Re: [PATCH v2] sound: fix uninit-value in sof_ipc4_pcm_dai_link_fixup_rate

Linux Sound subsystem development
 help / color / mirror / Atom feed

From: Suraj Sonawane <surajsonawane0215@gmail.com>
To: "Mark Brown" <broonie@kernel.org>,
	"Péter Ujfalusi" <peter.ujfalusi@linux.intel.com>
Cc: daniel.baluta@nxp.com, kai.vehmanen@linux.intel.com,
	lgirdwood@gmail.com, linux-kernel@vger.kernel.org,
	linux-sound@vger.kernel.org, perex@perex.cz,
	pierre-louis.bossart@linux.dev,
	ranjani.sridharan@linux.intel.com,
	sound-open-firmware@alsa-project.org, tiwai@suse.com,
	yung-chuan.liao@linux.intel.com
Subject: Re: [PATCH v2] sound: fix uninit-value in sof_ipc4_pcm_dai_link_fixup_rate
Date: Tue, 5 Nov 2024 16:20:23 +0530	[thread overview]
Message-ID: <1611f678-edaf-4588-8455-61eed32b2baa@gmail.com> (raw)
In-Reply-To: <d19b77e2-496b-4633-a69c-576cc79c004a@sirena.org.uk>

On 04/11/24 23:57, Mark Brown wrote:
> On Mon, Nov 04, 2024 at 12:52:09PM +0200, Péter Ujfalusi wrote:
>> On 03/11/2024 13:37, Suraj Sonawane wrote:
> 
>>> Fix an issue detected by the Smatch tool:
>>>
>>> sound/soc/sof/ipc4-pcm.c: sof_ipc4_pcm_dai_link_fixup_rate()
>>> error: uninitialized symbol 'be_rate'.
>>>
>>> This issue occurred because the variable 'be_rate' could remain
>>> uninitialized if num_input_formats is zero. In such cases, the
>>> loop that assigns a value to 'be_rate' would not execute,
>>> potentially leading to undefined behavior when rate->min and
>>> rate->max are set with an uninitialized 'be_rate'.
>>>
>>> To resolve this, an additional check for num_input_formats > 0
>>> was added before setting rate->min and rate->max with 'be_rate'.
>>> This ensures that 'be_rate' is assigned only when there are valid
>>> input formats, preventing any use of uninitialized data.
> 
>>> -		rate->min = be_rate;
>>> -		rate->max = rate->min;
>>> +		/* Set rate only if be_rate was assigned */
>>> +		if (num_input_formats > 0) {
> 
>> By definition the copier must have at least one input and one output
>> format, this check is going to be always true.
> 
> Static analysis of the code can't reasonably tell that, we need
> something that ensures that it doesn't detect a spuriously uninitialised
> variable here.  Possibly a
> 
> 	if (WARN_ON_ONCE(!num_input_formats))
> 		return -EINVAL;
> 
> or similar?

Thank you, Mark and Péter, for the guidance. I understand now that, 
while the copier should always have at least one input format, static 
analysis tools can’t detect this. Based on your suggestions, I’ve 
considered the following possible solutions to address the issue:

1. Add a WARN_ON_ONCE(!num_input_formats) check: This would issue a 
warning and return an error if num_input_formats is unexpectedly zero, 
ensuring we handle any edge cases explicitly.

2. Return an error if no input formats are available: Implementing the 
following check could provide immediate feedback if num_input_formats is 
zero:
     if (num_input_formats <= 0) {
         dev_err(sdev->dev, "No input formats available\n");
         return -EINVAL; // Return an error if there are no formats
     }

Would it be preferable to proceed with the 
WARN_ON_ONCE(!num_input_formats) approach, or is there a preferred 
alternative from the options above?

Thank you again

next prev parent reply	other threads:[~2024-11-05 10:50 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-10-30 15:57 [PATCH] sound: fix uninit-value in sof_ipc4_pcm_dai_link_fixup_rate Suraj Sonawane
2024-10-30 17:10 ` Mark Brown
2024-10-31  6:02   ` Suraj Sonawane
2024-10-30 17:17 ` Mark Brown
2024-11-03 11:37 ` [PATCH v2] " Suraj Sonawane
2024-11-04 10:52   ` Péter Ujfalusi
2024-11-04 18:27     ` Mark Brown
2024-11-05 10:50       ` Suraj Sonawane [this message]
2024-11-05 19:07         ` Mark Brown
2024-11-06  8:34           ` Suraj Sonawane
2024-11-05 10:48     ` Suraj Sonawane

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1611f678-edaf-4588-8455-61eed32b2baa@gmail.com \
    --to=surajsonawane0215@gmail.com \
    --cc=broonie@kernel.org \
    --cc=daniel.baluta@nxp.com \
    --cc=kai.vehmanen@linux.intel.com \
    --cc=lgirdwood@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-sound@vger.kernel.org \
    --cc=perex@perex.cz \
    --cc=peter.ujfalusi@linux.intel.com \
    --cc=pierre-louis.bossart@linux.dev \
    --cc=ranjani.sridharan@linux.intel.com \
    --cc=sound-open-firmware@alsa-project.org \
    --cc=tiwai@suse.com \
    --cc=yung-chuan.liao@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox