| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250601233402.3512823-65-sashal@kernel.org>
Date: Sun, 1 Jun 2025 19:33:32 -0400
From: Sasha Levin <sashal@...nel.org>
To: patches@...ts.linux.dev,
stable@...r.kernel.org
Cc: Nas Chung <nas.chung@...psnmedia.com>,
Sebastian Fricke <sebastian.fricke@...labora.com>,
Hans Verkuil <hverkuil@...all.nl>,
Sasha Levin <sashal@...nel.org>,
quic_vgarodia@...cinc.com,
quic_dikshita@...cinc.com,
mchehab@...nel.org,
linux-media@...r.kernel.org,
linux-arm-msm@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH AUTOSEL 6.12 65/93] media: qcom: venus: Fix uninitialized variable warning
From: Nas Chung <nas.chung@...psnmedia.com>
[ Upstream commit 8e172e38a623ce284baf2514f963b29e4d47c62e ]
Avoid uninitialized variable when both V4L2_TYPE_IS_OUTPUT() and
V4L2_TYPE_IS_CAPTURE() return false.
Signed-off-by: Nas Chung <nas.chung@...psnmedia.com>
Signed-off-by: Sebastian Fricke <sebastian.fricke@...labora.com>
Signed-off-by: Hans Verkuil <hverkuil@...all.nl>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
**YES** This commit should be backported to stable kernel trees.
**Analysis:** This commit fixes a legitimate uninitialized variable bug
in the `find_format_by_index()` function in
`drivers/media/platform/qcom/venus/vdec.c`. Here's why it meets the
criteria for stable backporting: 1. **Bug Fix Nature**: The commit
addresses a clear code defect where the `valid` variable could be used
uninitialized. In the original code at line 157, `bool valid;` is
declared but not initialized. The logic then uses an `if-else if`
construct: - `if (V4L2_TYPE_IS_OUTPUT(type))` - sets `valid` - `else if
(V4L2_TYPE_IS_CAPTURE(type))` - sets `valid` - But if neither condition
is true, `valid` remains uninitialized 2. **Potential Impact**: Based on
the V4L2 macro definitions, `V4L2_TYPE_IS_CAPTURE(type)` is defined as
`(!V4L2_TYPE_IS_OUTPUT(type))`, which means these should be mutually
exclusive and cover all cases. However, the bug exists because the
original code used `else if` instead of just `else`, creating a
theoretical path where neither executes. 3. **Minimal Risk Fix**: The
fix is extremely simple and safe - changing `bool valid;` to `bool valid
= false;` and replacing `else if` with `else`. This ensures the variable
is always initialized and the logic covers all possible cases. 4.
**Consistency with Similar Commits**: This fix is very similar to
"Similar Commit #1" which was marked as "Backport Status: YES". That
commit also fixed an uninitialized variable in the venus driver with a
simple initialization. The pattern and impact are nearly identical. 5.
**No Side Effects**: The change is purely defensive programming - it
doesn't alter the intended behavior but prevents undefined behavior in
edge cases. 6. **Compiler/Static Analysis Issue**: This type of
uninitialized variable warning is commonly flagged by static analysis
tools and newer compiler versions, indicating it's a legitimate code
quality issue that should be fixed. The commit follows stable tree rules
perfectly: it's a small, contained bugfix with minimal regression risk
that addresses a potential runtime issue in the venus media driver.
drivers/media/platform/qcom/venus/vdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/media/platform/qcom/venus/vdec.c b/drivers/media/platform/qcom/venus/vdec.c
index d12089370d91e..cb252a3e2a351 100644
--- a/drivers/media/platform/qcom/venus/vdec.c
+++ b/drivers/media/platform/qcom/venus/vdec.c
@@ -154,14 +154,14 @@ find_format_by_index(struct venus_inst *inst, unsigned int index, u32 type)
return NULL;
for (i = 0; i < size; i++) {
- bool valid;
+ bool valid = false;
if (fmt[i].type != type)
continue;
if (V4L2_TYPE_IS_OUTPUT(type)) {
valid = venus_helper_check_codec(inst, fmt[i].pixfmt);
- } else if (V4L2_TYPE_IS_CAPTURE(type)) {
+ } else {
valid = venus_helper_check_format(inst, fmt[i].pixfmt);
if (fmt[i].pixfmt == V4L2_PIX_FMT_QC10C &&
--
2.39.5
Powered by blists - more mailing lists