lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1c1e39cb-5fe0-46b3-898e-c65bbb3beb30@gmail.com>
Date: Wed, 2 Jul 2025 10:00:55 +0100
From: "Colin King (gmail)" <colin.i.king@...il.com>
To: Jonathan Cameron <jic23@...nel.org>, David Lechner
 <dlechner@...libre.com>, nuno.sa@...log.com,
 Andy Shevchenko <andy@...nel.org>, Gustavo Bastos <gustavobastos@....br>,
 Andrew Ijano <andrew.ijano@...il.com>, Julien Stephan <jstephan@...libre.com>
Cc: linux-iio@...r.kernel.org,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: iio: accel: sca3000: dead code issue

Hi,

Static analysis on drivers/iio/accel/sca3000.c on linux-next has 
detected an issue in the function sca3000_ring_int_process. The
issue is described as follows (prefixed by >>>)

static void sca3000_ring_int_process(u8 val, struct iio_dev *indio_dev)
{
         struct sca3000_state *st = iio_priv(indio_dev);
         int ret, i, num_available;

         mutex_lock(&st->lock);

         if (val & SCA3000_REG_INT_STATUS_HALF) {
                 ret = spi_w8r8(st->us, 
SCA3000_READ_REG(SCA3000_REG_BUF_COUNT_ADDR));


 >>>
 >>>  the call to spi_w8r8 returns 0 on success or -ve on an error
 >>>

                 if (ret)
                         goto error_ret;

 >>>
 >>> ret is always zero, at this point, so num_available is zero too
 >>>

                 num_available = ret;
                 /*
                  * num_available is the total number of samples available
                  * i.e. number of time points * number of channels.
                  */
                 ret = sca3000_read_data(st, SCA3000_REG_RING_OUT_ADDR, 
num_available * 2);
                 if (ret)
                         goto error_ret;

 >>>
 >>>  num_available is zero, so for-loop is never executed.
 >>>

                 for (i = 0; i < num_available / 3; i++) {
                         /*
                          * Dirty hack to cover for 11 bit in fifo, 13 bit
                          * direct reading.
                          *
                          * In theory the bottom two bits are undefined.
                          * In reality they appear to always be 0.
                          */
                         iio_push_to_buffers(indio_dev, st->rx + i * 3 * 2);
                 }
         }


I'm not sure what the logic should be to fix this, so I'm reporting this 
as an issue.

Regards,

Colin

Download attachment "OpenPGP_0x68C287DFC6A80226.asc" of type "application/pgp-keys" (4825 bytes)

Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (841 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