Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755141AbdC1KMc (ORCPT ); Tue, 28 Mar 2017 06:12:32 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:63113 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754432AbdC1KM3 (ORCPT ); Tue, 28 Mar 2017 06:12:29 -0400 From: Arnd Bergmann To: Robin van der Gracht , Miguel Ojeda Sandonis Cc: Arnd Bergmann , Greg Kroah-Hartman , Dmitry Torokhov , Rob Herring , Linus Walleij , linux-kernel@vger.kernel.org Subject: [PATCH] auxdisplay: ht16k33: don't access uninitialized data Date: Tue, 28 Mar 2017 12:11:49 +0200 Message-Id: <20170328101203.4121922-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:nv2HYpaadSHyduKnYb/ZpgQn6pTyrDcoiLeZ9Z3hPdNgQN57UbP e8e8CTXe/LDrSb3e0rTmC616zPuet57qebiPm5kmKY8R1Qv0QlUxfZUD8+1zRKosr3GP+8o RPt7+i1Ab8LCt/KwMDsFNHizFLfvaK0EG2zjsAcDdfdDEym0VQnqpUIvfE4RW2Aj+8EKlUC u0QVugluh0XaLtqQyIiNA== X-UI-Out-Filterresults: notjunk:1;V01:K0:R/POkTaQhjU=:KZSzIONB/IopqWXL0OYsQ2 UT6P/Vui/5oIuri2yWlII5pyGuSaS9impmA1fDDMLMB6kjxRh7jjM3bYmCMKueXL9voZ4rh+R Ivm6zm0Rb7D2QhvmGTnO9x+F/9IJtTsJLLb5BuinoSmDtuTFCaEuNSkqk5wpCqGtnxKqi6UV5 FUHynL0dSk4jaZugH3Cexcq6MjcwWJtASxmDTCg3nNm3iTiJAHJKm9E/bAG22+U0Y3N7rNGcT k4KY+Afj0NkAxceIaU+AnviWPMnctj5qlD0ecbTWS3q8rK1yTlBC22N46C5hG3XqR0JVcyUd8 ETqaNUqwzcEtEn5ON/Eq/9PKpP+jdwR2fyw3IP8sotd50Ir6SpPVeBB7l+uR7MtKbyLEK0RjK yGa30HypQBbBjQb8BTM/9a2L5Z3Ryw+hpbiZDsRWtLG1s8QzP49ofpRuwKHcnHbW0FhW3fWLh /jC3KVrYd4y0Po9B5IqzqFyCprqQrAH7Jf6J25FqexdCfHbfujWoesfX7q+YvEYPNE1WJB6ss XHR8ljNkTW3bc2Uo/3op0dQ7h3HAJRbjtGc2rdu93l+ahaseVbJLPW3Uy4WpROBXe3H3LjVHV F0TqpX4SAWLOYoQQwIgCHHIc+5I6cwu2m3rwfWHitS8TzejTNgWKaDUoPRTxpubIOAJemCpFE HlNTB/kHblQ+jN3+d0n67KQOrqXAv7udrPMgJbEd/bRceAevHYOZ8Oov1dC+s/tmaK4Q= Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1776 Lines: 46 gcc-7.0.1 points out that we copy uninitialized data from the stack into a per-device structure: drivers/auxdisplay/ht16k33.c: In function 'ht16k33_keypad_irq_thread': arch/x86/include/asm/string_32.h:78:16: error: 'new_state' may be used uninitialized in this function [-Werror=maybe-uninitialized] arch/x86/include/asm/string_32.h:79:22: error: '*((void *)&new_state+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized] The access is harmless because we never read the data, but we are better off not doing this, so this changes the code to only copy the data that was actually initialized. To make sure we don't overflow the stack with an incorrect DT, we also need to add a sanity checkin the probe function. Signed-off-by: Arnd Bergmann --- drivers/auxdisplay/ht16k33.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/auxdisplay/ht16k33.c b/drivers/auxdisplay/ht16k33.c index f66b45b235b0..ba6370974574 100644 --- a/drivers/auxdisplay/ht16k33.c +++ b/drivers/auxdisplay/ht16k33.c @@ -278,7 +278,7 @@ static bool ht16k33_keypad_scan(struct ht16k33_keypad *keypad) } } input_sync(keypad->dev); - memcpy(keypad->last_key_state, new_state, sizeof(new_state)); + memcpy(keypad->last_key_state, new_state, sizeof(u16) * keypad->cols); return pressed; } @@ -353,6 +353,12 @@ static int ht16k33_keypad_probe(struct i2c_client *client, err = matrix_keypad_parse_of_params(&client->dev, &rows, &cols); if (err) return err; + if (rows > HT16K33_MATRIX_KEYPAD_MAX_ROWS || + cols > HT16K33_MATRIX_KEYPAD_MAX_COLS) { + dev_err(&client->dev, "%u rows or %u cols out of range in DT\n", + rows, cols); + return -ERANGE; + } keypad->rows = rows; keypad->cols = cols; -- 2.9.0