| Message ID | CABvMjLRuGPgEJ3Ef7=sBk3m3oa+3HuyV9mVY0ZCYuHK=rJRA4w@mail.gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Input: hideep - fix the uninitialized use in hideep_nvm_unlock() | expand |
Hi Yizhuo, On Tue, Jun 15, 2021 at 10:26:09AM -0700, Yizhuo Zhai wrote: > Inside function hideep_nvm_unlock(), variable "unmask_code" could > be uninitialized if hideep_pgm_r_reg() returns error, however, it > is used in the later if statement after an "and" operation, which > is potentially unsafe. I do not think that simply initializing the variable makes the code behave any better. If we want to fix this properly we need to check for errors returned by hideep_pgm_r_reg() and hideep_pgm_w_reg() and exit this function early, signalling the caller about errors. > > Signed-off-by: Yizhuo <yzhai003@ucr.edu> > --- > drivers/input/touchscreen/hideep.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/input/touchscreen/hideep.c > b/drivers/input/touchscreen/hideep.c > index ddad4a82a5e5..49b713ad4384 100644 > --- a/drivers/input/touchscreen/hideep.c > +++ b/drivers/input/touchscreen/hideep.c > @@ -363,7 +363,7 @@ static int hideep_enter_pgm(struct hideep_ts *ts) > > static void hideep_nvm_unlock(struct hideep_ts *ts) > { > - u32 unmask_code; > + u32 unmask_code = 0; > > hideep_pgm_w_reg(ts, HIDEEP_FLASH_CFG, HIDEEP_NVM_SFR_RPAGE); > hideep_pgm_r_reg(ts, 0x0000000C, &unmask_code); > -- > 2.17.1 Thanks.
Hi Demitry: Thanks for your quick response, following your advice, a careful way is changing the return type of "hideep_nvm_unlock()" from void to int, and its caller "hideep_program_nvm()" also needs to add the return check. If this sounds ok, I would go ahead to modify the patch accordingly. On Tue, Jun 15, 2021 at 11:15 AM Dmitry Torokhov <dmitry.torokhov@gmail.com> wrote: > > Hi Yizhuo, > > On Tue, Jun 15, 2021 at 10:26:09AM -0700, Yizhuo Zhai wrote: > > Inside function hideep_nvm_unlock(), variable "unmask_code" could > > be uninitialized if hideep_pgm_r_reg() returns error, however, it > > is used in the later if statement after an "and" operation, which > > is potentially unsafe. > > I do not think that simply initializing the variable makes the code > behave any better. If we want to fix this properly we need to check for > errors returned by hideep_pgm_r_reg() and hideep_pgm_w_reg() and exit > this function early, signalling the caller about errors. > > > > > Signed-off-by: Yizhuo <yzhai003@ucr.edu> > > --- > > drivers/input/touchscreen/hideep.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/drivers/input/touchscreen/hideep.c > > b/drivers/input/touchscreen/hideep.c > > index ddad4a82a5e5..49b713ad4384 100644 > > --- a/drivers/input/touchscreen/hideep.c > > +++ b/drivers/input/touchscreen/hideep.c > > @@ -363,7 +363,7 @@ static int hideep_enter_pgm(struct hideep_ts *ts) > > > > static void hideep_nvm_unlock(struct hideep_ts *ts) > > { > > - u32 unmask_code; > > + u32 unmask_code = 0; > > > > hideep_pgm_w_reg(ts, HIDEEP_FLASH_CFG, HIDEEP_NVM_SFR_RPAGE); > > hideep_pgm_r_reg(ts, 0x0000000C, &unmask_code); > > -- > > 2.17.1 > > Thanks. > > -- > Dmitry
On Tue, Jun 15, 2021 at 11:57:36AM -0700, Yizhuo Zhai wrote: > Hi Demitry: > > Thanks for your quick response, following your advice, a careful way > is changing the return type of "hideep_nvm_unlock()" from void to > int, and its caller "hideep_program_nvm()" also needs to add the > return check. > > If this sounds ok, I would go ahead to modify the patch accordingly. Yes, this sounds right. > > On Tue, Jun 15, 2021 at 11:15 AM Dmitry Torokhov > <dmitry.torokhov@gmail.com> wrote: > > > > Hi Yizhuo, > > > > On Tue, Jun 15, 2021 at 10:26:09AM -0700, Yizhuo Zhai wrote: > > > Inside function hideep_nvm_unlock(), variable "unmask_code" could > > > be uninitialized if hideep_pgm_r_reg() returns error, however, it > > > is used in the later if statement after an "and" operation, which > > > is potentially unsafe. > > > > I do not think that simply initializing the variable makes the code > > behave any better. If we want to fix this properly we need to check for > > errors returned by hideep_pgm_r_reg() and hideep_pgm_w_reg() and exit > > this function early, signalling the caller about errors. > > > > > > > > Signed-off-by: Yizhuo <yzhai003@ucr.edu> > > > --- > > > drivers/input/touchscreen/hideep.c | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > diff --git a/drivers/input/touchscreen/hideep.c > > > b/drivers/input/touchscreen/hideep.c > > > index ddad4a82a5e5..49b713ad4384 100644 > > > --- a/drivers/input/touchscreen/hideep.c > > > +++ b/drivers/input/touchscreen/hideep.c > > > @@ -363,7 +363,7 @@ static int hideep_enter_pgm(struct hideep_ts *ts) > > > > > > static void hideep_nvm_unlock(struct hideep_ts *ts) > > > { > > > - u32 unmask_code; > > > + u32 unmask_code = 0; > > > > > > hideep_pgm_w_reg(ts, HIDEEP_FLASH_CFG, HIDEEP_NVM_SFR_RPAGE); > > > hideep_pgm_r_reg(ts, 0x0000000C, &unmask_code); > > > -- > > > 2.17.1 > > > > Thanks. > > > > -- > > Dmitry > > > > -- > Kind Regards, > > Yizhuo Zhai > > Computer Science, Graduate Student > University of California, Riverside
diff --git a/drivers/input/touchscreen/hideep.c b/drivers/input/touchscreen/hideep.c index ddad4a82a5e5..49b713ad4384 100644 --- a/drivers/input/touchscreen/hideep.c +++ b/drivers/input/touchscreen/hideep.c @@ -363,7 +363,7 @@ static int hideep_enter_pgm(struct hideep_ts *ts) static void hideep_nvm_unlock(struct hideep_ts *ts) { - u32 unmask_code; + u32 unmask_code = 0; hideep_pgm_w_reg(ts, HIDEEP_FLASH_CFG, HIDEEP_NVM_SFR_RPAGE); hideep_pgm_r_reg(ts, 0x0000000C, &unmask_code);
Inside function hideep_nvm_unlock(), variable "unmask_code" could be uninitialized if hideep_pgm_r_reg() returns error, however, it is used in the later if statement after an "and" operation, which is potentially unsafe. Signed-off-by: Yizhuo <yzhai003@ucr.edu> --- drivers/input/touchscreen/hideep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)