Re: [PATCH] can: etas_es58x: initialize rx_event_msg before calling es58x_check_msg_len()

From: Yujie Liu
Date: Sun Mar 06 2022 - 21:30:31 EST

Next message: Baolin Wang: "Re: [PATCH 08/16] mm/migration: avoid unneeded nodemask_t initialization"
Previous message: Xing Zhengjun: "Re: [PATCH v3 1/2] perf vendor events intel: Add core event list for Alderlake"
In reply to: Vincent Mailhol: "[PATCH] can: etas_es58x: initialize rx_event_msg before calling es58x_check_msg_len()"
Next in thread: Marc Kleine-Budde: "Re: [PATCH] can: etas_es58x: initialize rx_event_msg before calling es58x_check_msg_len()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Vincent,

On 3/6/2022 18:13, Vincent Mailhol wrote:

Function es58x_fd_rx_event() invokes the es58x_check_msg_len() macro:
| ret = es58x_check_msg_len(es58x_dev->dev, *rx_event_msg, msg_len);
While doing so, it deferences an uninitialized variable: *rx_event_msg.

This is actually harmless because es58x_check_msg_len() only uses
preprocessors macro (sizeof() and __stringify()) on
*rx_event_msg. c.f. [1].

Nonetheless, this pattern is confusing so the lines are reordered to
make sure that rx_event_msg is correctly initialized.

This patch also fixes a false positive warning reported by cppcheck:

| cppcheck possible warnings: (new ones prefixed by >>, may not be real problems)
|
| In file included from drivers/net/can/usb/etas_es58x/es58x_fd.c:
| >> drivers/net/can/usb/etas_es58x/es58x_fd.c:174:8: warning: Uninitialized variable: rx_event_msg [uninitvar]
| ret = es58x_check_msg_len(es58x_dev->dev, *rx_event_msg, msg_len);
| ^

[1] https://elixir.bootlin.com/linux/latest/source/drivers/net/can/usb/etas_es58x/es58x_core.h#L467

Reported-by: kernel test robot <yujie.liu@xxxxxxxxx>
Signed-off-by: Vincent Mailhol <mailhol.vincent@xxxxxxxxxx>
---
As discussed in
https://lore.kernel.org/linux-can/20220302130423.ddd2ulldffpo5lb2@xxxxxxxxxxxxxx/T/#u,
no need to backport this patch because this is not a fix.

@Yujie Liu: I added the "Reported-by: kernel test robot". This being a
false positive, let me know if you would like to remove the tag in
order not to mess with you statistics.

Actually we did some analysis similar to those in the report mail thread, and noticed
that it was a false positive, but we still sent out the report since the code at here
is not consistent with other function in the same patch. We should have made this
clearer in the original report.

Since "Reported-by" tag is dedicated for reporting a real bug, so please kindly remove
the tag in this patch, thanks.

Regards,
Yujie

---
drivers/net/can/usb/etas_es58x/es58x_fd.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/drivers/net/can/usb/etas_es58x/es58x_fd.c b/drivers/net/can/usb/etas_es58x/es58x_fd.c
index 88d2540abbbe..c97ffa71fd75 100644
--- a/drivers/net/can/usb/etas_es58x/es58x_fd.c
+++ b/drivers/net/can/usb/etas_es58x/es58x_fd.c
@@ -173,12 +173,11 @@ static int es58x_fd_rx_event_msg(struct net_device *netdev,
const struct es58x_fd_rx_event_msg *rx_event_msg;
int ret;
+ rx_event_msg = &es58x_fd_urb_cmd->rx_event_msg;
ret = es58x_check_msg_len(es58x_dev->dev, *rx_event_msg, msg_len);
if (ret)
return ret;
- rx_event_msg = &es58x_fd_urb_cmd->rx_event_msg;
-
return es58x_rx_err_msg(netdev, rx_event_msg->error_code,
rx_event_msg->event_code,
get_unaligned_le64(&rx_event_msg->timestamp));

Next message: Baolin Wang: "Re: [PATCH 08/16] mm/migration: avoid unneeded nodemask_t initialization"
Previous message: Xing Zhengjun: "Re: [PATCH v3 1/2] perf vendor events intel: Add core event list for Alderlake"
In reply to: Vincent Mailhol: "[PATCH] can: etas_es58x: initialize rx_event_msg before calling es58x_check_msg_len()"
Next in thread: Marc Kleine-Budde: "Re: [PATCH] can: etas_es58x: initialize rx_event_msg before calling es58x_check_msg_len()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]