| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <823b1c13-82c3-4164-9809-b42f567e264f@oss.qualcomm.com>
Date: Thu, 13 Mar 2025 10:43:33 -0700
From: Jeff Johnson <jeff.johnson@....qualcomm.com>
To: Dan Carpenter <dan.carpenter@...aro.org>
Cc: Miri Korenblit <miriam.rachel.korenblit@...el.com>,
Johannes Berg <johannes.berg@...el.com>,
Anjaneyulu <pagadala.yesu.anjaneyulu@...el.com>,
Emmanuel Grumbach <emmanuel.grumbach@...el.com>,
Avraham Stern <avraham.stern@...el.com>,
Yedidya Benshimol <yedidya.ben.shimol@...el.com>,
Daniel Gabay <daniel.gabay@...el.com>, linux-wireless@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH next] wifi: iwlwifi: Fix uninitialized variable with
__free()
On 3/12/2025 8:24 AM, Dan Carpenter wrote:
> On Wed, Mar 12, 2025 at 08:15:18AM -0700, Jeff Johnson wrote:
>> On 3/12/2025 1:31 AM, Dan Carpenter wrote:
>>> Pointers declared with the __free(kfree) attribute need to be initialized
>>> because they will be passed to kfree() on every return path. There are
>>> two return statement before the "cmd" pointer is initialized so this
>>> leads to an uninitialized variable bug.
>>>
>>> Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver")
>>> Signed-off-by: Dan Carpenter <dan.carpenter@...aro.org>
>>> ---
>>> drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c
>>> index c759c5c68dc0..1d4b2ad5d388 100644
>>> --- a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c
>>> +++ b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c
>>> @@ -556,8 +556,8 @@ iwl_dbgfs_vif_twt_setup_write(struct iwl_mld *mld, char *buf, size_t count,
>>> };
>>> struct ieee80211_vif *vif = data;
>>> struct iwl_mld_vif *mld_vif = iwl_mld_vif_from_mac80211(vif);
>>> + struct iwl_dhc_cmd *cmd __free(kfree) = NULL;
>>
>> hmm, I thought the recommended convention was to define __free() pointers at
>> the point of allocation. cleanup.h explicitly says:
>>
>> * Given that the "__free(...) = NULL" pattern for variables defined at
>> * the top of the function poses this potential interdependency problem
>> * the recommendation is to always define and assign variables in one
>> * statement and not group variable definitions at the top of the
>> * function when __free() is used.
>>
>
> People do it either way. I'm agnostic so long as it doesn't have bugs.
I've been doing it with the allocation since that's what Linus said he wanted:
https://lore.kernel.org/all/CAHk-=whO1+-4ALjFWSE0kzytz1kEbWPvy3xWvcUP1dJ4t-QqkA@mail.gmail.com/
But this patch is already in wireless-next, so it's moot now.
Powered by blists - more mailing lists