From mboxrd@z Thu Jan  1 00:00:00 1970
From: Takashi Iwai <tiwai@suse.de>
Date: Fri, 17 Apr 2015 12:42:05 +0000
Subject: Re: [patch] ALSA: hda - potential (but unlikely) uninitialized variable
Message-Id: <s5h383zx6xu.wl-tiwai@suse.de>
List-Id: <kernel-janitors.vger.kernel.org>
References: <20150417123514.GA20476@mwanda>
In-Reply-To: <20150417123514.GA20476@mwanda>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Jaroslav Kysela <perex@perex.cz>, David Henningsson <david.henningsson@canonical.com>, alsa-devel@alsa-project.org, kernel-janitors@vger.kernel.org

At Fri, 17 Apr 2015 15:35:15 +0300,
Dan Carpenter wrote:
> 
> This function is a bit unusual because it accepts negative values as
> "conn_len".  It's theoretically possible for both "cache_len" and
> "conn_len" to be -ENOSPC and in that case we would oops trying to run
> memcmp() on the uninitialized "list" pointer.

Yes, that's a bug.  But the check should be rather:

	if (cache_len >= 0 && (cache_len != conn_len ||
		    memcmp(list, conn, conn_len) != 0))

Could you resend with this fix?


thanks,

Takashi


> 
> My static checker complains about this.
> 
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> diff --git a/sound/pci/hda/hda_proc.c b/sound/pci/hda/hda_proc.c
> index ce5a6da..387fdfc 100644
> --- a/sound/pci/hda/hda_proc.c
> +++ b/sound/pci/hda/hda_proc.c
> @@ -556,8 +556,8 @@ static void print_conn_list(struct snd_info_buffer *buffer,
>  
>  	/* Get Cache connections info */
>  	cache_len = snd_hda_get_conn_list(codec, nid, &list);
> -	if (cache_len != conn_len
> -			|| memcmp(list, conn, conn_len)) {
> +	if (cache_len < 0 || cache_len != conn_len ||
> +	    memcmp(list, conn, conn_len) != 0) {
>  		snd_iprintf(buffer, "  In-driver Connection: %d\n", cache_len);
>  		if (cache_len > 0) {
>  			snd_iprintf(buffer, "    ");
>