lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2024101625-activate-gluten-3547@gregkh>
Date: Wed, 16 Oct 2024 17:12:20 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: "Everest K.C." <everestkc@...restkc.com.np>
Cc: dpenkler@...il.com, skhan@...uxfoundation.org,
	linux-staging@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] staging: gpib: Remove a dead condition in if statement

On Wed, Oct 16, 2024 at 06:54:00AM -0600, Everest K.C. wrote:
> On Wed, Oct 16, 2024 at 2:04 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> >
> > On Wed, Oct 16, 2024 at 01:53:18AM -0600, Everest K.C. wrote:
> > > The variable `residue` is an unsigned int, also the function
> > > `fluke_get_dma_residue` returns an unsigned int. The value of
> > > an unsigned int can only be 0 at minimum.
> > > The less-than-zero comparison can never be true.
> > > Fix it by removing the dead condition in the if statement.
> > >
> > > This issue was reported by Coverity Scan.
> > > Report:
> > > CID 1600782: (#1 of 1): Macro compares unsigned to 0 (NO_EFFECT)
> > > unsigned_compare: This less-than-zero comparison of an unsigned value
> > > is never true. residue < 0U.
> > >
> > > Signed-off-by: Everest K.C. <everestkc@...restkc.com.np>
> > > ---
> > > V1 -> V2: - Fixed typo of comparison in changelog
> > >           - Removed Fixes tag
> > >
> > >  drivers/staging/gpib/eastwood/fluke_gpib.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/staging/gpib/eastwood/fluke_gpib.c b/drivers/staging/gpib/eastwood/fluke_gpib.c
> > > index f9f149db222d..51b4f9891a34 100644
> > > --- a/drivers/staging/gpib/eastwood/fluke_gpib.c
> > > +++ b/drivers/staging/gpib/eastwood/fluke_gpib.c
> > > @@ -644,7 +644,7 @@ static int fluke_dma_read(gpib_board_t *board, uint8_t *buffer,
> > >        */
> > >       usleep_range(10, 15);
> > >       residue = fluke_get_dma_residue(e_priv->dma_channel, dma_cookie);
> > > -     if (WARN_ON_ONCE(residue > length || residue < 0))
> > > +     if (WARN_ON_ONCE(residue > length))
> >
> > No, this is incorrect, now we never notice is the call to
> > fluke_get_dma_residue() has failed.  Please fix that bug instead (hint,
> > Covertity is giving you a pointer to where something might be wrong, but
> > this change is NOT how to fix it.)
> I need a little guidance here.
> My best guess to fix the bug would be to make fluke_get_dma_residue()
> return an int instead of unsigned int or size_t. But theoretically the
> maximum value of residue can be UINT_MAX, and casting it to int will
> result in a negative number, which in turn will cause  the error check
> condition to evaluate to true.

Look at the code to see what it does.

> The best solution I see would be to make fluke_get_dma_residue() return
> an int (-1 for error and 0 for success). Then pass the address of residue
> reference to fluke_get_dma_residue() to be updated.
> Am I on the right track ?

Close, yes.  "-1" is not a valid error, so that needs to be fixed at the
least here, as it's obviously not returning an error that gets caught
today :)

good luck!

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