From: Abd-Alrhman Masalkhi <abd.masalkhi@gmail.com>
To: "Ding Yihan" <dingyihan@uniontech.com>,
"Thomas Weißschuh" <thomas.weissschuh@linutronix.de>
Cc: dwlsalmeida@gmail.com, mchehab@kernel.org, linmag7@gmail.com,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
syzbot+96f901260a0b2d29cd1a@syzkaller.appspotmail.com
Subject: Re: [PATCH] media: vidtv: fix uninitialized args.buf_sz passed by value
Date: Fri, 20 Feb 2026 15:53:34 +0100 [thread overview]
Message-ID: <m2ikbr5uvl.fsf@gmail.com> (raw)
In-Reply-To: <AC57A72C7BF9B508+c75971da-ad61-446d-acd6-0ff2c993dbb6@uniontech.com>
Hi Yihan Ding,
On Fri, Feb 20, 2026 at 21:39 +0800, Ding Yihan wrote:
> Hi Thomas and Abd-Alrhman,
>
> While looking into this exact same syzbot report, I noticed that
> `vidtv_ts_pcr_write_into()` in the same file also suffers from the
> exact same pass-by-value anti-pattern (passing `struct pcr_write_args` by value).
>
> Since `pcr_write_args` also contains implicit padding, it remains a potential trigger
> for identical KMSAN uninit-value warnings during fuzzing in the future.
>
> Also, regarding Thomas's concern about modifying shared data: passing the struct
> as a `const pointer` (e.g., `const struct null_packet_write_args *`)
> would perfectly guarantee that the state remains read-only.
>
> Thomas, would it be worth submitting a separate patch now to fix `vidtv_ts_pcr_write_into()`
> to prevent future KMSAN errors? Or would you prefer this to be addressed together in Abd-Alrhman's v2?
>
> Best regards,
> Yihan Ding
>
Thanks for pointing that out. I agree that vidtv_ts_pcr_write_into()
should be updated in the same way, since it has identical padding issues.
For v2 I’ll incorporate both fixes together and switch both parameters
add the const modifier, as you and Thomas suggested.
Thanks again for the helpful review.
--
Best Regards,
Abd-Alrhman
next prev parent reply other threads:[~2026-02-20 14:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 13:39 [PATCH] media: vidtv: fix uninitialized args.buf_sz passed by value Ding Yihan
2026-02-20 13:56 ` Thomas Weißschuh
2026-02-20 14:58 ` Abd-Alrhman Masalkhi
2026-02-20 16:32 ` Thomas Weißschuh
2026-02-20 14:53 ` Abd-Alrhman Masalkhi [this message]
2026-02-21 10:31 ` Abd-Alrhman Masalkhi
-- strict thread matches above, loose matches on Subject: below --
2026-02-16 21:17 Abd-Alrhman Masalkhi
2026-02-18 13:24 ` Thomas Weißschuh
2026-02-19 10:17 ` Abd-Alrhman Masalkhi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ikbr5uvl.fsf@gmail.com \
--to=abd.masalkhi@gmail.com \
--cc=dingyihan@uniontech.com \
--cc=dwlsalmeida@gmail.com \
--cc=linmag7@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=syzbot+96f901260a0b2d29cd1a@syzkaller.appspotmail.com \
--cc=thomas.weissschuh@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox