2023-03-06 06:05:50

by Ivan Bornyakov

[permalink] [raw]
Subject: [PATCH RESEND] bus: imx-weim: fix branch condition evaluates to a garbage value

If bus type is other than imx50_weim_devtype and have no child devices,
variable 'ret' in function weim_parse_dt() will not be initialized, but
will be used as branch condition and return value. Fix this by
initializing 'ret' with 0.

This was discovered with help of clang-analyzer, but the situation is
quite possible in real life.

Signed-off-by: Ivan Bornyakov <[email protected]>
Cc: [email protected]
---
drivers/bus/imx-weim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
index 828c66bbaa67..55d917bd1f3f 100644
--- a/drivers/bus/imx-weim.c
+++ b/drivers/bus/imx-weim.c
@@ -204,8 +204,8 @@ static int weim_parse_dt(struct platform_device *pdev)
const struct of_device_id *of_id = of_match_device(weim_id_table,
&pdev->dev);
const struct imx_weim_devtype *devtype = of_id->data;
+ int ret = 0, have_child = 0;
struct device_node *child;
- int ret, have_child = 0;
struct weim_priv *priv;
void __iomem *base;
u32 reg;
--
2.39.2




2023-03-06 11:19:41

by Fabio Estevam

[permalink] [raw]
Subject: Re: [PATCH RESEND] bus: imx-weim: fix branch condition evaluates to a garbage value

On Mon, Mar 6, 2023 at 3:05 AM Ivan Bornyakov <[email protected]> wrote:
>
> If bus type is other than imx50_weim_devtype and have no child devices,
> variable 'ret' in function weim_parse_dt() will not be initialized, but
> will be used as branch condition and return value. Fix this by
> initializing 'ret' with 0.
>
> This was discovered with help of clang-analyzer, but the situation is
> quite possible in real life.
>
> Signed-off-by: Ivan Bornyakov <[email protected]>
> Cc: [email protected]

Please add a Fixes tag here.

Reviewed-by: Fabio Estevam <[email protected]>

2023-03-06 13:11:23

by Ivan Bornyakov

[permalink] [raw]
Subject: Re: [PATCH RESEND] bus: imx-weim: fix branch condition evaluates to a garbage value

On Mon, Mar 06, 2023 at 09:05:05AM +0300, Ivan Bornyakov wrote:
> If bus type is other than imx50_weim_devtype and have no child devices,
> variable 'ret' in function weim_parse_dt() will not be initialized, but
> will be used as branch condition and return value. Fix this by
> initializing 'ret' with 0.
>
> This was discovered with help of clang-analyzer, but the situation is
> quite possible in real life.
>
> Signed-off-by: Ivan Bornyakov <[email protected]>
> Cc: [email protected]

Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")

Is it OK, or should I post v2 with "Fixes:" tag?

> ---
> drivers/bus/imx-weim.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
> index 828c66bbaa67..55d917bd1f3f 100644
> --- a/drivers/bus/imx-weim.c
> +++ b/drivers/bus/imx-weim.c
> @@ -204,8 +204,8 @@ static int weim_parse_dt(struct platform_device *pdev)
> const struct of_device_id *of_id = of_match_device(weim_id_table,
> &pdev->dev);
> const struct imx_weim_devtype *devtype = of_id->data;
> + int ret = 0, have_child = 0;
> struct device_node *child;
> - int ret, have_child = 0;
> struct weim_priv *priv;
> void __iomem *base;
> u32 reg;
> --
> 2.39.2
>


2023-03-06 13:12:36

by Fabio Estevam

[permalink] [raw]
Subject: Re: [PATCH RESEND] bus: imx-weim: fix branch condition evaluates to a garbage value

On Mon, Mar 6, 2023 at 10:10 AM Ivan Bornyakov <[email protected]> wrote:

> Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
>
> Is it OK, or should I post v2 with "Fixes:" tag?

Please post a v2 with the Fixes tag and my Reviewed-by tag, thanks.

