[{"id":2294,"web_url":"https://patchwork.libcamera.org/comment/2294/","msgid":"<20190718140409.GD8641@pendragon.ideasonboard.com>","date":"2019-07-18T14:04:09","subject":"Re: [libcamera-devel] [PATCH] libcamera: ipa_module: prevent\n\tuninitialised access","submitter":{"id":2,"url":"https://patchwork.libcamera.org/api/people/2/","name":"Laurent Pinchart","email":"laurent.pinchart@ideasonboard.com"},"content":"Hi Kieran,\n\nThank you for the patch.\n\nOn Thu, Jul 18, 2019 at 06:06:17AM +0100, Kieran Bingham wrote:\n> The IPAModule::loadIPAModuleInfo() function includes a *data pointer\n> which is used as a null-pointer comparison in the error path with a\n> conditional statement of \"if (ret || !data)\".\n> \n> The data variable is not initialised, and a single error path evaluates\n> this as \"if (true || uninitialised)\".\n> \n> Whilst this error path does not incorrectly utilise the uninitialised\n> data, as the ret evaluates to true already, it does leave a statement\n> which includes an uninitialised variable.\n> \n> Help the static anlaysers by initialising the data variable when it is\n> defined.\n\nHave you found this with any static initialiser ? Does valgrind report\nthis issue ?\n\n> Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>\n> ---\n>  src/libcamera/ipa_module.cpp | 2 +-\n>  1 file changed, 1 insertion(+), 1 deletion(-)\n> \n> diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp\n> index 003611625214..2ddb02c1562e 100644\n> --- a/src/libcamera/ipa_module.cpp\n> +++ b/src/libcamera/ipa_module.cpp\n> @@ -291,7 +291,7 @@ int IPAModule::loadIPAModuleInfo()\n>  \t\treturn ret;\n>  \t}\n>  \n> -\tvoid *data;\n> +\tvoid *data = NULL;\n\nThis should be nullptr.\n\n>  \tsize_t dataSize;\n>  \tvoid *map;\n>  \tsize_t soSize;","headers":{"Return-Path":"<laurent.pinchart@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id C18CE60BE1\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tThu, 18 Jul 2019 16:04:14 +0200 (CEST)","from pendragon.ideasonboard.com (softbank126159220198.bbtec.net\n\t[126.159.220.198])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 6679531C;\n\tThu, 18 Jul 2019 16:04:13 +0200 (CEST)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1563458654;\n\tbh=CPlbMjCnaKNr+pJwhfXMz7g0nUBK7y9WYhY8EO2kbRU=;\n\th=Date:From:To:Cc:Subject:References:In-Reply-To:From;\n\tb=CmKqi/Ph9L0E4ZBbvRlAmbVccBBw5iH8iZ/rjms0uVAp4/ACfTUESB4jgSkVxAX99\n\tCA4rg5zzZnWcMkrA/lHe/eeD2gRIZ9L8v1RPmwrwE59JNhISxJf5zRsWGrhWziGbh7\n\tz/K3rOCChm/3/mzVTgpaVieWjvE5NDYx5iAY+G1Y=","Date":"Thu, 18 Jul 2019 17:04:09 +0300","From":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>","To":"Kieran Bingham <kieran.bingham@ideasonboard.com>","Cc":"LibCamera Devel <libcamera-devel@lists.libcamera.org>","Message-ID":"<20190718140409.GD8641@pendragon.ideasonboard.com>","References":"<20190718050617.29455-1-kieran.bingham@ideasonboard.