Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp763748pxb; Tue, 3 Nov 2020 11:49:43 -0800 (PST) X-Google-Smtp-Source: ABdhPJybNfF1bQ/X427G+fZgQEKTndBh4wipJECwEB96yMla+aFX0LQZM+X1YhFMeqdikPsK/gP5 X-Received: by 2002:a17:906:6d0c:: with SMTP id m12mr21737876ejr.498.1604432982810; Tue, 03 Nov 2020 11:49:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1604432982; cv=none; d=google.com; s=arc-20160816; b=nGsKXTH+G9oy1rLRXZDjJdkmBTRWkCZYspEE4zfkTiPkwh7OTWJ2UM3vO0Hj3jO90C QKtSXezLlyv2dyuCU19/h0uJvUyzGC4OHydQTVjppmJaH1Qm/azynHwOEgDbewhYltNO ByBEHGHsKAT8VrG7+BTP7bCHsUsRZKtYyTuccXTACD6Yfd2kL0Oem/DNk1/zFzaQ3+Sa hwtsAjUyFyGDK4BgLRdcb6yV9/1s7zzKPI/QCnXjoB4BlNBCNl1q4uCSIrtByz7HsrLH 163F9eeF7E+QEvw/GQE/YSUDgqtpSlpT8zjH8stHS9B8NGasNNoebKUDT5Ik84V1G24s HKVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:organization:references:in-reply-to:date:cc:to:reply-to :from:subject:message-id:dkim-signature; bh=CHQ3/bBc5WxHfN8LaH/bQM7T7VaD4uRFaJUk/wKN6nw=; b=wZYIHjGu1SR752tjMp9NQy4Jf98UdH+gxketeDK2YZOGmKaIpGwt4Xwe3DJTFr8+FO c+Acp69qqB5nvyyxhjqtV8RoK2eM2gsVXR5E08OlIJPdrVotbLOeRfdwmCUyJbO24ruW WrJ/kbCV4836ENOOskYsfsi/02HWM1uLisq4U8XnzEpECoS8xYv0Fm9l1AdPk5c2YTXA FmJxCshoGDYI650yyFmO4Tp0dD1Xou8tS7TVA2xRwZ3jCACkABGl0bm5HG5FAiTLuhsT auUbaeUqaCu5TrZ/IP7yiYta09c/MqZB54mR2EVOwEjk1Gzw/k9lnfxleEYgMpYtNq87 TSeA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="V/53gMnj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l12si7118264ejx.101.2020.11.03.11.49.19; Tue, 03 Nov 2020 11:49:42 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="V/53gMnj"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729709AbgKCTsA (ORCPT + 99 others); Tue, 3 Nov 2020 14:48:00 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:57794 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727688AbgKCTr7 (ORCPT ); Tue, 3 Nov 2020 14:47:59 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1604432877; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CHQ3/bBc5WxHfN8LaH/bQM7T7VaD4uRFaJUk/wKN6nw=; b=V/53gMnjlQwcfEkf1wAVDNwedSiEa6r9cEf7jBixRKSHZ9+X3uoZU9GO92nWoLQspGLlH/ ka8QPcyOIkfO2LeaQgnLkU4tPc2kb28YYwJEikemRlM1jnTrExmk4Ds4x5A7xSArwgWRaE Ab1v5UR+3D3IarMPGBciBzM0iY8xNFQ= Received: from mail-qv1-f71.google.com (mail-qv1-f71.google.com [209.85.219.71]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-16-IXlK0X2uPQ6ojDauTOp93w-1; Tue, 03 Nov 2020 14:47:56 -0500 X-MC-Unique: IXlK0X2uPQ6ojDauTOp93w-1 Received: by mail-qv1-f71.google.com with SMTP id t13so11006311qvm.14 for ; Tue, 03 Nov 2020 11:47:56 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:reply-to:to:cc:date :in-reply-to:references:organization:user-agent:mime-version :content-transfer-encoding; bh=CHQ3/bBc5WxHfN8LaH/bQM7T7VaD4uRFaJUk/wKN6nw=; b=Ly/0Ctcls9wrx30WVdSCZhlCC6n44fLjlAf0Amg48T+Yf3ulg6+a9kDf316zLs9Ewv dX8wbKxS/kjsZ3pk2gG6z/QhVDZNGiU6sBCCIW8VJvFIa9zoXfP1ogq3a3uxOXmQiHXz o2mpvVctC7Z0iYmENq+hiizQYUhm/X1k0OQtWs/oUm0KiYvLWoq5iyonwbQ3EQIEO0Fq vTQ0uoPxtTaFLEwhB+ogJghQSWcsrLI3tVPt4acBIoCfM/AN0Kr+80lVeFHb4aeegII6 pgmlEG04WV1K8nFbHnBK3UlZOOnjAQo7DmldiKTfWsSMmoP6GIXtkdHl16cWDd0b2wJ0 LBfg== X-Gm-Message-State: AOAM533Mn7Lami+A/QNvtLRXgOdb3PQsmI8Di6dRbL8WXL3oL/FuZSq2 zW1aUR0jfeNeXHLDIoRk5nNKrsLdUYqEWFjZCHJNuwzE2nW+vBWv+WwHqTMUT0cEsV8ujlWwEnX S60cxgEmzqcrp8eCZxkUO/eJ8 X-Received: by 2002:a37:47c2:: with SMTP id u185mr17010913qka.63.1604432875488; Tue, 03 Nov 2020 11:47:55 -0800 (PST) X-Received: by 2002:a37:47c2:: with SMTP id u185mr17010888qka.63.1604432875262; Tue, 03 Nov 2020 11:47:55 -0800 (PST) Received: from Whitewolf.lyude.net (pool-108-49-102-102.bstnma.fios.verizon.net. [108.49.102.102]) by smtp.gmail.com with ESMTPSA id x75sm11687361qka.59.2020.11.03.11.47.