[usb:usb-testing 34/67] drivers/usb/class/usbtmc.c:339 usbtmc_ioctl_abort_bulk_in_tag() error: uninitialized symbol 'actual'.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

tree:   https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git usb-testing
head:   ae8a2ca8a2215c7e31e6d874f7303801bb15fbbc
commit: cbe743f1333b23040d1312afd58224dbd58fcc25 [34/67] usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_IN

New smatch warnings:
drivers/usb/class/usbtmc.c:339 usbtmc_ioctl_abort_bulk_in_tag() error: uninitialized symbol 'actual'.

Old smatch warnings:
drivers/usb/class/usbtmc.c:1975 usbtmc_ioctl_request() warn: possible memory leak of 'buffer'
drivers/usb/class/usbtmc.c:1978 usbtmc_ioctl_request() warn: overwrite may leak 'buffer'

# https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git/commit/?id=cbe743f1333b23040d1312afd58224dbd58fcc25
git remote add usb https://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
git remote update usb
git checkout cbe743f1333b23040d1312afd58224dbd58fcc25
vim +/actual +339 drivers/usb/class/usbtmc.c

5b775f67 Greg Kroah-Hartman 2008-08-26  272  
cbe743f1 Guido Kiener       2018-09-12  273  static int usbtmc_ioctl_abort_bulk_in_tag(struct usbtmc_device_data *data,
cbe743f1 Guido Kiener       2018-09-12  274  					  u8 tag)
5b775f67 Greg Kroah-Hartman 2008-08-26  275  {
b361a6e3 Chris Malley       2008-10-25  276  	u8 *buffer;
5b775f67 Greg Kroah-Hartman 2008-08-26  277  	struct device *dev;
5b775f67 Greg Kroah-Hartman 2008-08-26  278  	int rv;
5b775f67 Greg Kroah-Hartman 2008-08-26  279  	int n;
5b775f67 Greg Kroah-Hartman 2008-08-26  280  	int actual;
5b775f67 Greg Kroah-Hartman 2008-08-26  281  
5b775f67 Greg Kroah-Hartman 2008-08-26  282  	dev = &data->intf->dev;
cbe743f1 Guido Kiener       2018-09-12  283  	buffer = kmalloc(USBTMC_BUFSIZE, GFP_KERNEL);
5b775f67 Greg Kroah-Hartman 2008-08-26  284  	if (!buffer)
5b775f67 Greg Kroah-Hartman 2008-08-26  285  		return -ENOMEM;
5b775f67 Greg Kroah-Hartman 2008-08-26  286  
5b775f67 Greg Kroah-Hartman 2008-08-26  287  	rv = usb_control_msg(data->usb_dev,
5b775f67 Greg Kroah-Hartman 2008-08-26  288  			     usb_rcvctrlpipe(data->usb_dev, 0),
5b775f67 Greg Kroah-Hartman 2008-08-26  289  			     USBTMC_REQUEST_INITIATE_ABORT_BULK_IN,
5b775f67 Greg Kroah-Hartman 2008-08-26  290  			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
cbe743f1 Guido Kiener       2018-09-12  291  			     tag, data->bulk_in,
cbe743f1 Guido Kiener       2018-09-12  292  			     buffer, 2, USB_CTRL_GET_TIMEOUT);
5b775f67 Greg Kroah-Hartman 2008-08-26  293  
5b775f67 Greg Kroah-Hartman 2008-08-26  294  	if (rv < 0) {
5b775f67 Greg Kroah-Hartman 2008-08-26  295  		dev_err(dev, "usb_control_msg returned %d\n", rv);
5b775f67 Greg Kroah-Hartman 2008-08-26  296  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  297  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  298  
cbe743f1 Guido Kiener       2018-09-12  299  	dev_dbg(dev, "INITIATE_ABORT_BULK_IN returned %x with tag %02x\n",
