Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp2186321pxj; Thu, 20 May 2021 02:02:19 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwgEIBpN0Jocha5qs8obfJoSTOvP6vrIcbaPnrtGaIAPis0FXzJ3VIVDEKPWj5yEHpiuT66 X-Received: by 2002:a17:906:a48:: with SMTP id x8mr3669319ejf.127.1621501338965; Thu, 20 May 2021 02:02:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1621501338; cv=none; d=google.com; s=arc-20160816; b=fNe85XSP3/YeAm2/yojuWkDMZDoAIAZFo0Kni6d9sI8SS9/thEdtTJt1N3WsnVKmNY dlgzoQYb1R9inRmlcZjjD65agX2msilY0W8oLN5A+oar5aRnABYJbLR9YPYouDUhQ5Za +cpTxLsU/J97ts7JfWDdf4wqRUhdX0EtlXvGvpZWP1dtROguFWfdZuh1kAAJaES40+5I 0IvH4aIxqm/icuVMu4iR6iVef7ixSvj9KvDlKmCtbx4+ljB6z2sD6oKwZkiJ+g5zGrl7 iQhmO7tT6dJ4d55a83gGXPU9+5p7xJNmU5g+L/67/0mvBgquB5biC74zTgb1guIunRxy xqWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:subject:cc:to:from; bh=VX7Jx6Vh1YHoynJ5eoqik3VM2zA5F7mGbTizwAuLkAs=; b=FmzsdUhFQ8SK56ZrVkDEazuwLFsu6FmxfhXKCOgNHtx4SnvQWqPqFp0UUjtiiE30dB e8jLE88LCJ7OZtZkP4VyO/UNqt4lnfy+euCJK42NBmEYHNnBnQFWkBznpLPDWs3SL9j8 +Yqs6dqsPw5ef8LnthAJLjBj4o3c7YEgQat/OPnXrrwxbFzkGoCR7XFo1mH8eXygi5sr nilG/masH4/aaAj9VtCshDdiXRRHqhyEv/cVS6H9plZQqOK7Q1gLA23wa/3/evA0UH2N Jp5zQxIvkLtG+QfIxaIovDkvHyly4vX9znQZA2/iI5Bi45JDOHXngoIRfkiE2FXxtfZO nMCQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s25si2029148ejx.655.2021.05.20.02.01.53; Thu, 20 May 2021 02:02:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231247AbhETI7o (ORCPT + 99 others); Thu, 20 May 2021 04:59:44 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:58953 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231145AbhETI7n (ORCPT ); Thu, 20 May 2021 04:59:43 -0400 Received: from 1.general.cking.uk.vpn ([10.172.193.212]) by youngberry.canonical.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.93) (envelope-from ) id 1ljeVZ-0003n1-Sr; Thu, 20 May 2021 08:58:21 +0000 From: Colin Ian King To: Takashi Iwai Cc: Jaroslav Kysela , alsa-devel@alsa-project.org, "linux-kernel@vger.kernel.org" Subject: re: ALSA: usb-audio: Handle error for the current selector gracefully [ uninitialized variable issue ] Message-ID: <4b261d68-f53f-240d-2d8a-2f88b337849d@canonical.com> Date: Thu, 20 May 2021 09:58:21 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Static analysis with Coverity on linux-next has detected an uninitialized variable issue with the following commit: commit 481f17c41803985446fd12887b2c042f9c43b0d5 Author: Takashi Iwai Date: Tue May 18 17:21:12 2021 +0200 ALSA: usb-audio: Handle error for the current selector gracefully The branching is a bit convoluted and we end up with variable cur not being initialized. Analysis is as follows: 254static int __uac_clock_find_source(struct snd_usb_audio *chip, 255 const struct audioformat *fmt, int entity_id, 256 unsigned long *visited, bool validate) 257{ 258 union uac23_clock_source_desc *source; 259 union uac23_clock_selector_desc *selector; 260 union uac23_clock_multiplier_desc *multiplier; 1. var_decl: Declaring variable cur without initializer. 261 int ret, i, cur, err, pins, clock_id; 262 const u8 *sources; 263 int proto = fmt->protocol; 264 265 entity_id &= 0xff; 266 2. Condition test_and_set_bit(entity_id, visited), taking false branch. 267 if (test_and_set_bit(entity_id, visited)) { 268 usb_audio_warn(chip, 269 "%s(): recursive clock topology detected, id %d.\n", 270 __func__, entity_id); 271 return -EINVAL; 272 } 273 274 /* first, see if the ID we're looking for is a clock source already */ 275 source = snd_usb_find_clock_source(chip, entity_id, proto); 3. Condition source, taking false branch. 276 if (source) { 277 entity_id = GET_VAL(source, proto, bClockID); 278 if (validate && !uac_clock_source_is_valid(chip, fmt, 279 entity_id)) { 280 usb_audio_err(chip, 281 "clock source %d is not valid, cannot use\n", 282 entity_id); 283 return -ENXIO; 284 } 285 return entity_id; 286 } 287 288 selector = snd_usb_find_clock_selector(chip, entity_id, proto); 4. Condition selector, taking true branch. 289 if (selector) { 5. Condition proto == 48, taking true branch. 290 pins = GET_VAL(selector, proto, bNrInPins); 6. Condition proto == 48, taking true branch. 291 clock_id = GET_VAL(selector, proto, bClockID); 7. Condition proto == 48, taking true branch. 292 sources = GET_VAL(selector, proto, baCSourceID); 293 8. Condition pins == 1, taking false branch. 294 if (pins == 1) { 295 ret = 1; 296 goto find_source; 297 } 298 299 /* the entity ID we are looking for is a selector. 300 * find out what it currently selects */ 301 ret = uac_clock_selector_get_val(chip, clock_id); 9. Condition ret < 0, taking true branch. 302 if (ret < 0) { 10. Condition !chip->autoclock, taking false branch. 303 if (!chip->autoclock) 304 return ret; 11. Jumping to label find_others. 305 goto find_others; 306 } 307 308 /* Selector values are one-based */ 309 310 if (ret > pins || ret < 1) { 311 usb_audio_err(chip, 312 "%s(): selector reported illegal value, id %d, ret %d\n", 313 __func__, clock_id, ret); 314 315 if (!chip->autoclock) 316 return -EINVAL; 317 ret = 0; 318 goto find_others; 319 } 320 321 find_source: 322 cur = ret; 323 ret = __uac_clock_find_source(chip, fmt, 324 sources[ret - 1], 325 visited, validate); 326 if (ret > 0) { 327 err = uac_clock_selector_set_val(chip, entity_id, cur); 328 if (err < 0) 329 return err; 330 } 331 332 if (!validate || ret > 0 || !chip->autoclock) 333 return ret; 334 335 find_others: 336 /* The current clock source is invalid, try others. */ 12. Condition i <= pins, taking true branch. 337 for (i = 1; i <= pins; i++) { Uninitialized scalar variable (UNINIT) 13. uninit_use: Using uninitialized value cur. 338 if (i == cur) 339 continue; 340 Colin