Hi David, Almost perfect, please see one comment inline On 4/16/22 10:48, David Kahurani wrote:
Reads that are lesser than the requested size lead to uninit-value bugs.
In this particular case a variable which was supposed to be initialized
after a read is left uninitialized after a partial read.
Qualify such reads as errors and handle them correctly and while at it
convert the reader functions to return zero on success for easier error
handling.
Fixes: e2ca90c276e1 ("ax88179_178a: ASIX AX88179_178A USB 3.0/2.0 to
gigabit ethernet adapter driver")
Signed-off-by: David Kahurani <k.kahurani@xxxxxxxxx>
Reported-and-tested-by: syzbot+d3dbdf31fbe9d8f5f311@xxxxxxxxxxxxxxxxxxxxxxxxx
---
[code snip]
@@ -416,7 +441,7 @@ ax88179_phy_write_mmd_indirect(struct usbnet *dev, u16 prtad, u16 devad,ret = ax88179_write_cmd(dev, AX_ACCESS_PHY, AX88179_PHY_ID, MII_MMD_DATA, 2, &data);- if (ret < 0)+ if (ret) return ret;
I think, you didn't mean to do so. ax88179_write_cmd() returns number of bytes written, so you are changing the logic here. And write call is not related to uninit value bugs
With regards, Pavel Skripkin
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
