lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20241107063609.11627-1-surajsonawane0215@gmail.com>
Date: Thu,  7 Nov 2024 12:06:09 +0530
From: Suraj Sonawane <surajsonawane0215@...il.com>
To: lgirdwood@...il.com,
	peter.ujfalusi@...ux.intel.com,
	yung-chuan.liao@...ux.intel.com,
	ranjani.sridharan@...ux.intel.com,
	daniel.baluta@....com,
	kai.vehmanen@...ux.intel.com,
	pierre-louis.bossart@...ux.dev,
	broonie@...nel.org
Cc: perex@...ex.cz,
	tiwai@...e.com,
	sound-open-firmware@...a-project.org,
	linux-sound@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Suraj Sonawane <surajsonawane0215@...il.com>
Subject: [PATCH v3] ASoc: SOF: ipc4-pcm: fix uninit-value in sof_ipc4_pcm_dai_link_fixup_rate

Fix an issue detected by the Smatch tool:

sound/soc/sof/ipc4-pcm.c: sof_ipc4_pcm_dai_link_fixup_rate()
error: uninitialized symbol 'be_rate'.

The warning highlights a case where `be_rate` could remain uninitialized
if `num_input_formats` is zero, which would cause undefined behavior
when setting `rate->min` and `rate->max` based on `be_rate`.

To address this issue, a `WARN_ON_ONCE(!num_input_formats)` check was
added to ensure `num_input_formats` is greater than zero. If this
condition fails, the function returns `-EINVAL`, preventing the use of
an uninitialized `be_rate`.

This change improves the robustness of the function by catching an
invalid state early and providing better feedback during development.

Signed-off-by: Suraj Sonawane <surajsonawane0215@...il.com>
---
V1: Initialize 'be_rate' to 0.
V2: Add conditional assignment based on num_input_formats to ensure
be_rate is used only when assigned.
V3: Add WARN_ON_ONCE check to handle the case where num_input_formats
is zero, ensuring proper error handling for uninitialized be_rate.

 sound/soc/sof/ipc4-pcm.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sound/soc/sof/ipc4-pcm.c b/sound/soc/sof/ipc4-pcm.c
index 4df2be3d3..18fff2df7 100644
--- a/sound/soc/sof/ipc4-pcm.c
+++ b/sound/soc/sof/ipc4-pcm.c
@@ -603,6 +603,9 @@ static int sof_ipc4_pcm_dai_link_fixup_rate(struct snd_sof_dev *sdev,
 	unsigned int be_rate;
 	int i;
 
+	if (WARN_ON_ONCE(!num_input_formats))
+		return -EINVAL;
+
 	/*
 	 * Copier does not change sampling rate, so we
 	 * need to only consider the input pin information.
-- 
2.34.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