From: Jeff LaBundy <jeff@labundy.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: linux-input@vger.kernel.org
Subject: Re: [bug report] Input: add support for Azoteq IQS7222A/B/C
Date: Tue, 12 Apr 2022 04:22:51 -0500 [thread overview]
Message-ID: <20220412092251.GA10886@nixie71> (raw)
In-Reply-To: <20220412080123.GN12805@kadam>
Hi Dan,
Thank you for reaching out.
On Tue, Apr 12, 2022 at 11:01:23AM +0300, Dan Carpenter wrote:
> There are a couple other warnings as well:
>
> drivers/input/misc/iqs7222.c:2214 iqs7222_parse_all() error: NULL dereference inside function 'iqs7222_parse_props()
> drivers/input/misc/iqs7222.c:2234 iqs7222_parse_all() error: NULL dereference inside function 'iqs7222_parse_props()
All three of these code paths are tested and do not lead to a crash; I
am suspicious that the warnings are false positives.
>
> regards,
> dan carpenter
>
> On Tue, Apr 12, 2022 at 10:59:37AM +0300, Dan Carpenter wrote:
> > Hello Jeff LaBundy,
> >
> > The patch e505edaedcb9: "Input: add support for Azoteq IQS7222A/B/C"
> > from Apr 8, 2022, leads to the following Smatch static checker
> > warning:
> >
> > drivers/input/misc/iqs7222.c:2166 iqs7222_parse_all()
> > error: NULL dereference inside function 'iqs7222_parse_props()'
> >
> > drivers/input/misc/iqs7222.c
> > 2150 static int iqs7222_parse_all(struct iqs7222_private *iqs7222)
> > 2151 {
> > 2152 const struct iqs7222_dev_desc *dev_desc = iqs7222->dev_desc;
> > 2153 const struct iqs7222_reg_grp_desc *reg_grps = dev_desc->reg_grps;
> > 2154 u16 *sys_setup = iqs7222->sys_setup;
> > 2155 int error, i;
> > 2156
> > 2157 if (dev_desc->event_offset)
> > 2158 sys_setup[dev_desc->event_offset] = IQS7222_EVENT_MASK_ATI;
> > 2159
> > 2160 for (i = 0; i < reg_grps[IQS7222_REG_GRP_CYCLE].num_row; i++) {
> > 2161 error = iqs7222_parse_cycle(iqs7222, i);
> > 2162 if (error)
> > 2163 return error;
> > 2164 }
> > 2165
> > --> 2166 error = iqs7222_parse_props(iqs7222, NULL, 0, IQS7222_REG_GRP_GLBL,
> > ^^^^
> > This NULL is dereferenced inside iqs7222_parse_props() so this will
> > crash.
By design, all calls to iqs7222_parse_props() with **child_node equal
to NULL are accompanied by a value of reg_grp that prevents the pointer
from being dereferenced.
For these specific cases, the pointer is reassigned by way of a switch
block at line 1542 before being dereferenced by fwnode_property_*().
> >
> > 2167 IQS7222_REG_KEY_NONE);
> > 2168 if (error)
> > 2169 return error;
> > 2170
> > 2171 for (i = 0; i < reg_grps[IQS7222_REG_GRP_GPIO].num_row; i++) {
> > 2172 struct fwnode_handle *gpio_node = NULL;
> >
> > regards,
> > dan carpenter
Please let me know in case I have misunderstood or you feel that I can
make any improvements.
Kind regards,
Jeff LaBundy
next prev parent reply other threads:[~2022-04-12 10:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-12 7:59 [bug report] Input: add support for Azoteq IQS7222A/B/C Dan Carpenter
2022-04-12 8:01 ` Dan Carpenter
2022-04-12 9:22 ` Jeff LaBundy [this message]
2022-04-12 9:30 ` Dan Carpenter
2022-04-17 18:28 ` Jeff LaBundy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220412092251.GA10886@nixie71 \
--to=jeff@labundy.com \
--cc=dan.carpenter@oracle.com \
--cc=linux-input@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).