
   290                  devname = devstart = devlength = NULL;
   291
   292                  if (!(devname = strsep(&map, ","))) {
   293                          E("slram: No devicename specified.\n");
   294                          break;
   295                  }
   296                  T("slram: devname = %s\n", devname);
   297                  if ((!map) || (!(devstart = strsep(&map, ",")))) {
   298                          E("slram: No devicestart specified.\n");
   299                  }
   300                  T("slram: devstart = %s\n", devstart);
 → 301                  if ((!map) || (!(devlength = strsep(&map, ",")))) {
   302                          E("slram: No devicelength / -end specified.\n");
   303                  }
 → 304                  T("slram: devlength = %s\n", devlength);
   305                  if (parse_cmdline(devname, devstart, devlength) != 0) {
   306                          return(-EINVAL);
   307                  }

Parsing should be finished after map == NULL, so a break is best inserted after
each E("slram: ... \n") error message.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: Miquel Raynal <miquel.raynal@...tlin.com>
Cc: Richard Weinberger <richard@....at>
Cc: Vignesh Raghavendra <vigneshr@...com>
Cc: linux-mtd@...ts.infradead.org
Signed-off-by: Mirsad Todorovac <mtodorovac69@...il.com>
---
 drivers/mtd/devices/slram.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c
index 28131a127d06..8297b366a066 100644
--- a/drivers/mtd/devices/slram.c
+++ b/drivers/mtd/devices/slram.c
@@ -296,10 +296,12 @@ static int __init init_slram(void)
                T("slram: devname = %s\n", devname);
                if ((!map) || (!(devstart = strsep(&map, ",")))) {
                        E("slram: No devicestart specified.\n");
+                       break;
                }
                T("slram: devstart = %s\n", devstart);
                if ((!map) || (!(devlength = strsep(&map, ",")))) {
                        E("slram: No devicelength / -end specified.\n");
+                       break;
                }
                T("slram: devlength = %s\n", devlength);
                if (parse_cmdline(devname, devstart, devlength) != 0) {
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