From patchwork Tue Nov 12 09:22:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 11238879 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 79ADC14ED for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 63E4521925 for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727142AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from lb3-smtp-cloud9.xs4all.net ([194.109.24.30]:48613 "EHLO lb3-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727113AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from tschai.fritz.box ([46.9.232.237]) by smtp-cloud9.xs4all.net with ESMTPA id USNYib7EmQBsYUSNbiAWsk; Tue, 12 Nov 2019 10:22:31 +0100 From: Hans Verkuil To: linux-media@vger.kernel.org Cc: Hans Verkuil , syzbot+32310fc2aea76898d074@syzkaller.appspotmail.com, syzbot+99706d6390be1ac542a2@syzkaller.appspotmail.com, syzbot+64437af5c781a7f0e08e@syzkaller.appspotmail.com Subject: [PATCH 1/5] gspca: zero usb_buf Date: Tue, 12 Nov 2019 10:22:24 +0100 Message-Id: <20191112092228.15800-2-hverkuil-cisco@xs4all.nl> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> References: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfAp2Ur2fDuqphm8JVUep51Qv9YrmE410jqLEkJhAtuuVozpejR0H5p46yO2llTYD5gNidG6LHLCW+Tri7kAsdWGe3QkhJlenyp1cYKZrbrAYEJRZl1aL jLiijHCMaSWnV1Ccg2kATR3zv81Z0A+CPBN7byg9fQdooBzEf7T91pcgh/EQ/6UjuM9rOY28j6bl+MHcLFs/UvH80gjvJKs7lQMzSP4YH48j08dri0tH6YBA godWun84K0f7QdW58FhMsLEmIrtrHcK1KKgD6K7vcLkASYfZ86Ea/ZZz7K1aSqjkAdX04WdpBt6lMhFBlYYOitU8YAlIs71fxUVJHMLuXZcf1lgvsh0t2S3T V6LU3/MSLpCv2S96YigGNOl0cMnIqpBJ8g3B6RGeCtWdu51ppToQJ/bZE6PakqNBWtFJAv+MLruqJGqBLC7iwI+f8KkgkC2eNv+be7GAqdiudmsmjFI= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org Allocate gspca_dev->usb_buf with kzalloc instead of kmalloc to ensure it is property zeroed. This fixes various syzbot errors about uninitialized data. Syzbot links: https://syzkaller.appspot.com/bug?extid=32310fc2aea76898d074 https://syzkaller.appspot.com/bug?extid=99706d6390be1ac542a2 https://syzkaller.appspot.com/bug?extid=64437af5c781a7f0e08e Signed-off-by: Hans Verkuil Reported-and-tested-by: syzbot+32310fc2aea76898d074@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+99706d6390be1ac542a2@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+64437af5c781a7f0e08e@syzkaller.appspotmail.com --- drivers/media/usb/gspca/gspca.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/gspca/gspca.c b/drivers/media/usb/gspca/gspca.c index 4add2b12d330..c1b307bbe540 100644 --- a/drivers/media/usb/gspca/gspca.c +++ b/drivers/media/usb/gspca/gspca.c @@ -1461,7 +1461,7 @@ int gspca_dev_probe2(struct usb_interface *intf, pr_err("couldn't kzalloc gspca struct\n"); return -ENOMEM; } - gspca_dev->usb_buf = kmalloc(USB_BUF_SZ, GFP_KERNEL); + gspca_dev->usb_buf = kzalloc(USB_BUF_SZ, GFP_KERNEL); if (!gspca_dev->usb_buf) { pr_err("out of memory\n"); ret = -ENOMEM; From patchwork Tue Nov 12 09:22:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 11238883 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DE86114ED for ; Tue, 12 Nov 2019 09:22:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id BF06A21925 for ; Tue, 12 Nov 2019 09:22:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727133AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from lb2-smtp-cloud9.xs4all.net ([194.109.24.26]:40541 "EHLO lb2-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725853AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from tschai.fritz.box ([46.9.232.237]) by smtp-cloud9.xs4all.net with ESMTPA id USNYib7EmQBsYUSNbiAWst; Tue, 12 Nov 2019 10:22:32 +0100 From: Hans Verkuil To: linux-media@vger.kernel.org Cc: Hans Verkuil , syzbot+9d42b7773d2fecd983ab@syzkaller.appspotmail.com, Sean Young Subject: [PATCH 2/5] dvb-usb/af9005: initialize act_len Date: Tue, 12 Nov 2019 10:22:25 +0100 Message-Id: <20191112092228.15800-3-hverkuil-cisco@xs4all.nl> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> References: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfIGRwVFPhhlSaPazOvOLyI7sT9uJvlk1BM1fdowXPTpGHmLm01J6oG8c0hexAllNJsMx4kL8Jvh4Pvs1dnzVxz3zkTJay7X6bX79ASPhmXsRbujGA7aK xfmY8jpDuOWsqUzp/kfuZcAFtHCDVE2SVldcLbXfE/v7DP3SfbHkDZlrsa2RssYzMT9p0gS1lBReT/NI0Nwof/vLMpCDcCrFPhWIUReby8+JWMRqUDGrM6Kc CaJTYl7Sac4KOtqSC2rnkWh1V1N+JyvauRoWO3R1rdVXPCcSDB199/T1255vQhBlIkqwlJr64dqm/YNKkp3le6Rah94bIb9UWUx4lKPE/pc= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The act_len variable was uninitialized, leading to a syzbot error. Syzbot link: https://syzkaller.appspot.com/bug?extid=9d42b7773d2fecd983ab Signed-off-by: Hans Verkuil Reported-and-tested-by: syzbot+9d42b7773d2fecd983ab@syzkaller.appspotmail.com CC: Sean Young --- drivers/media/usb/dvb-usb/af9005.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/af9005.c b/drivers/media/usb/dvb-usb/af9005.c index ac93e88d7038..89b4b5d84cdf 100644 --- a/drivers/media/usb/dvb-usb/af9005.c +++ b/drivers/media/usb/dvb-usb/af9005.c @@ -554,7 +554,7 @@ static int af9005_boot_packet(struct usb_device *udev, int type, u8 *reply, u8 *buf, int size) { u16 checksum; - int act_len, i, ret; + int act_len = 0, i, ret; memset(buf, 0, size); buf[0] = (u8) (FW_BULKOUT_SIZE & 0xff); From patchwork Tue Nov 12 09:22:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 11238881 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D6B0916B1 for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id B4CFD20818 for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727151AbfKLJWj (ORCPT ); Tue, 12 Nov 2019 04:22:39 -0500 Received: from lb2-smtp-cloud9.xs4all.net ([194.109.24.26]:39107 "EHLO lb2-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725944AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from tschai.fritz.box ([46.9.232.237]) by smtp-cloud9.xs4all.net with ESMTPA id USNYib7EmQBsYUSNciAWt2; Tue, 12 Nov 2019 10:22:32 +0100 From: Hans Verkuil To: linux-media@vger.kernel.org Cc: Hans Verkuil , syzbot+ec869945d3dde5f33b43@syzkaller.appspotmail.com, Sean Young Subject: [PATCH 3/5] dvb-usb/vp7045: initialize br[] Date: Tue, 12 Nov 2019 10:22:26 +0100 Message-Id: <20191112092228.15800-4-hverkuil-cisco@xs4all.nl> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> References: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfIGRwVFPhhlSaPazOvOLyI7sT9uJvlk1BM1fdowXPTpGHmLm01J6oG8c0hexAllNJsMx4kL8Jvh4Pvs1dnzVxz3zkTJay7X6bX79ASPhmXsRbujGA7aK xfmY8jpDuOWsqUzp/kfuZcAFtHCDVE2SVldcLbXfE/v7DP3SfbHkDZlrsa2RssYzMT9p0gS1lBReT/NI0Nwof/vLMpCDcCrFPhWIUReby8+JWMRqUDGrM6Kc 4242foE+Q9osVKH7N/Xn5IVySgh9XXhGRKsOoZavOEpWXMGX/q+mYI/Ot7xXMFKFarFwr0QsIi5fisRSRl1yeLAmKPLlZRHQz9zcK3Uaap0= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The br[] array was uninitialized, leading to a syzbot error. Syzbot link: https://syzkaller.appspot.com/bug?extid=ec869945d3dde5f33b43 Signed-off-by: Hans Verkuil Reported-by: syzbot+ec869945d3dde5f33b43@syzkaller.appspotmail.com CC: Sean Young --- drivers/media/usb/dvb-usb/vp7045.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/vp7045.c b/drivers/media/usb/dvb-usb/vp7045.c index 80c1cf05384b..3e87adca5be9 100644 --- a/drivers/media/usb/dvb-usb/vp7045.c +++ b/drivers/media/usb/dvb-usb/vp7045.c @@ -116,7 +116,7 @@ static int vp7045_rc_query(struct dvb_usb_device *d) static int vp7045_read_eeprom(struct dvb_usb_device *d,u8 *buf, int len, int offset) { int i = 0; - u8 v,br[2]; + u8 v, br[2] = { 0 }; for (i=0; i < len; i++) { v = offset + i; vp7045_usb_op(d,GET_EE_VALUE,&v,1,br,2,5); From patchwork Tue Nov 12 09:22:27 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 11238877 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2F9CE1747 for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 19D1921D7F for ; Tue, 12 Nov 2019 09:22:39 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727132AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from lb2-smtp-cloud9.xs4all.net ([194.109.24.26]:60411 "EHLO lb2-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725835AbfKLJWi (ORCPT ); Tue, 12 Nov 2019 04:22:38 -0500 Received: from tschai.fritz.box ([46.9.232.237]) by smtp-cloud9.xs4all.net with ESMTPA id USNYib7EmQBsYUSNciAWtC; Tue, 12 Nov 2019 10:22:32 +0100 From: Hans Verkuil To: linux-media@vger.kernel.org Cc: Hans Verkuil , syzbot+6bf9606ee955b646c0e1@syzkaller.appspotmail.com, Sean Young Subject: [PATCH 4/5] dvb-usb/digitv: initialize key[] Date: Tue, 12 Nov 2019 10:22:27 +0100 Message-Id: <20191112092228.15800-5-hverkuil-cisco@xs4all.nl> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> References: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfIGRwVFPhhlSaPazOvOLyI7sT9uJvlk1BM1fdowXPTpGHmLm01J6oG8c0hexAllNJsMx4kL8Jvh4Pvs1dnzVxz3zkTJay7X6bX79ASPhmXsRbujGA7aK xfmY8jpDuOWsqUzp/kfuZcAFtHCDVE2SVldcLbXfE/v7DP3SfbHkDZlrsa2RssYzMT9p0gS1lBReT/NI0Nwof/vLMpCDcCrFPhWIUReby8+JWMRqUDGrM6Kc +HEbzYdQ2cTHg8XKVbonsYDb9B14DTd960/Dy7sjEtmx3KAkykF7K04jhjsg1HowsYkFnA4lV/r023k27Kl1lvLETVbohUZQkJWuSB8OV/g= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The key array was not initialized to 0, leading to a syzbot failure. Syzbot link: https://syzkaller.appspot.com/bug?extid=6bf9606ee955b646c0e1 Signed-off-by: Hans Verkuil