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Nov 2020 11:47:54 -0800 (PST) Message-ID: <8d15a513bd38a01b3607e5c75b5754cc599fe33c.camel@redhat.com> Subject: Re: [PATCH] drm/edid: Fix uninitialized variable in drm_cvt_modes() From: Lyude Paul Reply-To: lyude@redhat.com To: Ilia Mirkin Cc: dri-devel , Leon Romanovsky , David Airlie , Chao Yu , open list , Jason Gunthorpe , "# 3.9+" , Thomas Zimmermann , Kalle Valo , Kees Cook Date: Tue, 03 Nov 2020 14:47:53 -0500 In-Reply-To: References: <20201022165450.682571-1-lyude@redhat.com> Organization: Red Hat Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.1 (3.38.1-1.fc33) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sorry! Thought I had responded to this but apparently not, comments down below On Thu, 2020-10-22 at 14:04 -0400, Ilia Mirkin wrote: > On Thu, Oct 22, 2020 at 12:55 PM Lyude Paul wrote: > > > > Noticed this when trying to compile with -Wall on a kernel fork. We > > potentially > > don't set width here, which causes the compiler to complain about width > > potentially being uninitialized in drm_cvt_modes(). So, let's fix that. > > > > Signed-off-by: Lyude Paul > > > > Cc: # v5.9+ > > Fixes: 3f649ab728cd ("treewide: Remove uninitialized_var() usage") > > Signed-off-by: Lyude Paul > > --- > >  drivers/gpu/drm/drm_edid.c | 8 +++++++- > >  1 file changed, 7 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c > > index 631125b46e04..2da158ffed8e 100644 > > --- a/drivers/gpu/drm/drm_edid.c > > +++ b/drivers/gpu/drm/drm_edid.c > > @@ -3094,6 +3094,7 @@ static int drm_cvt_modes(struct drm_connector > > *connector, > > > >         for (i = 0; i < 4; i++) { > >                 int width, height; > > +               u8 cvt_aspect_ratio; > > > >                 cvt = &(timing->data.other_data.data.cvt[i]); > > > > @@ -3101,7 +3102,8 @@ static int drm_cvt_modes(struct drm_connector > > *connector, > >                         continue; > > > >                 height = (cvt->code[0] + ((cvt->code[1] & 0xf0) << 4) + 1) * > > 2; > > -               switch (cvt->code[1] & 0x0c) { > > +               cvt_aspect_ratio = cvt->code[1] & 0x0c; > > +               switch (cvt_aspect_ratio) { > >                 case 0x00: > >                         width = height * 4 / 3; > >                         break; > > @@ -3114,6 +3116,10 @@ static int drm_cvt_modes(struct drm_connector > > *connector, > >                 case 0x0c: > >                         width = height * 15 / 9; > >                         break; > > +               default: > > What value would cvt->code[1] have such that this gets hit? > > Or is this a "compiler is broken, so let's add more code" situation? > If so, perhaps the code added could just be enough to silence the > compiler (unreachable, etc)? I mean, this information comes from the EDID which inherently means it's coming from an untrusted source so the value could be literally anything as long as the EDID has a valid checksum. Note (assuming I'm understanding this code correctly): drm_add_edid_modes() → add_cvt_modes() → drm_for_each_detailed_block() → do_cvt_mode() → drm_cvt_modes() So afaict this isn't a broken compiler but a legitimate uninitialized variable. > >   -ilia > -- Sincerely, Lyude Paul (she/her) Software Engineer at Red Hat Note: I deal with a lot of emails and have a lot of bugs on my plate. If you've asked me a question, are waiting for a review/merge on a patch, etc. and I haven't responded in a while, please feel free to send me another email to check on my status. I don't bite!