Re: [PATCH v2] sound: fix uninit-value in sof_ipc4_pcm_dai_link_fixup_rate

From: Mark Brown
Date: Mon Nov 04 2024 - 13:27:40 EST


On Mon, Nov 04, 2024 at 12:52:09PM +0200, Péter Ujfalusi wrote:
> On 03/11/2024 13:37, Suraj Sonawane wrote:

> > Fix an issue detected by the Smatch tool:
> >
> > sound/soc/sof/ipc4-pcm.c: sof_ipc4_pcm_dai_link_fixup_rate()
> > error: uninitialized symbol 'be_rate'.
> >
> > This issue occurred because the variable 'be_rate' could remain
> > uninitialized if num_input_formats is zero. In such cases, the
> > loop that assigns a value to 'be_rate' would not execute,
> > potentially leading to undefined behavior when rate->min and
> > rate->max are set with an uninitialized 'be_rate'.
> >
> > To resolve this, an additional check for num_input_formats > 0
> > was added before setting rate->min and rate->max with 'be_rate'.
> > This ensures that 'be_rate' is assigned only when there are valid
> > input formats, preventing any use of uninitialized data.

> > - rate->min = be_rate;
> > - rate->max = rate->min;
> > + /* Set rate only if be_rate was assigned */
> > + if (num_input_formats > 0) {

> By definition the copier must have at least one input and one output
> format, this check is going to be always true.

Static analysis of the code can't reasonably tell that, we need
something that ensures that it doesn't detect a spuriously uninitialised
variable here. Possibly a

if (WARN_ON_ONCE(!num_input_formats))
return -EINVAL;

or similar?

Attachment: signature.asc
Description: PGP signature