Reported-by: syzbot+6bf9606ee955b646c0e1@syzkaller.appspotmail.com CC: Sean Young --- drivers/media/usb/dvb-usb/digitv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/digitv.c b/drivers/media/usb/dvb-usb/digitv.c index dd5bb230cec1..72b22409880a 100644 --- a/drivers/media/usb/dvb-usb/digitv.c +++ b/drivers/media/usb/dvb-usb/digitv.c @@ -231,7 +231,7 @@ static struct rc_map_table rc_map_digitv_table[] = { static int digitv_rc_query(struct dvb_usb_device *d, u32 *event, int *state) { int i; - u8 key[5]; + u8 key[5] = { 0 }; u8 b[4] = { 0 }; *event = 0; From patchwork Tue Nov 12 09:22:28 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Verkuil X-Patchwork-Id: 11238885 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8BD5616B1 for ; Tue, 12 Nov 2019 09:23:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 765F121925 for ; Tue, 12 Nov 2019 09:23:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727206AbfKLJXi (ORCPT ); Tue, 12 Nov 2019 04:23:38 -0500 Received: from lb3-smtp-cloud9.xs4all.net ([194.109.24.30]:55727 "EHLO lb3-smtp-cloud9.xs4all.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725944AbfKLJXh (ORCPT ); Tue, 12 Nov 2019 04:23:37 -0500 Received: from tschai.fritz.box ([46.9.232.237]) by smtp-cloud9.xs4all.net with ESMTPA id USOaib7fZQBsYUSOeiAXCw; Tue, 12 Nov 2019 10:23:36 +0100 From: Hans Verkuil To: linux-media@vger.kernel.org Cc: Hans Verkuil , syzbot+6bf9606ee955b646c0e1@syzkaller.appspotmail.com, Sean Young Subject: [PATCH 5/5] dvb-usb/dvb-usb-urb.c: initialize actlen to 0 Date: Tue, 12 Nov 2019 10:22:28 +0100 Message-Id: <20191112092228.15800-6-hverkuil-cisco@xs4all.nl> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> References: <20191112092228.15800-1-hverkuil-cisco@xs4all.nl> MIME-Version: 1.0 X-CMAE-Envelope: MS4wfJJDACBvYcV75QWCDMASdH7vjiFdBSEQhZzCQUjzXkuQE26rMMhRcNRgXfuYbIisQLJLbNnpqXJrz0exZq6ota4fRwS/VAHKN4BnxJ4VgOXzV0P5E9ez nlTKa5yW4ueN5chEbohoqOg5tUkbyyGhxIOroyywohNxSgH3RL7QFFKV5jBjjmU79mUFbqyK+X/dyl0OQXxZhHgIkGQ5R6QQYE4RG02eLNLKCH4uSR6mbn6s JL28dvULHCx63aZCp9x9tbhs7qkkTbhWFTCsyYV5QCW8YV/SYvKgh/u+eTBpxSt1XRJIbfdBeYSF4+7UDdyz+bnKP1nv3iGIOP/O/rzRmx0= Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org This fixes a syzbot failure since actlen could be uninitialized, but it was still used. Syzbot link: https://syzkaller.appspot.com/bug?extid=6bf9606ee955b646c0e1 Signed-off-by: Hans Verkuil Reported-and-tested-by: syzbot+6bf9606ee955b646c0e1@syzkaller.appspotmail.com CC: Sean Young Acked-by: Sean Young --- drivers/media/usb/dvb-usb/dvb-usb-urb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/media/usb/dvb-usb/dvb-usb-urb.c b/drivers/media/usb/dvb-usb/dvb-usb-urb.c index c1b4e94a37f8..2aabf90d8697 100644 --- a/drivers/media/usb/dvb-usb/dvb-usb-urb.c +++ b/drivers/media/usb/dvb-usb/dvb-usb-urb.c @@ -12,7 +12,7 @@ int dvb_usb_generic_rw(struct dvb_usb_device *d, u8 *wbuf, u16 wlen, u8 *rbuf, u16 rlen, int delay_ms) { - int actlen,ret = -ENOMEM; + int actlen = 0, ret = -ENOMEM; if (!d || wbuf == NULL || wlen == 0) return -EINVAL;