Hi All: I just found a bug in the cramfs using the static analysis tool, but not sure if this could happen in reality, could you please advisehere? Thanks for your attention : )
In function enable_stream_features(), the variable "old_downspread.raw <https://elixir.bootlin.com/linux/v4.18-rc1/source/drivers/gpu/drm/amd/display/dc/core/v4.18-rc1/C/ident/raw>" could be uninitialized if core_link_read_dpcd fails(), however, it is used in the later if statement, and further, core_link_write_dpcd() may write random value, which is potentially unsafe. But this function does not return the error code to the up caller and I got stuck in drafting the patch, could you please advise me here? The related code: static void enable_stream_features(struct pipe_ctx *pipe_ctx) { union down_spread_ctrl old_downspread; core_link_read_dpcd(link, DP_DOWNSPREAD_CTRL, &old_downspread.raw, sizeof(old_downspread); //old_downspread.raw if (new_downspread.raw != old_downspread.raw) { core_link_write_dpcd(link, DP_DOWNSPREAD_CTRL, &new_downspread.raw, sizeof(new_downspread)); } } enum dc_status core_link_read_dpcd( struct dc_link *link, uint32_t address, uint8_t *data, uint32_t size) { //data could be uninitialized if the helpers fails and log some error info if (!dm_helpers_dp_read_dpcd(link->ctx, link, address, data, size)) return DC_ERROR_UNEXPECTED; return DC_OK; } -- Kind Regards, *Yizhuo Zhai* *Computer Science, Graduate Student* *University of California, Riverside *