2023-03-06 13:26:29

by Ivan Bornyakov

[permalink] [raw]
Subject: [PATCH v2] bus: imx-weim: fix branch condition evaluates to a garbage value

If bus type is other than imx50_weim_devtype and have no child devices,
variable 'ret' in function weim_parse_dt() will not be initialized, but
will be used as branch condition and return value. Fix this by
initializing 'ret' with 0.

This was discovered with help of clang-analyzer, but the situation is
quite possible in real life.

Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
Signed-off-by: Ivan Bornyakov <[email protected]>
Cc: [email protected]
Reviewed-by: Fabio Estevam <[email protected]>
---
drivers/bus/imx-weim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

ChangeLog:
v1:
[https://lore.kernel.org/all/[email protected]/]
v2:
* add "Fixes" tag
* add Fabio's "Reviewed-by" tag

diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
index 828c66bbaa67..55d917bd1f3f 100644
--- a/drivers/bus/imx-weim.c
+++ b/drivers/bus/imx-weim.c
@@ -204,8 +204,8 @@ static int weim_parse_dt(struct platform_device *pdev)
const struct of_device_id *of_id = of_match_device(weim_id_table,
&pdev->dev);
const struct imx_weim_devtype *devtype = of_id->data;
+ int ret = 0, have_child = 0;
struct device_node *child;
- int ret, have_child = 0;
struct weim_priv *priv;
void __iomem *base;
u32 reg;
--
2.39.2



2023-03-13 06:11:04

by Ivan Bornyakov

[permalink] [raw]
Subject: Re: [PATCH v2] bus: imx-weim: fix branch condition evaluates to a garbage value

On Mon, Mar 06, 2023 at 04:25:26PM +0300, Ivan Bornyakov wrote:
> If bus type is other than imx50_weim_devtype and have no child devices,
> variable 'ret' in function weim_parse_dt() will not be initialized, but
> will be used as branch condition and return value. Fix this by
> initializing 'ret' with 0.
>
> This was discovered with help of clang-analyzer, but the situation is
> quite possible in real life.
>
> Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
> Signed-off-by: Ivan Bornyakov <[email protected]>
> Cc: [email protected]
> Reviewed-by: Fabio Estevam <[email protected]>
> ---
> drivers/bus/imx-weim.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> ChangeLog:
> v1:
> [https://lore.kernel.org/all/[email protected]/]
> v2:
> * add "Fixes" tag
> * add Fabio's "Reviewed-by" tag
>
> diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
> index 828c66bbaa67..55d917bd1f3f 100644
> --- a/drivers/bus/imx-weim.c
> +++ b/drivers/bus/imx-weim.c
> @@ -204,8 +204,8 @@ static int weim_parse_dt(struct platform_device *pdev)
> const struct of_device_id *of_id = of_match_device(weim_id_table,
> &pdev->dev);
> const struct imx_weim_devtype *devtype = of_id->data;
> + int ret = 0, have_child = 0;
> struct device_node *child;
> - int ret, have_child = 0;
> struct weim_priv *priv;
> void __iomem *base;
> u32 reg;
> --
> 2.39.2
>

Ping.


2023-03-14 03:45:16

by Shawn Guo

[permalink] [raw]
Subject: Re: [PATCH v2] bus: imx-weim: fix branch condition evaluates to a garbage value

On Mon, Mar 06, 2023 at 04:25:26PM +0300, Ivan Bornyakov wrote:
> If bus type is other than imx50_weim_devtype and have no child devices,
> variable 'ret' in function weim_parse_dt() will not be initialized, but
> will be used as branch condition and return value. Fix this by
> initializing 'ret' with 0.
>
> This was discovered with help of clang-analyzer, but the situation is
> quite possible in real life.
>
> Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
> Signed-off-by: Ivan Bornyakov <[email protected]>
> Cc: [email protected]
> Reviewed-by: Fabio Estevam <[email protected]>

Ok, picked this version up instead.