* [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop()
@ 2017-09-10 10:26 Geert Uytterhoeven
[not found] ` <1505039164-25468-1-git-send-email-geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Geert Uytterhoeven @ 2017-09-10 10:26 UTC (permalink / raw)
To: Pantelis Antoniou, Rob Herring, Frank Rowand, Grant Likely
Cc: Arnd Bergmann, devicetree, linux-kernel, Geert Uytterhoeven
With gcc 4.1.2:
drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’:
drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function
drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function
Indeed, if ov->count == 0, both variables are uninitialized, which may
lead to a crash when dereferencing ovinfo later.
Currently this is a false positive, as the sole creator of of_overlay
structures (of_build_overlay_info(), introduced in commit
7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for
this.
To prevent future issues, add a check for a zero ov->count to
dup_and_fixup_symbol_prop(). Note that this does not get rid of the
actual compiler warning.
Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
drivers/of/overlay.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c
index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644
--- a/drivers/of/overlay.c
+++ b/drivers/of/overlay.c
@@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov,
int overlay_name_len;
int target_path_len;
- if (!prop->value)
+ if (!ov->count || !prop->value)
return NULL;
symbol_path = prop->value;
--
2.7.4
^ permalink raw reply related [flat|nested] 10+ messages in thread[parent not found: <1505039164-25468-1-git-send-email-geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org>]
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() 2017-09-10 10:26 [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() Geert Uytterhoeven @ 2017-09-19 17:27 ` Rob Herring 0 siblings, 0 replies; 10+ messages in thread From: Rob Herring @ 2017-09-19 17:27 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Pantelis Antoniou, Frank Rowand, Grant Likely, Arnd Bergmann, devicetree-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA On Sun, Sep 10, 2017 at 12:26:04PM +0200, Geert Uytterhoeven wrote: > With gcc 4.1.2: > > drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: > drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function > drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function > > Indeed, if ov->count == 0, both variables are uninitialized, which may > lead to a crash when dereferencing ovinfo later. > > Currently this is a false positive, as the sole creator of of_overlay > structures (of_build_overlay_info(), introduced in commit > 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for > this. > > To prevent future issues, add a check for a zero ov->count to > dup_and_fixup_symbol_prop(). Note that this does not get rid of the > actual compiler warning. > > Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") > Signed-off-by: Geert Uytterhoeven <geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org> > --- > drivers/of/overlay.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Applied. Rob -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() @ 2017-09-19 17:27 ` Rob Herring 0 siblings, 0 replies; 10+ messages in thread From: Rob Herring @ 2017-09-19 17:27 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Pantelis Antoniou, Frank Rowand, Grant Likely, Arnd Bergmann, devicetree, linux-kernel On Sun, Sep 10, 2017 at 12:26:04PM +0200, Geert Uytterhoeven wrote: > With gcc 4.1.2: > > drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: > drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function > drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function > > Indeed, if ov->count == 0, both variables are uninitialized, which may > lead to a crash when dereferencing ovinfo later. > > Currently this is a false positive, as the sole creator of of_overlay > structures (of_build_overlay_info(), introduced in commit > 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for > this. > > To prevent future issues, add a check for a zero ov->count to > dup_and_fixup_symbol_prop(). Note that this does not get rid of the > actual compiler warning. > > Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") > Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> > --- > drivers/of/overlay.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Applied. Rob ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() 2017-09-10 10:26 [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() Geert Uytterhoeven @ 2017-09-19 18:27 ` Frank Rowand 0 siblings, 0 replies; 10+ messages in thread From: Frank Rowand @ 2017-09-19 18:27 UTC (permalink / raw) To: Geert Uytterhoeven, Pantelis Antoniou, Rob Herring, Grant Likely Cc: Arnd Bergmann, devicetree-u79uwXL29TY76Z2rM5mHXA, linux-kernel-u79uwXL29TY76Z2rM5mHXA On 09/10/17 03:26, Geert Uytterhoeven wrote: > With gcc 4.1.2: > > drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: > drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function > drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function > > Indeed, if ov->count == 0, both variables are uninitialized, which may > lead to a crash when dereferencing ovinfo later. > > Currently this is a false positive, as the sole creator of of_overlay > structures (of_build_overlay_info(), introduced in commit > 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for > this. > > To prevent future issues, add a check for a zero ov->count to > dup_and_fixup_symbol_prop(). Note that this does not get rid of the > actual compiler warning. > > Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") > Signed-off-by: Geert Uytterhoeven <geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org> > --- > drivers/of/overlay.