cbe743f1 Guido Kiener       2018-09-12  300  		buffer[0], buffer[1]);
5b775f67 Greg Kroah-Hartman 2008-08-26  301  
5b775f67 Greg Kroah-Hartman 2008-08-26  302  	if (buffer[0] == USBTMC_STATUS_FAILED) {
cbe743f1 Guido Kiener       2018-09-12  303  		/* No transfer in progress and the Bulk-OUT FIFO is empty. */
5b775f67 Greg Kroah-Hartman 2008-08-26  304  		rv = 0;
5b775f67 Greg Kroah-Hartman 2008-08-26  305  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  306  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  307  
cbe743f1 Guido Kiener       2018-09-12  308  	if (buffer[0] == USBTMC_STATUS_TRANSFER_NOT_IN_PROGRESS) {
cbe743f1 Guido Kiener       2018-09-12  309  		/* The device returns this status if either:
cbe743f1 Guido Kiener       2018-09-12  310  		 * - There is a transfer in progress, but the specified bTag
cbe743f1 Guido Kiener       2018-09-12  311  		 *   does not match.
cbe743f1 Guido Kiener       2018-09-12  312  		 * - There is no transfer in progress, but the Bulk-OUT FIFO
cbe743f1 Guido Kiener       2018-09-12  313  		 *   is not empty.
cbe743f1 Guido Kiener       2018-09-12  314  		 */
cbe743f1 Guido Kiener       2018-09-12  315  		rv = -ENOMSG;
5b775f67 Greg Kroah-Hartman 2008-08-26  316  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  317  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  318  
cbe743f1 Guido Kiener       2018-09-12  319  	if (buffer[0] != USBTMC_STATUS_SUCCESS) {
cbe743f1 Guido Kiener       2018-09-12  320  		dev_err(dev, "INITIATE_ABORT_BULK_IN returned %x\n",
cbe743f1 Guido Kiener       2018-09-12  321  			buffer[0]);
5b775f67 Greg Kroah-Hartman 2008-08-26  322  		rv = -EPERM;
5b775f67 Greg Kroah-Hartman 2008-08-26  323  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  324  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  325  
5b775f67 Greg Kroah-Hartman 2008-08-26  326  	n = 0;
5b775f67 Greg Kroah-Hartman 2008-08-26  327  
cbe743f1 Guido Kiener       2018-09-12  328  usbtmc_abort_bulk_in_status:
5b775f67 Greg Kroah-Hartman 2008-08-26  329  	dev_dbg(dev, "Reading from bulk in EP\n");
5b775f67 Greg Kroah-Hartman 2008-08-26  330  
cbe743f1 Guido Kiener       2018-09-12  331  	/* Data must be present. So use low timeout 300 ms */
5b775f67 Greg Kroah-Hartman 2008-08-26  332  	rv = usb_bulk_msg(data->usb_dev,
5b775f67 Greg Kroah-Hartman 2008-08-26  333  			  usb_rcvbulkpipe(data->usb_dev,
5b775f67 Greg Kroah-Hartman 2008-08-26  334  					  data->bulk_in),
cbe743f1 Guido Kiener       2018-09-12  335  			  buffer, USBTMC_BUFSIZE,
cbe743f1 Guido Kiener       2018-09-12  336  			  &actual, 300);
cbe743f1 Guido Kiener       2018-09-12  337  
cbe743f1 Guido Kiener       2018-09-12  338  	print_hex_dump_debug("usbtmc ", DUMP_PREFIX_NONE, 16, 1,
cbe743f1 Guido Kiener       2018-09-12 @339  			     buffer, actual, true);
                                                                             ^^^^^^
We haven't checked that usb_bulk_msg() succeeded so this might be
uninitialized.

5b775f67 Greg Kroah-Hartman 2008-08-26  340  
5b775f67 Greg Kroah-Hartman 2008-08-26  341  	n++;
5b775f67 Greg Kroah-Hartman 2008-08-26  342  
5b775f67 Greg Kroah-Hartman 2008-08-26  343  	if (rv < 0) {
5b775f67 Greg Kroah-Hartman 2008-08-26  344  		dev_err(dev, "usb_bulk_msg returned %d\n", rv);
cbe743f1 Guido Kiener       2018-09-12  345  		if (rv != -ETIMEDOUT)
5b775f67 Greg Kroah-Hartman 2008-08-26  346  			goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  347  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  348  
cbe743f1 Guido Kiener       2018-09-12  349  	if (actual == USBTMC_BUFSIZE)
cbe743f1 Guido Kiener       2018-09-12  350  		goto usbtmc_abort_bulk_in_status;
cbe743f1 Guido Kiener       2018-09-12  351  
cbe743f1 Guido Kiener       2018-09-12  352  	if (n >= USBTMC_MAX_READS_TO_CLEAR_BULK_IN) {
5b775f67 Greg Kroah-Hartman 2008-08-26  353  		dev_err(dev, "Couldn't clear device buffer within %d cycles\n",
5b775f67 Greg Kroah-Hartman 2008-08-26  354  			USBTMC_MAX_READS_TO_CLEAR_BULK_IN);
5b775f67 Greg Kroah-Hartman 2008-08-26  355  		rv = -EPERM;
5b775f67 Greg Kroah-Hartman 2008-08-26  356  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  357  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  358  
5b775f67 Greg Kroah-Hartman 2008-08-26  359  	rv = usb_control_msg(data->usb_dev,
5b775f67 Greg Kroah-Hartman 2008-08-26  360  			     usb_rcvctrlpipe(data->usb_dev, 0),
5b775f67 Greg Kroah-Hartman 2008-08-26  361  			     USBTMC_REQUEST_CHECK_ABORT_BULK_IN_STATUS,
5b775f67 Greg Kroah-Hartman 2008-08-26  362  			     USB_DIR_IN | USB_TYPE_CLASS | USB_RECIP_ENDPOINT,
5b775f67 Greg Kroah-Hartman 2008-08-26  363  			     0, data->bulk_in, buffer, 0x08,
cbe743f1 Guido Kiener       2018-09-12  364  			     USB_CTRL_GET_TIMEOUT);
5b775f67 Greg Kroah-Hartman 2008-08-26  365  
5b775f67 Greg Kroah-Hartman 2008-08-26  366  	if (rv < 0) {
5b775f67 Greg Kroah-Hartman 2008-08-26  367  		dev_err(dev, "usb_control_msg returned %d\n", rv);
5b775f67 Greg Kroah-Hartman 2008-08-26  368  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  369  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  370  
cbe743f1 Guido Kiener       2018-09-12  371  	dev_dbg(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
5b775f67 Greg Kroah-Hartman 2008-08-26  372  
5b775f67 Greg Kroah-Hartman 2008-08-26  373  	if (buffer[0] == USBTMC_STATUS_SUCCESS) {
5b775f67 Greg Kroah-Hartman 2008-08-26  374  		rv = 0;
5b775f67 Greg Kroah-Hartman 2008-08-26  375  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  376  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  377  
5b775f67 Greg Kroah-Hartman 2008-08-26  378  	if (buffer[0] != USBTMC_STATUS_PENDING) {
cbe743f1 Guido Kiener       2018-09-12  379  		dev_err(dev, "CHECK_ABORT_BULK_IN returned %x\n", buffer[0]);
5b775f67 Greg Kroah-Hartman 2008-08-26  380  		rv = -EPERM;
5b775f67 Greg Kroah-Hartman 2008-08-26  381  		goto exit;
5b775f67 Greg Kroah-Hartman 2008-08-26  382  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  383  
cbe743f1 Guido Kiener       2018-09-12  384  	if ((buffer[1] & 1) > 0) {
cbe743f1 Guido Kiener       2018-09-12  385  		/* The device has 1 or more queued packets the Host can read */
5b775f67 Greg Kroah-Hartman 2008-08-26  386  		goto usbtmc_abort_bulk_in_status;
cbe743f1 Guido Kiener       2018-09-12  387  	}
5b775f67 Greg Kroah-Hartman 2008-08-26  388  
cbe743f1 Guido Kiener       2018-09-12  389  	/* The Host must send CHECK_ABORT_BULK_IN_STATUS at a later time. */
cbe743f1 Guido Kiener       2018-09-12  390  	rv = -EAGAIN;
5b775f67 Greg Kroah-Hartman 2008-08-26  391  exit:
5b775f67 Greg Kroah-Hartman 2008-08-26  392  	kfree(buffer);
5b775f67 Greg Kroah-Hartman 2008-08-26  393  	return rv;
cbe743f1 Guido Kiener       2018-09-12  394  }
5b775f67 Greg Kroah-Hartman 2008-08-26  395  

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation
[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux