These three bugs are here:
struct gbaudio_data_connection *data;
If the list '&codec->module_list' is empty then the 'data' will
keep unchanged. However, the 'data' is not initialized and filled
with trash value. As a result, if the value is not NULL, the check
'if (!data) {' will always be false and never exit expectly.
To fix these bug, just initialize 'data' with NULL.
Cc: [email protected]
Fixes: 6dd67645f22cf ("greybus: audio: Use single codec driver registration")
Signed-off-by: Xiaomeng Tong <[email protected]>
---
drivers/staging/greybus/audio_codec.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/greybus/audio_codec.c b/drivers/staging/greybus/audio_codec.c
index b589cf6b1d03..939e05af4dcf 100644
--- a/drivers/staging/greybus/audio_codec.c
+++ b/drivers/staging/greybus/audio_codec.c
@@ -397,7 +397,7 @@ static int gbcodec_hw_params(struct snd_pcm_substream *substream,
u8 sig_bits, channels;
u32 format, rate;
struct gbaudio_module_info *module;
- struct gbaudio_data_connection *data;
+ struct gbaudio_data_connection *data = NULL;
struct gb_bundle *bundle;
struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
struct gbaudio_stream_params *params;
@@ -498,7 +498,7 @@ static int gbcodec_prepare(struct snd_pcm_substream *substream,
{
int ret;
struct gbaudio_module_info *module;
- struct gbaudio_data_connection *data;
+ struct gbaudio_data_connection *data = NULL;
struct gb_bundle *bundle;
struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
struct gbaudio_stream_params *params;
@@ -562,7 +562,7 @@ static int gbcodec_prepare(struct snd_pcm_substream *substream,
static int gbcodec_mute_stream(struct snd_soc_dai *dai, int mute, int stream)
{
int ret;
- struct gbaudio_data_connection *data;
+ struct gbaudio_data_connection *data = NULL;
struct gbaudio_module_info *module;
struct gb_bundle *bundle;
struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
--
2.17.1
On Sun, Mar 27, 2022 at 02:01:20PM +0800, Xiaomeng Tong wrote:
> These three bugs are here:
> struct gbaudio_data_connection *data;
>
> If the list '&codec->module_list' is empty then the 'data' will
> keep unchanged. However, the 'data' is not initialized and filled
> with trash value. As a result, if the value is not NULL, the check
> 'if (!data) {' will always be false and never exit expectly.
>
> To fix these bug, just initialize 'data' with NULL.
>
> Cc: [email protected]
> Fixes: 6dd67645f22cf ("greybus: audio: Use single codec driver registration")
> Signed-off-by: Xiaomeng Tong <[email protected]>
> ---
> drivers/staging/greybus/audio_codec.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/staging/greybus/audio_codec.c b/drivers/staging/greybus/audio_codec.c
> index b589cf6b1d03..939e05af4dcf 100644
> --- a/drivers/staging/greybus/audio_codec.c
> +++ b/drivers/staging/greybus/audio_codec.c
> @@ -397,7 +397,7 @@ static int gbcodec_hw_params(struct snd_pcm_substream *substream,
> u8 sig_bits, channels;
> u32 format, rate;
> struct gbaudio_module_info *module;
> - struct gbaudio_data_connection *data;
> + struct gbaudio_data_connection *data = NULL;
> struct gb_bundle *bundle;
> struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
> struct gbaudio_stream_params *params;
> @@ -498,7 +498,7 @@ static int gbcodec_prepare(struct snd_pcm_substream *substream,
> {
> int ret;
> struct gbaudio_module_info *module;
> - struct gbaudio_data_connection *data;
> + struct gbaudio_data_connection *data = NULL;
> struct gb_bundle *bundle;
> struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
> struct gbaudio_stream_params *params;
> @@ -562,7 +562,7 @@ static int gbcodec_prepare(struct snd_pcm_substream *substream,
> static int gbcodec_mute_stream(struct snd_soc_dai *dai, int mute, int stream)
> {
> int ret;
> - struct gbaudio_data_connection *data;
> + struct gbaudio_data_connection *data = NULL;
> struct gbaudio_module_info *module;
> struct gb_bundle *bundle;
> struct gbaudio_codec_info *codec = dev_get_drvdata(dai->dev);
> --
> 2.17.1
Those changes appear to fix real bugs. Thanks Xiaomeng.
Reviewed-by: Mark Greer <[email protected]>
On Sun, Mar 27, 2022 at 02:01:20PM +0800, Xiaomeng Tong wrote:
> These three bugs are here:
> struct gbaudio_data_connection *data;
>
> If the list '&codec->module_list' is empty then the 'data' will
> keep unchanged.
All three of these functions check for if the codec->module_list is
empty at the start of the function so these are not real bugs.
Smatch is supposed to be able to figure this out, but apparently that
code is broken so Smatch still prints a warning. :(
Apparently GCC does not print a warning for this. Even when I delete
the check for list_empty() then GCC does not print a warning. GCC often
assumes that we enter loops one time. I haven't looked at that, but I
have noticed it in reviewing Smatch vs GCC warnings.
Generally we do not apply static checker work arounds.
I do not have a problem with this particular work around, but it needs
an updated commit message which says it is just to silence static
checker warnings and not to fix bugs. Remove the Fixes tag. Don't CC
stable.
regards,
dan carpenter
On Mon, Mar 28, 2022 at 05:19:45PM +0300, Dan Carpenter wrote:
> On Sun, Mar 27, 2022 at 02:01:20PM +0800, Xiaomeng Tong wrote:
> > These three bugs are here:
> > struct gbaudio_data_connection *data;
> >
> > If the list '&codec->module_list' is empty then the 'data' will
> > keep unchanged.
>
> All three of these functions check for if the codec->module_list is
> empty at the start of the function so these are not real bugs.
Umm, yep, oops. Thanks Dan.
Mark
--
On Mon, 28 Mar 2022 17:19:45 +0300, Dan Carpenter wrote:
> On Sun, Mar 27, 2022 at 02:01:20PM +0800, Xiaomeng Tong wrote:
> > These three bugs are here:
> > struct gbaudio_data_connection *data;
> >
> > If the list '&codec->module_list' is empty then the 'data' will
> > keep unchanged.
>
> All three of these functions check for if the codec->module_list is
> empty at the start of the function so these are not real bugs.
>
> Smatch is supposed to be able to figure this out, but apparently that
> code is broken so Smatch still prints a warning. :(
>
> Apparently GCC does not print a warning for this. Even when I delete
> the check for list_empty() then GCC does not print a warning. GCC often
> assumes that we enter loops one time. I haven't looked at that, but I
> have noticed it in reviewing Smatch vs GCC warnings.
>
> Generally we do not apply static checker work arounds.
>
> I do not have a problem with this particular work around, but it needs
> an updated commit message which says it is just to silence static
> checker warnings and not to fix bugs. Remove the Fixes tag. Don't CC
> stable.
Yes, you are right. I have resend a PATCH with updated commit message as
you suggested, and cc you. Thank you.
--
Xiaomeng Tong