tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

hwmon: (applesmc) check status earlier.

clang static analysis reports this representative problem

applesmc.c:758:10: warning: 1st function call argument is an
uninitialized value
left = be16_to_cpu(*(__be16 *)(buffer + 6)) >> 2;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

buffer is filled by the earlier call

ret = applesmc_read_key(LIGHT_SENSOR_LEFT_KEY, ...

This problem is reported because a goto skips the status check.
Other similar problems use data from applesmc_read_key before checking
the status. So move the checks to before the use.

Signed-off-by: Tom Rix <trix@redhat.com>
Reviewed-by: Henrik Rydberg <rydberg@bitmath.org>
Link: https://lore.kernel.org/r/20200820131932.10590-1-trix@redhat.com
Signed-off-by: Guenter Roeck <linux@roeck-us.net>

authored by

Tom Rix and committed by
Guenter Roeck cecf7560 8aebbbb2

+16 -15
+16 -15
drivers/hwmon/applesmc.c
··· 753 753 } 754 754 755 755 ret = applesmc_read_key(LIGHT_SENSOR_LEFT_KEY, buffer, data_length); 756 + if (ret) 757 + goto out; 756 758 /* newer macbooks report a single 10-bit bigendian value */ 757 759 if (data_length == 10) { 758 760 left = be16_to_cpu(*(__be16 *)(buffer + 6)) >> 2; 759 761 goto out; 760 762 } 761 763 left = buffer[2]; 764 + 765 + ret = applesmc_read_key(LIGHT_SENSOR_RIGHT_KEY, buffer, data_length); 762 766 if (ret) 763 767 goto out; 764 - ret = applesmc_read_key(LIGHT_SENSOR_RIGHT_KEY, buffer, data_length); 765 768 right = buffer[2]; 766 769 767 770 out: ··· 813 810 to_index(attr)); 814 811 815 812 ret = applesmc_read_key(newkey, buffer, 2); 816 - speed = ((buffer[0] << 8 | buffer[1]) >> 2); 817 - 818 813 if (ret) 819 814 return ret; 820 - else 821 - return snprintf(sysfsbuf, PAGE_SIZE, "%u\n", speed); 815 + 816 + speed = ((buffer[0] << 8 | buffer[1]) >> 2); 817 + return snprintf(sysfsbuf, PAGE_SIZE, "%u\n", speed); 822 818 } 823 819 824 820 static ssize_t applesmc_store_fan_speed(struct device *dev, ··· 853 851 u8 buffer[2]; 854 852 855 853 ret = applesmc_read_key(FANS_MANUAL, buffer, 2); 856 - manual = ((buffer[0] << 8 | buffer[1]) >> to_index(attr)) & 0x01; 857 - 858 854 if (ret) 859 855 return ret; 860 - else 861 - return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", manual); 856 + 857 + manual = ((buffer[0] << 8 | buffer[1]) >> to_index(attr)) & 0x01; 858 + return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", manual); 862 859 } 863 860 864 861 static ssize_t applesmc_store_fan_manual(struct device *dev, ··· 873 872 return -EINVAL; 874 873 875 874 ret = applesmc_read_key(FANS_MANUAL, buffer, 2); 876 - val = (buffer[0] << 8 | buffer[1]); 877 875 if (ret) 878 876 goto out; 877 + 878 + val = (buffer[0] << 8 | buffer[1]); 879 879 880 880 if (input) 881 881 val = val | (0x01 << to_index(attr)); ··· 953 951 u32 count; 954 952 955 953 ret = applesmc_read_key(KEY_COUNT_KEY, buffer, 4); 956 - count = ((u32)buffer[0]<<24) + ((u32)buffer[1]<<16) + 957 - ((u32)buffer[2]<<8) + buffer[3]; 958 - 959 954 if (ret) 960 955 return ret; 961 - else 962 - return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", count); 956 + 957 + count = ((u32)buffer[0]<<24) + ((u32)buffer[1]<<16) + 958 + ((u32)buffer[2]<<8) + buffer[3]; 959 + return snprintf(sysfsbuf, PAGE_SIZE, "%d\n", count); 963 960 } 964 961 965 962 static ssize_t applesmc_key_at_index_read_show(struct device *dev,