tvservice_notify_func: Conditional jump or move depends on uninitialised value(s) #397
Comments
|
Does this fix look okay? |
|
It's not enough, no - the tvstate variable is used in a number of places inside the while loop below this code. The case when tvservice_send_command_reply() returns something other than success needs to be properly catered for. I don't understand the code fully enough to say how. |
|
Realistically this will never occur unless firmware is fatally broken. Does this keep valgrind happy? |
popcornmix
added a commit
to raspberrypi/firmware
that referenced
this issue
May 30, 2017
…rectly. See: #816 firmware: Comments: Replace copyright symbol with (c) firmware: arm_display: Remove unused sdtv variables firmware: tvservice: Avoid referencing uninitialised state when unsuccessful See: raspberrypi/userland#397
popcornmix
added a commit
to Hexxeh/rpi-firmware
that referenced
this issue
May 30, 2017
…rectly. See: raspberrypi/firmware#816 firmware: Comments: Replace copyright symbol with (c) firmware: arm_display: Remove unused sdtv variables firmware: tvservice: Avoid referencing uninitialised state when unsuccessful See: raspberrypi/userland#397
|
This fix has been committed. Can you test and close if happy? |
mkreisl
added a commit
to xbianonpi/xbian-package-firmware
that referenced
this issue
Sep 13, 2017
- firmware: platform: Move trait initialisation out of #ifdef'd function - firmware: usb: Change USB PHY settings to make device mode work correctly - firmware: dtoverlay: Update fixups when a node is renamed - firmware: dtoverlay app: Add the -D (dry-run) option See: raspberrypi/linux#2002 - firmware: dispserver: Adjust open/close refcount on application exit See: #778 - firmware: filex: Optimise directory search of the root directory - firmware: Revert Change USB PHY settings to make device mode work correctly. See: #816 - firmware: Comments: Replace copyright symbol with (c) - firmware: arm_display: Remove unused sdtv variables - firmware: tvservice: Avoid referencing uninitialised state when unsuccessful See: raspberrypi/userland#397 - firmware: dtoverlay: Short-circuit empty parameter handling See: raspberrypi/linux#2028 - firmware: rtos: Protect against null timer callback See: http://forum.kodi.tv/showthread.php?tid=280408 - firmware: arm_dt: Add txp node to device tree parsing to mask off transposer interrupt - firmware: venc: Correct the validation on custom mb/mbps/br settings See: #819 - firmware: venc: Correct the validation on custom mb/mbps/br settings See: #819 - firmware: vc_image: Remove structure definition duplication - firmware: vc_image/mmal/il/isp: Add support for 16bit/component YUV420 and YUVUV - firmware: vcdbg: Don't use dma when file provided - firmware: rtos: Avoid sleeping delay when RTOS is not present - firmware: bootcode: Remove reliance on scanf to reduce bootcode.bin size - firmware: bootcode: Changes to force to full speed - firmware: bootcode: Make sure bootcode drops out - firmware: bootcode: Mass storage changes to power off/on USB block - firmware: bootcode: Change USB 1.1 to have 64 byte endpoints - firmware: bootcode: Set MSD serial number to be the Pi serial number - firmware: imx219: Extend line length for long frame times - firmware: 2ndstage: Improve i2c_gpio support - firmware: i2c_gpio: Improve implementation and usage - firmware: Camplus: Enable RAW12 support in the ISP input formatter - firmware: scalerlib: Don't flip tiled format and swap R/B - firmware: arm_display: Provide mechanism to request tiled format framebuffer See: #820 - firmware: platform: Set BT LPO frequency to 32768Hz See: #831 - firmware: arm_display: Fix mixup with xres/xres_virtual See: https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=187058 - firmware: video_render: Relax the alignment requirements for pitches - firmware: vc_image: Use vpitch when determining size of YUV buffers - firmware: Fix regression in uart clock frequency See: #833 - bootcode: usb: Dont overwrite configured parameters - firmware: usb: Force MSD