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=utf-8","Content-Disposition":"inline","In-Reply-To":"<20190718050617.29455-1-kieran.bingham@ideasonboard.com>","User-Agent":"Mutt/1.10.1 (2018-07-13)","Subject":"Re: [libcamera-devel] [PATCH] libcamera: ipa_module: prevent\n\tuninitialised access","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Thu, 18 Jul 2019 14:04:14 -0000"}},{"id":2296,"web_url":"https://patchwork.libcamera.org/comment/2296/","msgid":"<d13e776c-7167-05ba-c8f2-3154dc3372a4@ideasonboard.com>","date":"2019-07-19T07:40:28","subject":"Re: [libcamera-devel] [PATCH] libcamera: ipa_module: prevent\n\tuninitialised access","submitter":{"id":4,"url":"https://patchwork.libcamera.org/api/people/4/","name":"Kieran Bingham","email":"kieran.bingham@ideasonboard.com"},"content":"On 18/07/2019 15:04, Laurent Pinchart wrote:\n> Hi Kieran,\n> \n> Thank you for the patch.\n> \n> On Thu, Jul 18, 2019 at 06:06:17AM +0100, Kieran Bingham wrote:\n>> The IPAModule::loadIPAModuleInfo() function includes a *data pointer\n>> which is used as a null-pointer comparison in the error path with a\n>> conditional statement of \"if (ret || !data)\".\n>>\n>> The data variable is not initialised, and a single error path evaluates\n>> this as \"if (true || uninitialised)\".\n>>\n>> Whilst this error path does not incorrectly utilise the uninitialised\n>> data, as the ret evaluates to true already, it does leave a statement\n>> which includes an uninitialised variable.\n>>\n>> Help the static anlaysers by initialising the data variable when it is\n\ns/anlaysers/analysers/\n\n>> defined.\n> \n> Have you found this with any static initialiser ? Does valgrind report\n> this issue ?\n\nThese issues were found with clang-analyser. That was going to be\ndetailed in the cover letter that I didn't write :-D\n\nThere's one more fault in the options parsing code shared between cam\nand qcam, but I need to look deeper into the cause / reasoning of that one.\n\nI don't think valgrind would report this issue, as I don't think it will\nbe an issue at runtime. The expression simply evaluates as true\nregardless of the uninitialised data, because the only case it can occur\nis when ret is already non-zero.\n\n\n>> Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>\n>> ---\n>>  src/libcamera/ipa_module.cpp | 2 +-\n>>  1 file changed, 1 insertion(+), 1 deletion(-)\n>>\n>> diff --git a/src/libcamera/ipa_module.cpp b/src/libcamera/ipa_module.cpp\n>> index 003611625214..2ddb02c1562e 100644\n>> --- a/src/libcamera/ipa_module.cpp\n>> +++ b/src/libcamera/ipa_module.cpp\n>> @@ -291,7 +291,7 @@ int IPAModule::loadIPAModuleInfo()\n>>  \t\treturn ret;\n>>  \t}\n>>  \n>> -\tvoid *data;\n>> +\tvoid *data = NULL;\n> \n> This should be nullptr.\n\nIndeed it should!