diff options
| author | Mikhail Lobanov <m.lobanov@rosalinux.ru> | 2024-09-10 04:36:20 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-11-01 01:58:17 +0100 |
| commit | de1f0ab13915ddc55519b47b6daba6cc2fff7908 (patch) | |
| tree | 59994817fa232168c5c7f493ce25dbd8379ef71a | |
| parent | 18916a684a8b836957df88438f9bca590799d04c (diff) | |
| download | linux-de1f0ab13915ddc55519b47b6daba6cc2fff7908.tar.gz linux-de1f0ab13915ddc55519b47b6daba6cc2fff7908.tar.bz2 linux-de1f0ab13915ddc55519b47b6daba6cc2fff7908.zip | |
iio: accel: bma400: Fix uninitialized variable field_value in tap event handling.
[ Upstream commit db9795a43dc944f048a37b65e06707f60f713e34 ]
In the current implementation, the local variable field_value is used
without prior initialization, which may lead to reading uninitialized
memory. Specifically, in the macro set_mask_bits, the initial
(potentially uninitialized) value of the buffer is copied into old__,
and a mask is applied to calculate new__. A similar issue was resolved in
commit 6ee2a7058fea ("iio: accel: bma400: Fix smatch warning based on use
of unintialized value.").
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 961db2da159d ("iio: accel: bma400: Add support for single and double tap events")
Signed-off-by: Mikhail Lobanov <m.lobanov@rosalinux.ru>
Link: https://patch.msgid.link/20240910083624.27224-1-m.lobanov@rosalinux.ru
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | drivers/iio/accel/bma400_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/iio/accel/bma400_core.c b/drivers/iio/accel/bma400_core.c index e90e2f01550a..04083b7395ab 100644 --- a/drivers/iio/accel/bma400_core.c +++ b/drivers/iio/accel/bma400_core.c @@ -1219,7 +1219,8 @@ static int bma400_activity_event_en(struct bma400_data *data, static int bma400_tap_event_en(struct bma400_data *data, enum iio_event_direction dir, int state) { - unsigned int mask, field_value; + unsigned int mask; + unsigned int field_value = 0; int ret; /* |