On Tue, Jun 24, 2025 at 01:25:14AM +0300, Dan Carpenter wrote:
> On Mon, Jun 23, 2025 at 11:09:58PM +0100, Colin Ian King wrote:
> > The introduction of a padding field in the gpib_board_info_ioctl is
> > showing up as initialized data on the stack frame being copyied back
> > to userspace in function board_info_ioctl. The simplest fix is to
> > initialize the entire struct to zero to ensure all unassigned padding
> > fields are zero'd before being copied back to userspace.
> >
> > Fixes: b8394732ff0c ("staging: gpib: Add bit and byte padding to ioctl structs")
> > Signed-off-by: Colin Ian King <colin.i.king@xxxxxxxxx>
> > ---
>
> The fix is good, but the bug has been there since the driver was
> introduced, it's only just now that the static checkers have started
> catching it. Oddly/sadly Smatch doesn't catch this one. I'll have to
> investigate.
>
> Fixes: 9dde4559e939 ("staging: gpib: Add GPIB common core driver")
>
> regards,
> dan carpenter
Fixed.
We should still print a warning about empty bits after a bitfield.
I bet fixing that will find a dozen bugs at least...
regards,
dan carpenter
--- >8 ---
[PATCH] rosenberg: warn about uninitialized bitfields
You could have a bitfield where not all the bits are set. Warn about
that.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
check_rosenberg.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/check_rosenberg.c b/check_rosenberg.c
index 22df8a3e5b64..80e15f2cf5ec 100644
--- a/check_rosenberg.c
+++ b/check_rosenberg.c
@@ -221,8 +221,12 @@ static int member_uninitialized(char *name, struct symbol *outer, struct symbol
struct symbol *base;
struct sm_state *sm;
+ if (!member->ident)
+ return FALSE;
base = get_base_type(member);
- if (!base || base->type != SYM_BASETYPE || !member->ident)
+ if (!base)
+ return FALSE;
+ if (base->type != SYM_BASETYPE && base->type != SYM_BITFIELD)
return FALSE;
if (pointer)
--
2.47.2
