[patch] tgafb: potential NULL dereference in init

[patch] tgafb: potential NULL dereference in init

[Dan Carpenter]

Static checkers complain that there are paths where "tga_type_name" can
be NULL.  I've re-arranged the code slightly so that's impossible.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/drivers/video/tgafb.c b/drivers/video/tgafb.c
index c9c8e5a..2dcaf2e 100644
--- a/drivers/video/tgafb.c
+++ b/drivers/video/tgafb.c
@@ -1475,7 +1475,7 @@ tgafb_init_fix(struct fb_info *info)
 	int tga_bus_pci = TGA_BUS_PCI(par->dev);
 	int tga_bus_tc = TGA_BUS_TC(par->dev);
 	u8 tga_type = par->tga_type;
-	const char *tga_type_name = NULL;
+	const char *tga_type_name;
 
 	switch (tga_type) {
 	case TGA_TYPE_8PLANE:
@@ -1496,10 +1496,9 @@ tgafb_init_fix(struct fb_info *info)
 		if (tga_bus_tc)
 			tga_type_name = "Digital ZLX-E3";
 		break;
-	default:
-		tga_type_name = "Unknown";
-		break;
 	}
+	if (!tga_type_name)
+		tga_type_name = "Unknown";
 
 	strlcpy(info->fix.id, tga_type_name, sizeof(info->fix.id));
 

Re: [patch] tgafb: potential NULL dereference in init

[Geert Uytterhoeven]

On Mon, Aug 26, 2013 at 4:56 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> --- a/drivers/video/tgafb.c
> +++ b/drivers/video/tgafb.c
> @@ -1475,7 +1475,7 @@ tgafb_init_fix(struct fb_info *info)
>         int tga_bus_pci = TGA_BUS_PCI(par->dev);
>         int tga_bus_tc = TGA_BUS_TC(par->dev);
>         u8 tga_type = par->tga_type;
> -       const char *tga_type_name = NULL;
> +       const char *tga_type_name;

Now the real compiler (at least some versions of gcc) will complain
about an uninitialized variable...

>         switch (tga_type) {
>         case TGA_TYPE_8PLANE:
> @@ -1496,10 +1496,9 @@ tgafb_init_fix(struct fb_info *info)
>                 if (tga_bus_tc)
>                         tga_type_name = "Digital ZLX-E3";
>                 break;
> -       default:
> -               tga_type_name = "Unknown";
> -               break;
>         }
> +       if (!tga_type_name)

It will only by NULL if the garbage on the stack was NULL...

> +               tga_type_name = "Unknown";
>
>         strlcpy(info->fix.id, tga_type_name, sizeof(info->fix.id));

Gr{oetje,eeting}s,

                        Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds

Re: [patch] tgafb: potential NULL dereference in init

[Dan Carpenter]

On Mon, Aug 26, 2013 at 07:51:04PM +0200, Geert Uytterhoeven wrote:
> On Mon, Aug 26, 2013 at 4:56 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> > --- a/drivers/video/tgafb.c
> > +++ b/drivers/video/tgafb.c
> > @@ -1475,7 +1475,7 @@ tgafb_init_fix(struct fb_info *info)
> >         int tga_bus_pci = TGA_BUS_PCI(par->dev);
> >         int tga_bus_tc = TGA_BUS_TC(par->dev);
> >         u8 tga_type = par->tga_type;
> > -       const char *tga_type_name = NULL;
> > +       const char *tga_type_name;
> 
> Now the real compiler (at least some versions of gcc) will complain
> about an uninitialized variable...

Oh crap!  The compiler is totally correct here.  I don't know what I was
thinking.  I've just double checked now and my compiler does not catch
this (GCC 4.7.2).

Sorry about that.

regards,
dan carpenter