\n\n\n> \n>>  \tsize_t dataSize;\n>>  \tvoid *map;\n>>  \tsize_t soSize;\n>","headers":{"Return-Path":"<kieran.bingham@ideasonboard.com>","Received":["from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id A0E2360C00\n\tfor <libcamera-devel@lists.libcamera.org>;\n\tFri, 19 Jul 2019 09:40:32 +0200 (CEST)","from [192.168.0.20]\n\t(cpc89242-aztw30-2-0-cust488.18-1.cable.virginm.net [86.31.129.233])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 4B91831C;\n\tFri, 19 Jul 2019 09:40:31 +0200 (CEST)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1563522031;\n\tbh=G7eLzgCk0fY4is47R6QTzBRDw8CaRbt8piQK2Ax/gUQ=;\n\th=Reply-To:Subject:To:Cc:References:From:Date:In-Reply-To:From;\n\tb=r9+pQUZYmNReg2w6HtuJ+S4vg3ByOSdtvWcJrmgEg7Zsy0ZjMDs7XNclDgOzfyhNr\n\tJYLWsn5EPOsFKRZTzLPClRUYe00CNT2rTai+rBx0eVJjNq0tMq2dQV7ykWyUuIdkmQ\n\tgz4U+TBMvEF3LJcLEOd2DSkX/jWltgk0JbB9p27Q=","Reply-To":"kieran.bingham@ideasonboard.com","To":"Laurent Pinchart <laurent.pinchart@ideasonboard.com>","Cc":"LibCamera Devel <libcamera-devel@lists.libcamera.org>","References":"<20190718050617.29455-1-kieran.bingham@ideasonboard.com>\n\t<20190718140409.GD8641@pendragon.ideasonboard.com>","From":"Kieran Bingham <kieran.bingham@ideasonboard.com>","Openpgp":"preference=signencrypt","Autocrypt":"addr=kieran.bingham@ideasonboard.com; keydata=\n\tmQINBFYE/WYBEACs1PwjMD9rgCu1hlIiUA1AXR4rv2v+BCLUq//vrX5S5bjzxKAryRf0uHat\n\tV/zwz6hiDrZuHUACDB7X8OaQcwhLaVlq6byfoBr25+hbZG7G3+5EUl9cQ7dQEdvNj6V6y/SC\n\trRanWfelwQThCHckbobWiQJfK9n7rYNcPMq9B8e9F020LFH7Kj6YmO95ewJGgLm+idg1Kb3C\n\tpotzWkXc1xmPzcQ1fvQMOfMwdS+4SNw4rY9f07Xb2K99rjMwZVDgESKIzhsDB5GY465sCsiQ\n\tcSAZRxqE49RTBq2+EQsbrQpIc8XiffAB8qexh5/QPzCmR4kJgCGeHIXBtgRj+nIkCJPZvZtf\n\tKr2EAbc6tgg6DkAEHJb+1okosV09+0+TXywYvtEop/WUOWQ+zo+Y/OBd+8Ptgt1pDRyOBzL8\n\tRXa8ZqRf0Mwg75D+dKntZeJHzPRJyrlfQokngAAs4PaFt6UfS+ypMAF37T6CeDArQC41V3ko\n\tlPn1yMsVD0p+6i3DPvA/GPIksDC4owjnzVX9kM8Zc5Cx+XoAN0w5Eqo4t6qEVbuettxx55gq\n\t8K8FieAjgjMSxngo/HST8TpFeqI5nVeq0/lqtBRQKumuIqDg+Bkr4L1V/PSB6XgQcOdhtd36\n\tOe9X9dXB8YSNt7VjOcO7BTmFn/Z8r92mSAfHXpb07YJWJosQOQARAQABtDBLaWVyYW4gQmlu\n\tZ2hhbSA8a2llcmFuLmJpbmdoYW1AaWRlYXNvbmJvYXJkLmNvbT6JAkAEEwEKACoCGwMFCwkI\n\tBwIGFQgJCgsCBBYCAwECHgECF4ACGQEFAlnDk/gFCQeA/YsACgkQoR5GchCkYf3X5w/9EaZ7\n\tcnUcT6dxjxrcmmMnfFPoQA1iQXr/MXQJBjFWfxRUWYzjvUJb2D/FpA8FY7y+vksoJP7pWDL7\n\tQTbksdwzagUEk7CU45iLWL/CZ/knYhj1I/+5LSLFmvZ/5Gf5xn2ZCsmg7C0MdW/GbJ8IjWA8\n\t/LKJSEYH8tefoiG6+9xSNp1p0Gesu3vhje/GdGX4wDsfAxx1rIYDYVoX4bDM+uBUQh7sQox/\n\tR1bS0AaVJzPNcjeC14MS226mQRUaUPc9250aj44WmDfcg44/kMsoLFEmQo2II9aOlxUDJ+x1\n\txohGbh9mgBoVawMO3RMBihcEjo/8ytW6v7xSF+xP4Oc+HOn7qebAkxhSWcRxQVaQYw3S9iZz\n\t2iA09AXAkbvPKuMSXi4uau5daXStfBnmOfalG0j+9Y6hOFjz5j0XzaoF6Pln0jisDtWltYhP\n\tX9LjFVhhLkTzPZB/xOeWGmsG4gv2V2ExbU3uAmb7t1VSD9+IO3Km4FtnYOKBWlxwEd8qOFpS\n\tjEqMXURKOiJvnw3OXe9MqG19XdeENA1KyhK5rqjpwdvPGfSn2V+SlsdJA0DFsobUScD9qXQw\n\tOvhapHe3XboK2+Rd7L+g/9Ud7ZKLQHAsMBXOVJbufA1AT+IaOt0ugMcFkAR5UbBg5+dZUYJj\n\t1QbPQcGmM3wfvuaWV5+SlJ+WeKIb8ta5Ag0EVgT9ZgEQAM4o5G/kmruIQJ3K9SYzmPishRHV\n\tDcUcvoakyXSX2mIoccmo9BHtD9MxIt+QmxOpYFNFM7YofX4lG0ld8H7FqoNVLd/+a0yru5Cx\n\tadeZBe3qr1eLns10Q90LuMo7/6zJhCW2w+HE7xgmCHejAwuNe3+7yt4QmwlSGUqdxl8cgtS1\n\tPlEK93xXDsgsJj/bw1EfSVdAUqhx8UQ3aVFxNug5OpoX9FdWJLKROUrfNeBE16RLrNrq2ROc\n\tiSFETpVjyC/oZtzRFnwD9Or7EFMi76/xrWzk+/b15RJ9WrpXGMrttHUUcYZEOoiC2lEXMSAF\n\tSSSj4vHbKDJ0vKQdEFtdgB1roqzxdIOg4rlHz5qwOTynueiBpaZI3PHDudZSMR5Fk6QjFooE\n\tXTw3sSl/km/lvUFiv9CYyHOLdygWohvDuMkV/Jpdkfq8XwFSjOle+vT/4VqERnYFDIGBxaRx\n\tkoBLfNDiiuR3lD8tnJ4A1F88K6ojOUs+jndKsOaQpDZV6iNFv8IaNIklTPvPkZsmNDhJMRHH\n\tIu60S7BpzNeQeT4yyY4dX9lC2JL/LOEpw8DGf5BNOP1KgjCvyp1/KcFxDAo89IeqljaRsCdP\n\t7WCIECWYem6pLwaw6IAL7oX+tEqIMPph/G/jwZcdS6Hkyt/esHPuHNwX4guqTbVEuRqbDzDI\n\t2DJO5FbxABEBAAGJAiUEGAEKAA8CGwwFAlnDlGsFCQeA/gIACgkQoR5GchCkYf1yYRAAq+Yo\n\tnbf9DGdK1kTAm2RTFg+w9oOp2Xjqfhds2PAhFFvrHQg1XfQR/UF/SjeUmaOmLSczM0s6XMeO\n\tVcE77UFtJ/+hLo4PRFKm5X1Pcar6g5m4xGqa+Xfzi9tRkwC29KMCoQOag1BhHChgqYaUH3yo\n\tUzaPwT/fY75iVI+yD0ih/e6j8qYvP8pvGwMQfrmN9YB0zB39YzCSdaUaNrWGD3iCBxg6lwSO\n\tLKeRhxxfiXCIYEf3vwOsP3YMx2JkD5doseXmWBGW1U0T/oJF+DVfKB6mv5UfsTzpVhJRgee7\n\t4jkjqFq4qsUGxcvF2xtRkfHFpZDbRgRlVmiWkqDkT4qMA+4q1y/dWwshSKi/uwVZNycuLsz+\n\t+OD8xPNCsMTqeUkAKfbD8xW4LCay3r/dD2ckoxRxtMD9eOAyu5wYzo/ydIPTh1QEj9SYyvp8\n\tO0g6CpxEwyHUQtF5oh15O018z3ZLztFJKR3RD42VKVsrnNDKnoY0f4U0z7eJv2NeF8xHMuiU\n\tRCIzqxX1GVYaNkKTnb/Qja8hnYnkUzY1Lc+OtwiGmXTwYsPZjjAaDX35J/RSKAoy5wGo/YFA\n\tJxB1gWThL4kOTbsqqXj9GLcyOImkW0lJGGR3o/fV91Zh63S5TKnf2YGGGzxki+ADdxVQAm+Q\n\tsbsRB8KNNvVXBOVNwko86rQqF9drZuw=","Organization":"Ideas on Board","Message-ID":"<d13e776c-7167-05ba-c8f2-3154dc3372a4@ideasonboard.com>","Date":"Fri, 19 Jul 2019 08:40:28 +0100","User-Agent":"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101\n\tThunderbird/60.7.2","MIME-Version":"1.0","In-Reply-To":"<20190718140409.GD8641@pendragon.ideasonboard.com>","Content-Type":"text/plain; charset=utf-8","Content-Language":"en-GB","Content-Transfer-Encoding":"8bit","Subject":"Re: [libcamera-devel] [PATCH] libcamera: ipa_module: prevent\n\tuninitialised access","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.23","Precedence":"list","List-Id":"<libcamera-devel.lists.libcamera.org>","List-Unsubscribe":"<https://lists.libcamera.org/options/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>","List-Archive":"<https://lists.libcamera.org/pipermail/libcamera-devel/>","List-Post":"<mailto:libcamera-devel@lists.libcamera.org>","List-Help":"<mailto:libcamera-devel-request@lists.libcamera.org?subject=help>","List-Subscribe":"<https://lists.libcamera.org/listinfo/libcamera-devel>,\n\t<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>","X-List-Received-Date":"Fri, 19 Jul 2019 07:40:39 -0000"}}]