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c > index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 > --- a/drivers/of/overlay.c > +++ b/drivers/of/overlay.c > @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, > int overlay_name_len; > int target_path_len; > > - if (!prop->value) > + if (!ov->count || !prop->value) > return NULL; > symbol_path = prop->value; > > I did not see this patch due to an overzealous spam filter. I noticed it when Rob replied with his applied email. This check is not needed to prevent accessing overlay_name_len and ovinfo when ov->count == 0. That is already prevented by: if (k >= ov->count) goto err_free; because k will be zero and ov->count will be zero. -Frank -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() @ 2017-09-19 18:27 ` Frank Rowand 0 siblings, 0 replies; 10+ messages in thread From: Frank Rowand @ 2017-09-19 18:27 UTC (permalink / raw) To: Geert Uytterhoeven, Pantelis Antoniou, Rob Herring, Grant Likely Cc: Arnd Bergmann, devicetree, linux-kernel On 09/10/17 03:26, Geert Uytterhoeven wrote: > With gcc 4.1.2: > > drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: > drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function > drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function > > Indeed, if ov->count == 0, both variables are uninitialized, which may > lead to a crash when dereferencing ovinfo later. > > Currently this is a false positive, as the sole creator of of_overlay > structures (of_build_overlay_info(), introduced in commit > 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for > this. > > To prevent future issues, add a check for a zero ov->count to > dup_and_fixup_symbol_prop(). Note that this does not get rid of the > actual compiler warning. > > Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") > Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> > --- > drivers/of/overlay.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c > index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 > --- a/drivers/of/overlay.c > +++ b/drivers/of/overlay.c > @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, > int overlay_name_len; > int target_path_len; > > - if (!prop->value) > + if (!ov->count || !prop->value) > return NULL; > symbol_path = prop->value; > > I did not see this patch due to an overzealous spam filter. I noticed it when Rob replied with his applied email. This check is not needed to prevent accessing overlay_name_len and ovinfo when ov->count == 0. That is already prevented by: if (k >= ov->count) goto err_free; because k will be zero and ov->count will be zero. -Frank ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <59C16197.4040403-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>]
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() 2017-09-19 18:27 ` Frank Rowand @ 2017-09-19 19:15 ` Rob Herring -1 siblings, 0 replies; 10+ messages in thread From: Rob Herring @ 2017-09-19 19:15 UTC (permalink / raw) To: Frank Rowand Cc: Geert Uytterhoeven, Pantelis Antoniou, Grant Likely, Arnd Bergmann, devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org On Tue, Sep 19, 2017 at 1:27 PM, Frank Rowand <frowand.list-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > On 09/10/17 03:26, Geert Uytterhoeven wrote: >> With gcc 4.1.2: >> >> drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: >> drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function >> drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function >> >> Indeed, if ov->count == 0, both variables are uninitialized, which may >> lead to a crash when dereferencing ovinfo later. >> >> Currently this is a false positive, as the sole creator of of_overlay >> structures (of_build_overlay_info(), introduced in commit >> 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for >> this. >> >> To prevent future issues, add a check for a zero ov->count to >> dup_and_fixup_symbol_prop(). Note that this does not get rid of the >> actual compiler warning. >> >> Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") >> Signed-off-by: Geert Uytterhoeven <geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org> >> --- >> drivers/of/overlay.