lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <877bv4t03x.wl-tiwai@suse.de>
Date: Wed, 03 Dec 2025 09:56:18 +0100
From: Takashi Iwai <tiwai@...e.de>
To: hariconscious@...il.com
Cc: perex@...ex.cz,
	tiwai@...e.com,
	cristian.ciocaltea@...labora.com,
	cryolitia@...ontech.com,
	franta-linux@...ntovo.cz,
	khalid@...nel.org,
	shuah@...nel.org,
	david.hunter.linux@...il.com,
	linux-sound@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ALSA: usb-audio: Initialize status1 to fix uninitialized symbol errors

On Wed, 03 Dec 2025 09:33:20 +0100,
hariconscious@...il.com wrote:
> 
> From: HariKrishna Sagala <hariconscious@...il.com>
> 
> Initialize 'status1' with a default value to resolve the static analysis
> smatch reported error "uninitialized symbol 'status1'".
> The 'status1' variable is used to create a buff using "kmemdup".
> So, ensure to initialize the value before it is read.
> 
> Signed-off-by: HariKrishna Sagala <hariconscious@...il.com>
> ---
> This patch fixes the below smatch reported errors.
> sound/usb/mixer_quirks.c:2462 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2467 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2472 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2495 snd_rme_sync_state_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2501 snd_rme_sync_state_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2522 snd_rme_spdif_if_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2535 snd_rme_spdif_format_get() error: uninitialized symbol 'status1'.
> sound/usb/mixer_quirks.c:2548 snd_rme_sync_source_get() error: uninitialized symbol 'status1'.
> 
> The below is the flow of 'status1' it is used before initialization.
> 
> snd_rme_rate_get -> status1 is uninitialized and passed
> 	snd_rme_get_status1 -> passed as is
> 		snd_rme_read_value -> passed as is
> 			snd_usb_ctl_msg -> created buf from status1 using kmemdup
> 				usb_control_msg -> sent buf for reading/writing
> 
> Description of "usb_control_msg", states as
> " * @data: pointer to the data to send"
> 
> Later from Usb control request, dst buf is copied to src buf but usb
> control msg request is made before initialization.
> 
> Thank you.
> 
>  sound/usb/mixer_quirks.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
> index 828af3095b86..06903c5de087 100644
> --- a/sound/usb/mixer_quirks.c
> +++ b/sound/usb/mixer_quirks.c
> @@ -2449,7 +2449,7 @@ static int snd_rme_get_status1(struct snd_kcontrol *kcontrol,
>  static int snd_rme_rate_get(struct snd_kcontrol *kcontrol,
>  			    struct snd_ctl_elem_value *ucontrol)
>  {
> -	u32 status1;
> +	u32 status1 = 0;
>  	u32 rate = 0;
>  	int idx;
>  	int err;
> @@ -2483,7 +2483,7 @@ static int snd_rme_rate_get(struct snd_kcontrol *kcontrol,
>  static int snd_rme_sync_state_get(struct snd_kcontrol *kcontrol,
>  				  struct snd_ctl_elem_value *ucontrol)
>  {
> -	u32 status1;
> +	u32 status1 = 0;
>  	int idx = SND_RME_CLOCK_NOLOCK;
>  	int err;
>  
> @@ -2513,7 +2513,7 @@ static int snd_rme_sync_state_get(struct snd_kcontrol *kcontrol,
>  static int snd_rme_spdif_if_get(struct snd_kcontrol *kcontrol,
>  				struct snd_ctl_elem_value *ucontrol)
>  {
> -	u32 status1;
> +	u32 status1 = 0;
>  	int err;
>  
>  	err = snd_rme_get_status1(kcontrol, &status1);
> @@ -2526,7 +2526,7 @@ static int snd_rme_spdif_if_get(struct snd_kcontrol *kcontrol,
>  static int snd_rme_spdif_format_get(struct snd_kcontrol *kcontrol,
>  				    struct snd_ctl_elem_value *ucontrol)
>  {
> -	u32 status1;
> +	u32 status1 = 0;
>  	int err;
>  
>  	err = snd_rme_get_status1(kcontrol, &status1);
> @@ -2539,7 +2539,7 @@ static int snd_rme_spdif_format_get(struct snd_kcontrol *kcontrol,
>  static int snd_rme_sync_source_get(struct snd_kcontrol *kcontrol,
>  				   struct snd_ctl_elem_value *ucontrol)
>  {
> -	u32 status1;
> +	u32 status1 = 0;
>  	int err;
>  
>  	err = snd_rme_get_status1(kcontrol, &status1);
> 

The warning itself is rather dubious.  But it'd certainly give a safer
feeling to cover the uninitialized variables, so it would still make
some sense.

But, the code change can be improved.  e.g. initialize the value in
the callee side, instead of callers; then it'll reduce all changes to
a one-liner.

At the next time, please look at the patterns you changed more closely
and think again whether it's the best change or not before submission.
On the second look, often you see things from a different perspective
:)


thanks,

Takashi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