Potential uninitialized variables in subsys input: bcm_iproc

linux-input.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Potential uninitialized variables in subsys input: bcm_iproc_tsc
@ 2019-10-03 20:29 Yizhuo Zhai
  2019-10-03 22:42 ` Dmitry Torokhov
  0 siblings, 1 reply; 2+ messages in thread
From: Yizhuo Zhai @ 2019-10-03 20:29 UTC (permalink / raw)
  To: dmitry.torokhov, linux-input, Chengyu Song, Zhiyun Qian

Hi Dmitry:

Variable "intr_status" and "raw_coordinate" in function
iproc_touchscreen_interrupt()(
(drivers/input/touchscreen/bcm_iproc_tsc.c) could be uninitialized if
regmap_read() returns -EINVAL. But it's directly used later without
the return check, which is potentially unsafe.

Also, we cannot simply return -EINVAL in iproc_touchscreen_interrupt()
because it is out of the return type: irqreturn_t. The same cases
happen in function  mx25_tcq_irq() with variable "stat" and function
mx25_tcq_init() with variable "tgcr".

Thanks for your time to check this case.
-- 
Kind Regards,

Yizhuo Zhai

Computer Science, Graduate Student
University of California, Riverside

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Potential uninitialized variables in subsys input: bcm_iproc_tsc
  2019-10-03 20:29 Potential uninitialized variables in subsys input: bcm_iproc_tsc Yizhuo Zhai
@ 2019-10-03 22:42 ` Dmitry Torokhov
  0 siblings, 0 replies; 2+ messages in thread
From: Dmitry Torokhov @ 2019-10-03 22:42 UTC (permalink / raw)
  To: Yizhuo Zhai; +Cc: linux-input, Chengyu Song, Zhiyun Qian

Hi Yizhuo,

On Thu, Oct 03, 2019 at 01:29:05PM -0700, Yizhuo Zhai wrote:
> Hi Dmitry:
> 
> Variable "intr_status" and "raw_coordinate" in function
> iproc_touchscreen_interrupt()(
> (drivers/input/touchscreen/bcm_iproc_tsc.c) could be uninitialized if
> regmap_read() returns -EINVAL. But it's directly used later without
> the return check, which is potentially unsafe.
> 
> Also, we cannot simply return -EINVAL in iproc_touchscreen_interrupt()
> because it is out of the return type: irqreturn_t. The same cases
> happen in function  mx25_tcq_irq() with variable "stat" and function
> mx25_tcq_init() with variable "tgcr".
> 
> Thanks for your time to check this case.

Both of these drivers use MMIO to interact with the hardware, so regmap
failing is purely theoretical possibility.

Thanks.

-- 
Dmitry

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-10-03 22:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-10-03 20:29 Potential uninitialized variables in subsys input: bcm_iproc_tsc Yizhuo Zhai
2019-10-03 22:42 ` Dmitry Torokhov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).