app to use CM3 pin conf - firmware: IL ISP: Fix typo in logging - firmware: IL ISP: Add black level and lens shading controls - firmware: isp: Correct ISP Bayer stride calcs for supported formats - firmware: Remove unused duplicate versions of vc_sm_defs.h - firmware: IL camera: add get_parameter for OMX_IndexConfigCustomAwbGains - firmware: IL resize: Support get_parameter OMX_IndexConfigCommonInputCro - firmware: MMAL/RIL: Add MMAL_PARAMETER_RESIZE_PARAMS / OMX_IndexParamResize mapping - firmware: ISP IL: Add lresize output - firmware: MMAL/RIL: Add mapping for OMX_IndexConfigCommon[In|Out]putCrop - firmware: MMAL/RIL: Correct handling of MMAL_PARAMETER_VIDEO_SOURCE_PATTERN - firmware: IL ISP: Add H & V flip support - firmware: IL ISP: Implement OMX_IndexConfigCommonInputCrop - firmware: imx219: Refactor exposure calculations - firmware: dmalib: Stop spinning on dma_pause if END is signalled See: #824 - firmware: MMAL: Avoid lockup with opaque stripes into opaque frame callback See: raspberrypi/userland#390 - firmware: RIL null_sink: Support MMAL opaque input See: raspberrypi/userland#388 - firmware: arm_display: Avoid hang when display_rotate is used with vc4-kms-v3d driver See: guysoft/FullPageOS#137 - firmware: 2ndstage: Fix printing of zero as a decimal in uart_printf - firmware: cdi_camera: Allow GPIO control on FS and FE events - firmware: IL ISP: Add option to alter the shift in the output stage - firmware: IL ISP: Add option for adjusting the input CCM - firmware: vc_image: fix size calcs for YUV_UV_16 - firmware: vc_image_helper: Add YUV 16 bit formats to second header - firmware: isp: Avoid setting vpitch in YUVUV16 cases - firmware: isp: Handle 16 bit yuv in ip_is_supported_format - firmware: hello_fft: Fixup offset calculation when mapping/unmapping buffers See: raspberrypi/userland#408 - bootcode: Default to using total_mem=1024 - firmware: logging: Avoid wraparound issue with total_mem=1024 - firmware: armstubs: Add wfe to ARMv7/ARMv8-32 stubs See: raspberrypi/linux#1989 - firmware: arm_loader: Use ethernet0 as fallback for placing DT MAC address See: #846 - firmware: dt-blob: Remove Zero W static I2C0 mapping on 28 & 29 See: raspberrypi/linux#2130 - firmware: Revert arm_display: Avoid hang when display_rotate is used with vc4-kms-v3d driver - firmware: arm_display: Avoid hang when display_rotate is used with vc4-kms-v3d driver 2 See: #849 See: #853 - firmware: vc_image headers: Tidy up duplication - firmware: video_splitter: Only copy eColorFormat if not already set See: https://www.raspberrypi.org/forums/viewtopic.php?f=43&t=189830 - firmware: vcsm: Add new clean/invalidate command for 2D blocks - firmware: gpuserver: Switch to using custom queue - firmware: gpuserver: Add priority to queue - firmware: MMAL/IL I420 and YUVUV 10bpp formats, + VCSM DMABUF import - firmware: CEC: Fix crash when remote button release is received without a pressed See: https://forum.kodi.tv/showthread.php?tid=280408 - firmware: arm_loader display: Correct variable scope by renaming See: https://www.raspberrypi.org/forums/viewtopic.php?f=43&t=84889
|
Assuming happy, closing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
valgrind picked up the following:
==1574== Thread 7 HTV Notify:
==1574== Conditional jump or move depends on uninitialised value(s)
==1574== at 0x6BF0A64: tvservice_notify_func (in /opt/vc/lib/libbcm_host.so)
==1574== Uninitialised value was created by a stack allocation
==1574== at 0x6BF095C: tvservice_notify_func (in /opt/vc/lib/libbcm_host.so)
Looking at stack allocated variables in tvservice_notify_func in https://github.com/raspberrypi/userland/blob/master/interface/vmcs_host/vc_vchi_tvservice.c I tripped over the following code:
tvstate will be left initialised if tvservice_send_command_reply() returns something other than success, leaving " if (tvstate.state & VC_HDMI_ATTACHED)" bogus.
tvservice_send_command_reply() needs to be error checked as is everywhere else in the code.
The text was updated successfully, but these errors were encountered: