lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20241102123630.25446-1-surajsonawane0215@gmail.com>
Date: Sat,  2 Nov 2024 18:06:30 +0530
From: Suraj Sonawane <surajsonawane0215@...il.com>
To: surajsonawane0215@...il.com
Cc: broonie@...nel.org,
	lgirdwood@...il.com,
	linux-kernel@...r.kernel.org,
	linux-sound@...r.kernel.org,
	perex@...ex.cz,
	tiwai@...e.com
Subject: [PATCH v2] sound: fix uninit-value in i2s_dma_isr

Fix an issue detected by the Smatch tool:

sound/soc/bcm/bcm63xx-pcm-whistler.c:264 i2s_dma_isr()
error: uninitialized symbol 'val_1'.
sound/soc/bcm/bcm63xx-pcm-whistler.c:264 i2s_dma_isr()
error: uninitialized symbol 'val_2'.

These errors were triggered because the variables 'val_1' and 'val_2'
could remain uninitialized if 'offlevel' is zero, meaning the loop
that assigns values to them does not execute. In this case,
'dma_addr_next' would use uninitialized data, potentially leading
to undefined behavior.

To resolve this, a conditional update for 'dma_addr_next' is added,
ensuring it is assigned only when 'val_1' and 'val_2' are read.
A new boolean variable 'val_read' flags when the values have been
retrieved, setting 'dma_addr_next' only if valid data is available.

This solution prevents the use of uninitialized data, maintaining
defined behavior for 'dma_addr_next' in all cases, and aligns with
expected usage of I2S RX descriptor data.

Signed-off-by: Suraj Sonawane <surajsonawane0215@...il.com>
---
V1: Initialize 'val_1' and 'val_2' to 0.
V2: Add conditional update for 'dma_addr_next' based on read status to
skip the update when values haven’t been read.

 sound/soc/bcm/bcm63xx-pcm-whistler.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/sound/soc/bcm/bcm63xx-pcm-whistler.c b/sound/soc/bcm/bcm63xx-pcm-whistler.c
index 018f2372e..e3a4fcc63 100644
--- a/sound/soc/bcm/bcm63xx-pcm-whistler.c
+++ b/sound/soc/bcm/bcm63xx-pcm-whistler.c
@@ -256,12 +256,16 @@ static irqreturn_t i2s_dma_isr(int irq, void *bcm_i2s_priv)
 
 		offlevel = (int_status & I2S_RX_DESC_OFF_LEVEL_MASK) >>
 			   I2S_RX_DESC_OFF_LEVEL_SHIFT;
+		bool val_read = false;
 		while (offlevel) {
 			regmap_read(regmap_i2s, I2S_RX_DESC_OFF_ADDR, &val_1);
 			regmap_read(regmap_i2s, I2S_RX_DESC_OFF_LEN, &val_2);
+			val_read = true;
 			offlevel--;
 		}
-		prtd->dma_addr_next = val_1 + val_2;
+		if (val_read)
+			prtd->dma_addr_next = val_1 + val_2;
+
 		ifflevel = (int_status & I2S_RX_DESC_IFF_LEVEL_MASK) >>
 			   I2S_RX_DESC_IFF_LEVEL_SHIFT;
 
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