lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <26872134-1022-4cd5-bd04-215d54c55791@gmail.com>
Date: Fri, 11 Apr 2025 12:26:11 +0530
From: Purva Yeshi <purvayeshi550@...il.com>
To: Guenter Roeck <linux@...ck-us.net>
Cc: Jean Delvare <jdelvare@...e.com>, linux-hwmon@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH] hwmon: max31827: Fix uninitialized variable lsb_idx in
 max31827_init_client

On 11/04/25 01:31, Guenter Roeck wrote:
> On Fri, Apr 11, 2025 at 01:18:33AM +0530, Purva Yeshi wrote:
>> Fix Smatch-detected issue:
>> drivers/hwmon/max31827.c:564 max31827_init_client() error:
>> uninitialized symbol 'lsb_idx'.
>>
>> ​In the max31827_init_client() function, the variable lsb_idx is assigned
>> a value only when data has exactly one bit set (hweight32(data) == 1).
>> If this condition isn't met, lsb_idx remains uninitialized, leading to
>> undefined behavior when it's subsequently used.
> 
> That is not correct.
> 
>>
>> Ensure that data is non-zero and has exactly one bit set before
>> calling __ffs(data) to determine lsb_idx. Additionally, verify that
>> lsb_idx does not exceed 4. This approach prevents the use of an
>> uninitialized lsb_idx and resolves the Smatch warning.
>>
>> Signed-off-by: Purva Yeshi <purvayeshi550@...il.com>
>> ---
>>   drivers/hwmon/max31827.c | 9 ++++++---
>>   1 file changed, 6 insertions(+), 3 deletions(-)
>>
>> diff --git a/drivers/hwmon/max31827.c b/drivers/hwmon/max31827.c
>> index 48e8f8ba4d05..c62eaf186d9d 100644
>> --- a/drivers/hwmon/max31827.c
>> +++ b/drivers/hwmon/max31827.c
>> @@ -558,10 +558,13 @@ static int max31827_init_client(struct max31827_state *st,
>>   		/*
>>   		 * Convert the desired fault queue into register bits.
>>   		 */
>> -		if (data != 0)
>> -			lsb_idx = __ffs(data);
> 
> lsb_idx is assigned if data != 0, not if hweight32(data) == 1 ...
> 
>> +		if (data == 0 || hweight32(data) != 1) {
>> +			dev_err(dev, "Invalid data in adi,fault-q\n");
>> +			return -EINVAL;
>> +		}
>>   
>> -		if (hweight32(data) != 1 || lsb_idx > 4) {
> 
> ... and if hweight32(data) != 1, it bails out here before using lsb_idx.
> The problem you describe does not exist.
> 
> Guenter

Thank you for reviewing the patch and clarifying the behavior regarding 
lsb_idx. I understand the existing control flow.​

> 
>> +		lsb_idx = __ffs(data);
>> +		if (lsb_idx > 4) {
>>   			dev_err(dev, "Invalid data in adi,fault-q\n");
>>   			return -EINVAL;
>>   		}
>> -- 
>> 2.34.1
>>

Best regards,
Purva

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