| Message ID | 20240910083624.27224-1-m.lobanov@rosalinux.ru (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | iio: accel: bma400: Fix uninitialized variable field_value in tap event handling. | expand |
On Tue, 10 Sep 2024 04:36:20 -0400 Mikhail Lobanov <m.lobanov@rosalinux.ru> wrote: > In the current implementation, the local variable field_value is used > without prior initialization, which may lead to reading uninitialized > memory. Specifically, in the macro set_mask_bits, the initial > (potentially uninitialized) value of the buffer is copied into old__, > and a mask is applied to calculate new__. A similar issue was resolved in > commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use > of unintialized value."). > > Found by Linux Verification Center (linuxtesting.org) with SVACE. > > Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events") > Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru> Ok. It's not a bug as such because ultimately the bits that aren't set are masked out but it is non obvious. So applied to the fixes-togreg branch of iio.git. Thanks, Jonathan > --- > drivers/iio/accel/bma400_core.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c > index e90e2f01550a..04083b7395ab 100644 > --- a/drivers/iio/accel/bma400_core.c > +++ b/drivers/iio/accel/bma400_core.c > @@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data, > static int bma400_tap_event_en(struct bma400_data *data, > enum iio_event_direction dir, int state) > { > - unsigned int mask, field_value; > + unsigned int mask; > + unsigned int field_value = 0; > int ret; > > /*
diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c index e90e2f01550a..04083b7395ab 100644 --- a/drivers/iio/accel/bma400_core.c +++ b/drivers/iio/accel/bma400_core.c @@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data, static int bma400_tap_event_en(struct bma400_data *data, enum iio_event_direction dir, int state) { - unsigned int mask, field_value; + unsigned int mask; + unsigned int field_value = 0; int ret; /*
In the current implementation, the local variable field_value is used without prior initialization, which may lead to reading uninitialized memory. Specifically, in the macro set_mask_bits, the initial (potentially uninitialized) value of the buffer is copied into old__, and a mask is applied to calculate new__. A similar issue was resolved in commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use of unintialized value."). Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events") Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru> --- drivers/iio/accel/bma400_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)