lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <c6694145-253b-0ee3-c0f0-4b492994bfe7@gmail.com>
Date: Wed, 3 Dec 2025 16:31:35 +0530 (IST)
From: HariKrishna Sagala <hariconscious@...il.com>
To: Takashi Iwai <tiwai@...e.de>, hariconscious@...il.com
cc: perex@...ex.cz, tiwai@...e.com, cristian.ciocaltea@...labora.com, 
    cryolitia@...ontech.com, franta-linux@...ntovo.cz, khalid@...nel.org, 
    shuah@...nel.org, david.hunter.linux@...il.com, 
    linux-sound@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ALSA: usb-audio: Initialize status1 to fix uninitialized
 symbol errors

On Wed, 3 Dec 2025, Takashi Iwai wrote:

> On Wed, 03 Dec 2025 09:33:20 +0100,
> hariconscious@...il.com wrote:
> >
> > From: HariKrishna Sagala <hariconscious@...il.com>
> >
> > Initialize 'status1' with a default value to resolve the static analysis
> > smatch reported error "uninitialized symbol 'status1'".
> > The 'status1' variable is used to create a buff using "kmemdup".
> > So, ensure to initialize the value before it is read.
> >
> > Signed-off-by: HariKrishna Sagala <hariconscious@...il.com>
> > ---
> > This patch fixes the below smatch reported errors.
> > sound/usb/mixer_quirks.c:2462 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2467 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2472 snd_rme_rate_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2495 snd_rme_sync_state_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2501 snd_rme_sync_state_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2522 snd_rme_spdif_if_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2535 snd_rme_spdif_format_get() error: uninitialized symbol 'status1'.
> > sound/usb/mixer_quirks.c:2548 snd_rme_sync_source_get() error: uninitialized symbol 'status1'.
> >
> > The below is the flow of 'status1' it is used before initialization.
> >
> > snd_rme_rate_get -> status1 is uninitialized and passed
> > 	snd_rme_get_status1 -> passed as is
> > 		snd_rme_read_value -> passed as is
> > 			snd_usb_ctl_msg -> created buf from status1 using kmemdup
> > 				usb_control_msg -> sent buf for reading/writing
> >
> > Description of "usb_control_msg", states as
> > " * @data: pointer to the data to send"
> >
> > Later from Usb control request, dst buf is copied to src buf but usb
> > control msg request is made before initialization.
> >
> > Thank you.
> >
> >  sound/usb/mixer_quirks.c | 10 +++++-----
> >  1 file changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
> > index 828af3095b86..06903c5de087 100644
> > --- a/sound/usb/mixer_quirks.c
> > +++ b/sound/usb/mixer_quirks.c
> > @@ -2449,7 +2449,7 @@ static int snd_rme_get_status1(struct snd_kcontrol *kcontrol,
> >  static int snd_rme_rate_get(struct snd_kcontrol *kcontrol,
> >  			    struct snd_ctl_elem_value *ucontrol)
> >  {
> > -	u32 status1;
> > +	u32 status1 = 0;
> >  	u32 rate = 0;
> >  	int idx;
> >  	int err;
> > @@ -2483,7 +2483,7 @@ static int snd_rme_rate_get(struct snd_kcontrol *kcontrol,
> >  static int snd_rme_sync_state_get(struct snd_kcontrol *kcontrol,
> >  				  struct snd_ctl_elem_value *ucontrol)
> >  {
> > -	u32 status1;
> > +	u32 status1 = 0;
> >  	int idx = SND_RME_CLOCK_NOLOCK;
> >  	int err;
> >
> > @@ -2513,7 +2513,7 @@ static int snd_rme_sync_state_get(struct snd_kcontrol *kcontrol,
> >  static int snd_rme_spdif_if_get(struct snd_kcontrol *kcontrol,
> >  				struct snd_ctl_elem_value *ucontrol)
> >  {
> > -	u32 status1;
> > +	u32 status1 = 0;
> >  	int err;
> >
> >  	err = snd_rme_get_status1(kcontrol, &status1);
> > @@ -2526,7 +2526,7 @@ static int snd_rme_spdif_if_get(struct snd_kcontrol *kcontrol,
> >  static int snd_rme_spdif_format_get(struct snd_kcontrol *kcontrol,
> >  				    struct snd_ctl_elem_value *ucontrol)
> >  {
> > -	u32 status1;
> > +	u32 status1 = 0;
> >  	int err;
> >
> >  	err = snd_rme_get_status1(kcontrol, &status1);
> > @@ -2539,7 +2539,7 @@ static int snd_rme_spdif_format_get(struct snd_kcontrol *kcontrol,
> >  static int snd_rme_sync_source_get(struct snd_kcontrol *kcontrol,
> >  				   struct snd_ctl_elem_value *ucontrol)
> >  {
> > -	u32 status1;
> > +	u32 status1 = 0;
> >  	int err;
> >
> >  	err = snd_rme_get_status1(kcontrol, &status1);
> >
>
> The warning itself is rather dubious.  But it'd certainly give a safer
> feeling to cover the uninitialized variables, so it would still make
> some sense.
>
> But, the code change can be improved.  e.g. initialize the value in
> the callee side, instead of callers; then it'll reduce all changes to
> a one-liner.
>
> At the next time, please look at the patterns you changed more closely
> and think again whether it's the best change or not before submission.
> On the second look, often you see things from a different perspective
> :)
>
>
> thanks,
>
> Takashi
>

Hi Takashi,

Thank you for the feedback and complement.
Yes, will check the pattern and avoid this going forward.
As all the functions call "snd_rme_get_status1",
initialized here but smatch didn't silence them.

I prefer initializing a variable in caller side as it owns
and aware of initialized value sent.

Sorry, if I had misunderstood your suggestion.

Thank you,
HariKrishna.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