On 21-08-01 22:35:13, Pavel Skripkin wrote:
> On Sun, 1 Aug 2021 15:36:27 +0300 Petko Manolov <petkan@xxxxxxxxxxxxx> wrote:
>
> > On 21-07-31 00:44:11, Pavel Skripkin wrote:
> > > Syzbot reported uninit value pegasus_probe(). The problem was in missing
> > > error handling.
> > >
> > > get_interrupt_interval() internally calls read_eprom_word() which can fail
> > > in some cases. For example: failed to receive usb control message. These
> > > cases should be handled to prevent uninit value bug, since
> > > read_eprom_word() will not initialize passed stack variable in case of
> > > internal failure.
> >
> > Well, this is most definitelly a bug.
> >
> > ACK!
> >
> >
> > Petko
>
> BTW: I found a lot uses of {get,set}_registers without error checking. I
> think, some of them could be fixed easily (like in enable_eprom_write), but, I
> guess, disable_eprom_write is not so easy. For example, if we cannot disable
> eprom should we retry? If not, will device get in some unexpected state?
Everything bracketed by PEGASUS_WRITE_EEPROM is more or less dead code. I've
added this feature because the chip give us the ability to write to the flash,
but i seriously doubt anybody ever used it. Come to think about it, i should
just remove this code.
> Im not familiar with this device, but I can prepare a patch to wrap all these
> calls with proper error checking
Well, i've stared at the code a bit and i see some places where not checking the
error returned by {get,set}_registers() could really be problematic. I'll cook
a patch with what i think needs doing and will submit it here for review.
cheers,
Petko
