| Message ID | 20201203225458.1477830-1-arnd@kernel.org |
|---|---|
| State | New |
| Headers | show |
| Series | ASoC: cros_ec_codec: fix uninitialized memory read | expand |
On Fri, Dec 4, 2020 at 6:55 AM Arnd Bergmann <arnd@kernel.org> wrote: > > From: Arnd Bergmann <arnd@arndb.de> > > gcc points out a memory area that is copied to a device > but not initialized: > > sound/soc/codecs/cros_ec_codec.c: In function 'i2s_rx_event': > arch/x86/include/asm/string_32.h:83:20: error: '*((void *)&p+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized] > 83 | *((int *)to + 1) = *((int *)from + 1); > > Initialize all the unused fields to zero. > > Fixes: 727f1c71c780 ("ASoC: cros_ec_codec: refactor I2S RX") > Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Tzung-Bi Shih <tzungbi@google.com> In the case in i2s_rx_event(), only the "cmd" member is used. But it is fine to please the compiler. struct __ec_align4 ec_param_ec_codec_i2s_rx { uint8_t cmd; /* enum ec_codec_i2s_rx_subcmd */ uint8_t reserved[3]; union { ... }; }; I am a bit curious about, in other use cases of ec_param_ec_codec_i2s_rx, why the compiler doesn't complain about uninitialization of the "reserved" member?
On Fri, Dec 4, 2020 at 3:56 AM Tzung-Bi Shih <tzungbi@google.com> wrote: > > On Fri, Dec 4, 2020 at 6:55 AM Arnd Bergmann <arnd@kernel.org> wrote: > > > > From: Arnd Bergmann <arnd@arndb.de> > > > > gcc points out a memory area that is copied to a device > > but not initialized: > > > > sound/soc/codecs/cros_ec_codec.c: In function 'i2s_rx_event': > > arch/x86/include/asm/string_32.h:83:20: error: '*((void *)&p+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized] > > 83 | *((int *)to + 1) = *((int *)from + 1); > > > > Initialize all the unused fields to zero. > > > > Fixes: 727f1c71c780 ("ASoC: cros_ec_codec: refactor I2S RX") > > Signed-off-by: Arnd Bergmann <arnd@arndb.de> > > Acked-by: Tzung-Bi Shih <tzungbi@google.com> > > In the case in i2s_rx_event(), only the "cmd" member is used. But it > is fine to please the compiler. I wouldn't do it just to please the compiler. I sent this patch since the code clearly copies the uninitialized data here. If only one byte is meant to be copied, then we should change the function call to not pass the entire structure. I'll send a new patch for that. > struct __ec_align4 ec_param_ec_codec_i2s_rx { > uint8_t cmd; /* enum ec_codec_i2s_rx_subcmd */ > uint8_t reserved[3]; > > union { > ... > }; > }; > > I am a bit curious about, in other use cases of > ec_param_ec_codec_i2s_rx, why the compiler doesn't complain about > uninitialization of the "reserved" member? The -Wmaybe-uninitialized warning is fundamentally unreliable. In this case, the __constant_memcpy() function accesses the members one at a time, and the warning is for the first 'int' array member that is completely uninitialized, while the 'reserved' part of the structure is still in the first 'int' that is partially initialized. Arnd
diff --git a/sound/soc/codecs/cros_ec_codec.c b/sound/soc/codecs/cros_ec_codec.c index 58894bf47514..f33a2a9654e7 100644 --- a/sound/soc/codecs/cros_ec_codec.c +++ b/sound/soc/codecs/cros_ec_codec.c @@ -332,7 +332,7 @@ static int i2s_rx_event(struct snd_soc_dapm_widget *w, snd_soc_dapm_to_component(w->dapm); struct cros_ec_codec_priv *priv = snd_soc_component_get_drvdata(component); - struct ec_param_ec_codec_i2s_rx p; + struct ec_param_ec_codec_i2s_rx p = {}; switch (event) { case SND_SOC_DAPM_PRE_PMU: