LinuxLists.cc - [PATCH] iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config

2023-01-26 15:36:44

Subject: [PATCH] iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()

Smatch Warns:
drivers/iio/accel/mma9551_core.c:299
mma9551_read_config_word() error: uninitialized symbol 'v'.

When (offset >= 1 << 12) is true mma9551_transfer() will return -EINVAL
without 'v' being initialized, so check for the error and return.

Fixes: 40cb761306d6 ("iio: add driver for Freescale MMA9553")
Signed-off-by: Harshit Mogalapalli <[email protected]>
---
This is detected using static analysis.
---
drivers/iio/accel/mma9551_core.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/drivers/iio/accel/mma9551_core.c b/drivers/iio/accel/mma9551_core.c
index 64ca7d7a9673..75eee7f7303a 100644
--- a/drivers/iio/accel/mma9551_core.c
+++ b/drivers/iio/accel/mma9551_core.c
@@ -296,9 +296,12 @@ int mma9551_read_config_word(struct i2c_client *client, u8 app_id,

ret = mma9551_transfer(client, app_id, MMA9551_CMD_READ_CONFIG,
reg, NULL, 0, (u8 *)&v, 2);
+ if (ret < 0)
+ return ret;
+
*val = be16_to_cpu(v);

- return ret;
+ return 0;
}
EXPORT_SYMBOL_NS(mma9551_read_config_word, IIO_MMA9551);

--
2.38.1

2023-01-28 17:28:41

by Jonathan Cameron

[permalink] [raw]

Subject: Re: [PATCH] iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()

On Thu, 26 Jan 2023 07:36:09 -0800
Harshit Mogalapalli <[email protected]> wrote:

> Smatch Warns:
> drivers/iio/accel/mma9551_core.c:299
> mma9551_read_config_word() error: uninitialized symbol 'v'.
>
> When (offset >= 1 << 12) is true mma9551_transfer() will return -EINVAL
> without 'v' being initialized, so check for the error and return.
>
> Fixes: 40cb761306d6 ("iio: add driver for Freescale MMA9553")
> Signed-off-by: Harshit Mogalapalli <[email protected]>

Similar to previous. It's tidying up an inelegant bit of code, but no
actual bug due to checks at the caller. Hence I've dropped the fixes
tag and added a note to the commit description for anyone considering backporting.

Applied to the togreg branch of iio.git and pushed out as testing for
0-day to take a look at it and see if we missed anything.

Thanks,

Jonathan

> ---
> This is detected using static analysis.
> ---
> drivers/iio/accel/mma9551_core.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/accel/mma9551_core.c b/drivers/iio/accel/mma9551_core.c
> index 64ca7d7a9673..75eee7f7303a 100644
> --- a/drivers/iio/accel/mma9551_core.c
> +++ b/drivers/iio/accel/mma9551_core.c
> @@ -296,9 +296,12 @@ int mma9551_read_config_word(struct i2c_client *client, u8 app_id,
>
> ret = mma9551_transfer(client, app_id, MMA9551_CMD_READ_CONFIG,
> reg, NULL, 0, (u8 *)&v, 2);
> + if (ret < 0)
> + return ret;
> +
> *val = be16_to_cpu(v);
>
> - return ret;
> + return 0;
> }
> EXPORT_SYMBOL_NS(mma9551_read_config_word, IIO_MMA9551);
>