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >> index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 >> --- a/drivers/of/overlay.c >> +++ b/drivers/of/overlay.c >> @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, >> int overlay_name_len; >> int target_path_len; >> >> - if (!prop->value) >> + if (!ov->count || !prop->value) >> return NULL; >> symbol_path = prop->value; >> >> > > I did not see this patch due to an overzealous spam filter. I noticed it > when Rob replied with his applied email. > > This check is not needed to prevent accessing overlay_name_len and ovinfo > when ov->count == 0. That is already prevented by: > > if (k >= ov->count) > goto err_free; > > because k will be zero and ov->count will be zero. Okay, will drop. Rob -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() @ 2017-09-19 19:15 ` Rob Herring 0 siblings, 0 replies; 10+ messages in thread From: Rob Herring @ 2017-09-19 19:15 UTC (permalink / raw) To: Frank Rowand Cc: Geert Uytterhoeven, Pantelis Antoniou, Grant Likely, Arnd Bergmann, devicetree@vger.kernel.org, linux-kernel@vger.kernel.org On Tue, Sep 19, 2017 at 1:27 PM, Frank Rowand <frowand.list@gmail.com> wrote: > On 09/10/17 03:26, Geert Uytterhoeven wrote: >> With gcc 4.1.2: >> >> drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: >> drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function >> drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function >> >> Indeed, if ov->count == 0, both variables are uninitialized, which may >> lead to a crash when dereferencing ovinfo later. >> >> Currently this is a false positive, as the sole creator of of_overlay >> structures (of_build_overlay_info(), introduced in commit >> 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for >> this. >> >> To prevent future issues, add a check for a zero ov->count to >> dup_and_fixup_symbol_prop(). Note that this does not get rid of the >> actual compiler warning. >> >> Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") >> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> >> --- >> drivers/of/overlay.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >> index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 >> --- a/drivers/of/overlay.c >> +++ b/drivers/of/overlay.c >> @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, >> int overlay_name_len; >> int target_path_len; >> >> - if (!prop->value) >> + if (!ov->count || !prop->value) >> return NULL; >> symbol_path = prop->value; >> >> > > I did not see this patch due to an overzealous spam filter. I noticed it > when Rob replied with his applied email. > > This check is not needed to prevent accessing overlay_name_len and ovinfo > when ov->count == 0. That is already prevented by: > > if (k >= ov->count) > goto err_free; > > because k will be zero and ov->count will be zero. Okay, will drop. Rob ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() 2017-09-19 18:27 ` Frank Rowand (?) (?) @ 2017-09-19 20:16 ` Geert Uytterhoeven [not found] ` <CAMuHMdUo=O6J4Qs8J+Jrx6LFeLRmE77hzpfaAUFYtdfYN1-hpw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org> -1 siblings, 1 reply; 10+ messages in thread From: Geert Uytterhoeven @ 2017-09-19 20:16 UTC (permalink / raw) To: Frank Rowand Cc: Pantelis Antoniou, Rob Herring, Grant Likely, Arnd Bergmann, devicetree@vger.kernel.org, linux-kernel@vger.kernel.org Hi Frank, On Tue, Sep 19, 2017 at 8:27 PM, Frank Rowand <frowand.list@gmail.com> wrote: > On 09/10/17 03:26, Geert Uytterhoeven wrote: >> With gcc 4.1.2: >> >> drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: >> drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function >> drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function >> >> Indeed, if ov->count == 0, both variables are uninitialized, which may >> lead to a crash when dereferencing ovinfo later. >> >> Currently this is a false positive, as the sole creator of of_overlay >> structures (of_build_overlay_info(), introduced in commit >> 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for >> this. >> >> To prevent future issues, add a check for a zero ov->count to >> dup_and_fixup_symbol_prop(). Note that this does not get rid of the >> actual compiler warning. >> >> Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") >> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> >> --- >> drivers/of/overlay.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >> index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 >> --- a/drivers/of/overlay.c >> +++ b/drivers/of/overlay.c >> @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, >> int overlay_name_len; >> int target_path_len; >> >> - if (!prop->value) >> + if (!ov->count || !prop->value) >> return NULL; >> symbol_path = prop->value; >> > > I did not see this patch due to an overzealous spam filter. I noticed it > when Rob replied with his applied email. > > This check is not needed to prevent accessing overlay_name_len and ovinfo > when ov->count == 0. That is already prevented by: > > if (k >= ov->count) > goto err_free; > > because k will be zero and ov->count will be zero. Thank you, I stand corrected. Gr{oetje,eeting}s, Geert -- Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org In personal conversations with technical people, I call myself a hacker. But when I'm talking to journalists I just say "programmer" or something like that. -- Linus Torvalds ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <CAMuHMdUo=O6J4Qs8J+Jrx6LFeLRmE77hzpfaAUFYtdfYN1-hpw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>]
