LinuxLists.cc - [PATCH] drm/bridge: sii902x: Variable status in sii902x_connector_detect() could be uninitialized if regmap

2019-09-30 04:44:54

Subject: [PATCH] drm/bridge: sii902x: Variable status in sii902x_connector_detect() could be uninitialized if regmap_read() fails

In function sii902x_connector_detect(), variable "status" could be
initialized if regmap_read() fails. However, "status" is used to
decide the return value, which is potentially unsafe.

Signed-off-by: Yizhuo <[email protected]>
---
drivers/gpu/drm/bridge/sii902x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/bridge/sii902x.c b/drivers/gpu/drm/bridge/sii902x.c
index 38f75ac580df..afce64f51ff2 100644
--- a/drivers/gpu/drm/bridge/sii902x.c
+++ b/drivers/gpu/drm/bridge/sii902x.c
@@ -246,7 +246,7 @@ static enum drm_connector_status
sii902x_connector_detect(struct drm_connector *connector, bool force)
{
struct sii902x *sii902x = connector_to_sii902x(connector);
- unsigned int status;
+ unsigned int status = 0;

mutex_lock(&sii902x->mutex);

--
2.17.1

2019-10-04 08:24:21

by Laurent Pinchart

[permalink] [raw]

Subject: Re: [PATCH] drm/bridge: sii902x: Variable status in sii902x_connector_detect() could be uninitialized if regmap_read() fails

Hi Yizhuo,

Thank you for the patch.

On Sun, Sep 29, 2019 at 09:45:02PM -0700, Yizhuo wrote:
> In function sii902x_connector_detect(), variable "status" could be
> initialized if regmap_read() fails. However, "status" is used to

I assume you meant "could be uninitialized" ?

> decide the return value, which is potentially unsafe.
>
> Signed-off-by: Yizhuo <[email protected]>
> ---
> drivers/gpu/drm/bridge/sii902x.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/bridge/sii902x.c b/drivers/gpu/drm/bridge/sii902x.c
> index 38f75ac580df..afce64f51ff2 100644
> --- a/drivers/gpu/drm/bridge/sii902x.c
> +++ b/drivers/gpu/drm/bridge/sii902x.c
> @@ -246,7 +246,7 @@ static enum drm_connector_status
> sii902x_connector_detect(struct drm_connector *connector, bool force)
> {
> struct sii902x *sii902x = connector_to_sii902x(connector);
> - unsigned int status;
> + unsigned int status = 0;
>
> mutex_lock(&sii902x->mutex);

I'll add a bit more context:

> regmap_read(sii902x->regmap, SII902X_INT_STATUS, &status);
>
> mutex_unlock(&sii902x->mutex);
>
> return (status & SII902X_PLUGGED_STATUS) ?
> connector_status_connected : connector_status_disconnected;

If regmap read fails, shouldn't we return connector_status_unknown ?

--
Regards,

Laurent Pinchart