The errors can be found at drivers/video/fbcvt.c as follows: (1) the test "if (margin)" at line 310 evaluates to false, (2) this makes the test "if (cvt.flags & FB_CVT_FLAG_MARGINS)" at line 352 to evaluate to false as well (3) now cvt.h_margin is uninitialized at line 359, 368, and 370, and cvt.v_margin is uninitizalied at line 371. In other words, both cvt.v_margin and cvt.h_margin are initialized conditinally but used unconditionally. This bug is a false positive only if the parameter "margins" at line 304 is never 0. However, this would make the test at line 310 unnecessary -- anyone looking at the code is miled into believing that 0 is a legal value for "margins". This means the code does require some change in my humble opinion.
Reply-To: akpm@linux-foundation.org On Fri, 14 Dec 2007 13:54:59 -0800 (PST) bugme-daemon@bugzilla.kernel.org wrote: > http://bugzilla.kernel.org/show_bug.cgi?id=9564 > > Summary: Uninitialzed variable fields cvt.h_margin and > cvt.v_margin > Product: Drivers > Version: 2.5 > KernelVersion: 2.6.23 > Platform: All > OS/Version: Linux > Tree: Mainline > Status: NEW > Severity: normal > Priority: P1 > Component: Video(Other) > AssignedTo: drivers_video-other@kernel-bugs.osdl.org > ReportedBy: marciobuss@gmail.com > > > The errors can be found at drivers/video/fbcvt.c as follows: > > (1) the test "if (margin)" at line 310 evaluates to false, > (2) this makes the test "if (cvt.flags & FB_CVT_FLAG_MARGINS)" at line 352 > to evaluate to false as well > (3) now cvt.h_margin is uninitialized at line 359, 368, and 370, and > cvt.v_margin is uninitizalied at line 371. > > In other words, both cvt.v_margin and cvt.h_margin are initialized > conditinally > but used unconditionally. This bug is a false positive only if the parameter > "margins" at line 304 is never 0. However, this would make the test at line > 310 unnecessary -- anyone looking at the code is miled into believing that > 0 is a legal value for "margins". This means the code does require some > change > in my humble opinion. > Could someone please take a look at this?
but what about memset(&cvt, 0, sizeof(cvt)); doesn't it set cvt.h_margin and cvt.v_margin to 0 as well? did I miss something?
oh, wait... drop my message ;)
well, the question is - how it *should* work. I mean these 1.8% should be involved in calculations anyway? (i've been playing with CVT calculator from VESA based on xsl file - but it didn't make the situation clear). I've a strong feeling that 1.8% should be used anyway but not sure...
[Andrew Morton - Fri, Jan 18, 2008 at 02:00:55PM -0800] | On Fri, 14 Dec 2007 13:54:59 -0800 (PST) | bugme-daemon@bugzilla.kernel.org wrote: | | > http://bugzilla.kernel.org/show_bug.cgi?id=9564 | > | > Summary: Uninitialzed variable fields cvt.h_margin and | > cvt.v_margin | > Product: Drivers | > Version: 2.5 | > KernelVersion: 2.6.23 | > Platform: All | > OS/Version: Linux | > Tree: Mainline | > Status: NEW | > Severity: normal | > Priority: P1 | > Component: Video(Other) | > AssignedTo: drivers_video-other@kernel-bugs.osdl.org | > ReportedBy: marciobuss@gmail.com | > | > | > The errors can be found at drivers/video/fbcvt.c as follows: | > | > (1) the test "if (margin)" at line 310 evaluates to false, | > (2) this makes the test "if (cvt.flags & FB_CVT_FLAG_MARGINS)" at line 352 | > to evaluate to false as well | > (3) now cvt.h_margin is uninitialized at line 359, 368, and 370, and | > cvt.v_margin is uninitizalied at line 371. | > | > In other words, both cvt.v_margin and cvt.h_margin are initialized conditinally | > but used unconditionally. This bug is a false positive only if the parameter | > "margins" at line 304 is never 0. However, this would make the test at line | > 310 unnecessary -- anyone looking at the code is miled into believing that | > 0 is a legal value for "margins". This means the code does require some change | > in my humble opinion. | > | | Could someone please take a look at this? unfortunelly, it's not really obvious what is the right way of calculation. *should* the 1.8% margin be involved in calculation all the time or 0 is legal too? - Cyrill -
Closing stale bug