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() 2017-09-19 20:16 ` Geert Uytterhoeven @ 2017-09-20 0:20 ` Frank Rowand 0 siblings, 0 replies; 10+ messages in thread From: Frank Rowand @ 2017-09-20 0:20 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Pantelis Antoniou, Rob Herring, Grant Likely, Arnd Bergmann, devicetree-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org On 09/19/17 13:16, Geert Uytterhoeven wrote: > Hi Frank, > > On Tue, Sep 19, 2017 at 8:27 PM, Frank Rowand <frowand.list-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: >> On 09/10/17 03:26, Geert Uytterhoeven wrote: >>> With gcc 4.1.2: >>> >>> drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: >>> drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function >>> drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function >>> >>> Indeed, if ov->count == 0, both variables are uninitialized, which may >>> lead to a crash when dereferencing ovinfo later. >>> >>> Currently this is a false positive, as the sole creator of of_overlay >>> structures (of_build_overlay_info(), introduced in commit >>> 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for >>> this. >>> >>> To prevent future issues, add a check for a zero ov->count to >>> dup_and_fixup_symbol_prop(). Note that this does not get rid of the >>> actual compiler warning. >>> >>> Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") >>> Signed-off-by: Geert Uytterhoeven <geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org> >>> --- >>> drivers/of/overlay.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >>> index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 >>> --- a/drivers/of/overlay.c >>> +++ b/drivers/of/overlay.c >>> @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, >>> int overlay_name_len; >>> int target_path_len; >>> >>> - if (!prop->value) >>> + if (!ov->count || !prop->value) >>> return NULL; >>> symbol_path = prop->value; >>> >> >> I did not see this patch due to an overzealous spam filter. I noticed it >> when Rob replied with his applied email. >> >> This check is not needed to prevent accessing overlay_name_len and ovinfo >> when ov->count == 0. That is already prevented by: >> >> if (k >= ov->count) >> goto err_free; >> >> because k will be zero and ov->count will be zero. > > Thank you, I stand corrected. No problem. It's not real obvious, you really need to stop and ponder. -- To unsubscribe from this list: send the line "unsubscribe devicetree" in the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() @ 2017-09-20 0:20 ` Frank Rowand 0 siblings, 0 replies; 10+ messages in thread From: Frank Rowand @ 2017-09-20 0:20 UTC (permalink / raw) To: Geert Uytterhoeven Cc: Pantelis Antoniou, Rob Herring, Grant Likely, Arnd Bergmann, devicetree@vger.kernel.org, linux-kernel@vger.kernel.org On 09/19/17 13:16, Geert Uytterhoeven wrote: > Hi Frank, > > On Tue, Sep 19, 2017 at 8:27 PM, Frank Rowand <frowand.list@gmail.com> wrote: >> On 09/10/17 03:26, Geert Uytterhoeven wrote: >>> With gcc 4.1.2: >>> >>> drivers/of/overlay.c: In function ‘dup_and_fixup_symbol_prop’: >>> drivers/of/overlay.c:108: warning: ‘overlay_name_len’ may be used uninitialized in this function >>> drivers/of/overlay.c:100: warning: ‘ovinfo’ may be used uninitialized in this function >>> >>> Indeed, if ov->count == 0, both variables are uninitialized, which may >>> lead to a crash when dereferencing ovinfo later. >>> >>> Currently this is a false positive, as the sole creator of of_overlay >>> structures (of_build_overlay_info(), introduced in commit >>> 7518b5890d8ac366 ("of/overlay: Introduce DT overlay support") checks for >>> this. >>> >>> To prevent future issues, add a check for a zero ov->count to >>> dup_and_fixup_symbol_prop(). Note that this does not get rid of the >>> actual compiler warning. >>> >>> Fixes: d1651b03c2df75db ("of: overlay: add overlay symbols to live device tree") >>> Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org> >>> --- >>> drivers/of/overlay.c | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/drivers/of/overlay.c b/drivers/of/overlay.c >>> index 8ecfee31ab6d3874..ebe19e0f8e4d1f4b 100644 >>> --- a/drivers/of/overlay.c >>> +++ b/drivers/of/overlay.c >>> @@ -108,7 +108,7 @@ static struct property *dup_and_fixup_symbol_prop(struct of_overlay *ov, >>> int overlay_name_len; >>> int target_path_len; >>> >>> - if (!prop->value) >>> + if (!ov->count || !prop->value) >>> return NULL; >>> symbol_path = prop->value; >>> >> >> I did not see this patch due to an overzealous spam filter. I noticed it >> when Rob replied with his applied email. >> >> This check is not needed to prevent accessing overlay_name_len and ovinfo >> when ov->count == 0. That is already prevented by: >> >> if (k >= ov->count) >> goto err_free; >> >> because k will be zero and ov->count will be zero. > > Thank you, I stand corrected. No problem. It's not real obvious, you really need to stop and ponder. ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2017-09-20 0:21 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-09-10 10:26 [PATCH] of: overlay: Fix uninitialized vars in dup_and_fixup_symbol_prop() Geert Uytterhoeven
[not found] ` <1505039164-25468-1-git-send-email-geert-Td1EMuHUCqxL1ZNQvxDV9g@public.gmane.org>
2017-09-19 17:27 ` Rob Herring
2017-09-19 17:27 ` Rob Herring
2017-09-19 18:27 ` Frank Rowand
2017-09-19 18:27 ` Frank Rowand
[not found] ` <59C16197.4040403-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2017-09-19 19:15 ` Rob Herring
2017-09-19 19:15 ` Rob Herring
2017-09-19 20:16 ` Geert Uytterhoeven
[not found] ` <CAMuHMdUo=O6J4Qs8J+Jrx6LFeLRmE77hzpfaAUFYtdfYN1-hpw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-09-20 0:20 ` Frank Rowand
2017-09-20 0:20 ` Frank Rowand
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.