From: Dan Carpenter <dan.carpenter@linaro.org>
To: "Tomasz Pakuła" <tomasz.pakula.oficjalny@gmail.com>
Cc: linux-input@vger.kernel.org
Subject: [bug report] HID: pidff: Add support for AXES_ENABLE field
Date: Tue, 19 Aug 2025 11:33:17 +0300 [thread overview]
Message-ID: <aKQ2zYNrk7JRKpOU@stanley.mountain> (raw)
Hello Tomasz Pakuła,
This is a semi-automatic email about new static checker warnings.
Commit 1d72e7bd340b ("HID: pidff: Add support for AXES_ENABLE field")
from Aug 13, 2025, leads to the following Smatch complaint:
drivers/hid/usbhid/hid-pidff.c:1308 pidff_find_special_fields()
error: we previously assumed 'pidff->axes_enable' could be null (see line 1302)
drivers/hid/usbhid/hid-pidff.c:1322 pidff_find_special_fields()
warn: variable dereferenced before check 'pidff->axes_enable' (see line 1308)
drivers/hid/usbhid/hid-pidff.c
1295 if (PIDFF_FIND_SPECIAL_KEYS(operation_id, effect_operation_status,
1296 effect_operation_status) !=
1297 ARRAY_SIZE(pidff_effect_operation_status)) {
1298 hid_err(pidff->hid, "effect operation identifiers not found\n");
1299 return -1;
1300 }
1301
1302 if (!pidff->axes_enable)
^^^^^^^^^^^^^^^^^^
This assumes pidff->axes_enable can be NULL
1303 hid_info(pidff->hid, "axes enable field not found!\n");
1304 else
1305 hid_dbg(pidff->hid, "axes enable report count: %u\n",
1306 pidff->axes_enable->report_count);
1307
1308 uint found = PIDFF_FIND_GENERAL_DESKTOP(direction_axis_id, axes_enable,
1309 direction_axis);
But the PIDFF_FIND_GENERAL_DESKTOP() function dereferences it without
checking so if it's NULL then it will crash.
1310
1311 pidff->axis_count = found;
1312 hid_dbg(pidff->hid, "found direction axes: %u", found);
1313
1314 for (int i = 0; i < sizeof(pidff_direction_axis); i++) {
1315 if (!pidff->direction_axis_id[i])
1316 continue;
1317
1318 hid_dbg(pidff->hid, "axis %d, usage: 0x%04x, index: %d", i + 1,
1319 pidff_direction_axis[i], pidff->direction_axis_id[i]);
1320 }
1321
1322 if (pidff->axes_enable && found != pidff->axes_enable->report_count)
^^^^^^^^^^^^^^^^^^
Checked for NULL again.
1323 hid_warn(pidff->hid, "axes_enable: %u != direction axes: %u",
1324 pidff->axes_enable->report_count, found);
regards,
dan carpenter
reply other threads:[~2025-08-19 8:33 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aKQ2zYNrk7JRKpOU@stanley.mountain \
--to=dan.carpenter@linaro.org \
--cc=linux-input@vger.kernel.org \
--cc=tomasz.pakula.oficjalny@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox