On Tue, 10 Sep 2024 04:36:20 -0400
Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx> wrote:
> In the current implementation, the local variable field_value is used
> without prior initialization, which may lead to reading uninitialized
> memory. Specifically, in the macro set_mask_bits, the initial
> (potentially uninitialized) value of the buffer is copied into old__,
> and a mask is applied to calculate new__. A similar issue was resolved in
> commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use
> of unintialized value.").
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events")
> Signed-off-by: Mikhail Lobanov <m.lobanov@xxxxxxxxxxxx>
Ok. It's not a bug as such because ultimately the bits that aren't set are masked out
but it is non obvious. So applied to the fixes-togreg branch of iio.git.
Thanks,
Jonathan
> ---
> drivers/iio/accel/bma400_core.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c
> index e90e2f01550a..04083b7395ab 100644
> --- a/drivers/iio/accel/bma400_core.c
> +++ b/drivers/iio/accel/bma400_core.c
> @@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data,
> static int bma400_tap_event_en(struct bma400_data *data,
> enum iio_event_direction dir, int state)
> {
> - unsigned int mask, field_value;
> + unsigned int mask;
> + unsigned int field_value = 0;
> int ret;
>
> /*
