lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20240914145854.21569134@jic23-huawei>
Date: Sat, 14 Sep 2024 14:58:54 +0100
From: Jonathan Cameron <jic23@...nel.org>
To: Mikhail Lobanov <m.lobanov@...alinux.ru>
Cc: Dan Robertson <dan@...obertson.com>, Lars-Peter Clausen
 <lars@...afoo.de>, Jagath Jog J <jagathjog1996@...il.com>,
 linux-iio@...r.kernel.org, linux-kernel@...r.kernel.org,
 lvc-project@...uxtesting.org
Subject: Re: [PATCH] iio: accel: bma400: Fix uninitialized variable
 field_value in tap event handling.

On Tue, 10 Sep 2024 04:36:20 -0400
Mikhail Lobanov <m.lobanov@...alinux.ru> wrote:

> In the current implementation, the local variable field_value is used
> without prior initialization, which may lead to reading uninitialized
> memory. Specifically, in the macro set_mask_bits, the initial
> (potentially uninitialized) value of the buffer is copied into old__,
> and a mask is applied to calculate new__. A similar issue was resolved in
> commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use
> of unintialized value.").
> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events")
> Signed-off-by: Mikhail Lobanov <m.lobanov@...alinux.ru>
Ok. It's not a bug as such because ultimately the bits that aren't set are masked out
but it is non obvious.  So applied to the fixes-togreg branch of iio.git.

Thanks,

Jonathan

> ---
>  drivers/iio/accel/bma400_core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c
> index e90e2f01550a..04083b7395ab 100644
> --- a/drivers/iio/accel/bma400_core.c
> +++ b/drivers/iio/accel/bma400_core.c
> @@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data,
>  static int bma400_tap_event_en(struct bma400_data *data,
>  			       enum iio_event_direction dir, int state)
>  {
> -	unsigned int mask, field_value;
> +	unsigned int mask;
> +	unsigned int field_value = 0;
>  	int ret;
>  
>  	/*

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