2024-02-11 15:08:17

by Daniil Dulov

[permalink] [raw]
Subject: [PATCH 17/17] media: upd64031a: Check return value of i2c_master_recv()

i2c_master_recv() may return an error, so add a check
and return 0xff in case it is passed.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: add953cecba8 ("V4L/DVB (3665): Add new NEC uPD64031A and uPD64083 i2c drivers")
Signed-off-by: Daniil Dulov <[email protected]>
---
drivers/media/i2c/upd64031a.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/drivers/media/i2c/upd64031a.c b/drivers/media/i2c/upd64031a.c
index ef35c6574785..f51f86f30c73 100644
--- a/drivers/media/i2c/upd64031a.c
+++ b/drivers/media/i2c/upd64031a.c
@@ -73,11 +73,12 @@ static u8 upd64031a_read(struct v4l2_subdev *sd, u8 reg)
{
struct i2c_client *client = v4l2_get_subdevdata(sd);
u8 buf[2];
+ int rc;

if (reg >= sizeof(buf))
return 0xff;
- i2c_master_recv(client, buf, 2);
- return buf[reg];
+ rc = i2c_master_recv(client, buf, 2);
+ return rc < 0 ? 0xff : buf[reg];
}

/* ------------------------------------------------------------------------ */
--
2.25.1



2024-02-14 10:18:16

by Hans Verkuil

[permalink] [raw]
Subject: Re: [PATCH 17/17] media: upd64031a: Check return value of i2c_master_recv()

On 11/02/2024 16:07, Daniil Dulov wrote:
> i2c_master_recv() may return an error, so add a check
> and return 0xff in case it is passed.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: add953cecba8 ("V4L/DVB (3665): Add new NEC uPD64031A and uPD64083 i2c drivers")
> Signed-off-by: Daniil Dulov <[email protected]>
> ---
> drivers/media/i2c/upd64031a.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/media/i2c/upd64031a.c b/drivers/media/i2c/upd64031a.c
> index ef35c6574785..f51f86f30c73 100644
> --- a/drivers/media/i2c/upd64031a.c
> +++ b/drivers/media/i2c/upd64031a.c
> @@ -73,11 +73,12 @@ static u8 upd64031a_read(struct v4l2_subdev *sd, u8 reg)
> {
> struct i2c_client *client = v4l2_get_subdevdata(sd);
> u8 buf[2];
> + int rc;
>
> if (reg >= sizeof(buf))
> return 0xff;
> - i2c_master_recv(client, buf, 2);
> - return buf[reg];
> + rc = i2c_master_recv(client, buf, 2);
> + return rc < 0 ? 0xff : buf[reg];

I don't think this patch adds anything useful.

If you just want to avoid uninitialized memory to be returned,
then just do: "u8 buf[2] = {};".

Alternatively, this function should return an int and callers
have to check if an error (<0) was returned and pass that on.

I think the latter is overkill, but I'll take a patch that just
zeroes buf.

Regards,

Hans

> }
>
> /* ------------------------------------------------------------------------ */