On Tue, Nov 5, 2019 at 3:18 PM Phong Tran <tranmanphong@xxxxxxxxx> wrote: > > syzbot found a problem using of uinit pointer in > lg4ff_set_autocenter_default(). > > Reported-by: syzbot+1234691fec1b8ceba8b1@xxxxxxxxxxxxxxxxxxxxxxxxx > > Tested by syzbot: > > https://groups.google.com/d/msg/syzkaller-bugs/ApnMLW6sfKE/Qq0bIHGEAQAJ This seems weird to me: the syzbot link above is about `hid_get_drvdata(hid)`, and, as I read it, the possibility that hid might not have an initialized value. Here you are changing the initialized values of value, entry and drv_data, all 3 are never used before their first assignment. I have a feeling this particular syzbot check has already been fixed upstream by d9d4b1e46d95 "HID: Fix assumption that devices have inputs". Cheers, Benjamin > > Signed-off-by: Phong Tran <tranmanphong@xxxxxxxxx> > --- > drivers/hid/hid-lg4ff.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/drivers/hid/hid-lg4ff.c b/drivers/hid/hid-lg4ff.c > index 5e6a0cef2a06..44dfd08b0c32 100644 > --- a/drivers/hid/hid-lg4ff.c > +++ b/drivers/hid/hid-lg4ff.c > @@ -468,10 +468,10 @@ static int lg4ff_play(struct input_dev *dev, void *data, struct ff_effect *effec > static void lg4ff_set_autocenter_default(struct input_dev *dev, u16 magnitude) > { > struct hid_device *hid = input_get_drvdata(dev); > - s32 *value; > + s32 *value = NULL; > u32 expand_a, expand_b; > - struct lg4ff_device_entry *entry; > - struct lg_drv_data *drv_data; > + struct lg4ff_device_entry *entry = NULL; > + struct lg_drv_data *drv_data = NULL; > unsigned long flags; > > drv_data = hid_get_drvdata(hid); > -- > 2.20.1 >
