* Potential uninitialized variables in subsys input: bcm_iproc_tsc
@ 2019-10-03 20:29 Yizhuo Zhai
2019-10-03 22:42 ` Dmitry Torokhov
0 siblings, 1 reply; 2+ messages in thread
From: Yizhuo Zhai @ 2019-10-03 20:29 UTC (permalink / raw)
To: dmitry.torokhov, linux-input, Chengyu Song, Zhiyun Qian
Hi Dmitry:
Variable "intr_status" and "raw_coordinate" in function
iproc_touchscreen_interrupt()(
(drivers/input/touchscreen/bcm_iproc_tsc.c) could be uninitialized if
regmap_read() returns -EINVAL. But it's directly used later without
the return check, which is potentially unsafe.
Also, we cannot simply return -EINVAL in iproc_touchscreen_interrupt()
because it is out of the return type: irqreturn_t. The same cases
happen in function mx25_tcq_irq() with variable "stat" and function
mx25_tcq_init() with variable "tgcr".
Thanks for your time to check this case.
--
Kind Regards,
Yizhuo Zhai
Computer Science, Graduate Student
University of California, Riverside
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Potential uninitialized variables in subsys input: bcm_iproc_tsc
2019-10-03 20:29 Potential uninitialized variables in subsys input: bcm_iproc_tsc Yizhuo Zhai
@ 2019-10-03 22:42 ` Dmitry Torokhov
0 siblings, 0 replies; 2+ messages in thread
From: Dmitry Torokhov @ 2019-10-03 22:42 UTC (permalink / raw)
To: Yizhuo Zhai; +Cc: linux-input, Chengyu Song, Zhiyun Qian
Hi Yizhuo,
On Thu, Oct 03, 2019 at 01:29:05PM -0700, Yizhuo Zhai wrote:
> Hi Dmitry:
>
> Variable "intr_status" and "raw_coordinate" in function
> iproc_touchscreen_interrupt()(
> (drivers/input/touchscreen/bcm_iproc_tsc.c) could be uninitialized if
> regmap_read() returns -EINVAL. But it's directly used later without
> the return check, which is potentially unsafe.
>
> Also, we cannot simply return -EINVAL in iproc_touchscreen_interrupt()
> because it is out of the return type: irqreturn_t. The same cases
> happen in function mx25_tcq_irq() with variable "stat" and function
> mx25_tcq_init() with variable "tgcr".
>
> Thanks for your time to check this case.
Both of these drivers use MMIO to interact with the hardware, so regmap
failing is purely theoretical possibility.
Thanks.
--
Dmitry
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-10-03 22:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-03 20:29 Potential uninitialized variables in subsys input: bcm_iproc_tsc Yizhuo Zhai
2019-10-03 22:42 ` Dmitry Torokhov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).