In function max17042_write_verify_reg(), variable "read_value"
could be uninitialized if regmap_read() fails. However,
"read_value" is used to decide the control flow later in the if
statement, which is potentially unsafe.
Signed-off-by: Yizhuo <[email protected]>
---
drivers/power/supply/max17042_battery.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c
index 0dfad2cf13fe..e6a2dacaa730 100644
--- a/drivers/power/supply/max17042_battery.c
+++ b/drivers/power/supply/max17042_battery.c
@@ -486,12 +486,15 @@ static void max17042_external_power_changed(struct power_supply *psy)
static int max17042_write_verify_reg(struct regmap *map, u8 reg, u32 value)
{
int retries = 8;
- int ret;
+ int ret, err;
u32 read_value;
do {
ret = regmap_write(map, reg, value);
- regmap_read(map, reg, &read_value);
+ err = regmap_read(map, reg, &read_value);
+ if (err)
+ return err;
+
if (read_value != value) {
ret = -EIO;
retries--;
--
2.17.1
Hi,
On Wed, Oct 02, 2019 at 08:44:06AM -0700, Yizhuo wrote:
> In function max17042_write_verify_reg(), variable "read_value"
> could be uninitialized if regmap_read() fails. However,
> "read_value" is used to decide the control flow later in the if
> statement, which is potentially unsafe.
>
> Signed-off-by: Yizhuo <[email protected]>
> ---
Instead of directly failing, integrate this into
the retry loop. Also the Signed-off-by and patch
author name looks incomplete.
Thanks,
-- Sebastian
> drivers/power/supply/max17042_battery.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/power/supply/max17042_battery.c b/drivers/power/supply/max17042_battery.c
> index 0dfad2cf13fe..e6a2dacaa730 100644
> --- a/drivers/power/supply/max17042_battery.c
> +++ b/drivers/power/supply/max17042_battery.c
> @@ -486,12 +486,15 @@ static void max17042_external_power_changed(struct power_supply *psy)
> static int max17042_write_verify_reg(struct regmap *map, u8 reg, u32 value)
> {
> int retries = 8;
> - int ret;
> + int ret, err;
> u32 read_value;
>
> do {
> ret = regmap_write(map, reg, value);
> - regmap_read(map, reg, &read_value);
> + err = regmap_read(map, reg, &read_value);
> + if (err)
> + return err;
> +
> if (read_value != value) {
> ret = -EIO;
> retries--;
> --
> 2.17.1
>