* static analysis bug report in drivers/staging/iio/dac/ad5380.c
@ 2019-08-15 10:21 Colin Ian King
2019-08-15 11:40 ` Lars-Peter Clausen
0 siblings, 1 reply; 2+ messages in thread
From: Colin Ian King @ 2019-08-15 10:21 UTC (permalink / raw)
To: Lars-Peter Clausen, Jonathan Cameron, Hartmut Knaack,
Peter Meerwald-Stadler, Greg Kroah-Hartman, Michael Hennerich,
Stefan Popa, linux-iio, devel
Cc: linux-kernel
Hi,
Static analysis with Coverity Scan has detected a potential assignment
bug in ad5380.c:
217 case IIO_CHAN_INFO_CALIBBIAS:
218 ret = regmap_read(st->regmap,
AD5380_REG_OFFSET(chan->address),
219 val);
220 if (ret)
221 return ret;
222 *val >>= chan->scan_type.shift;
CID 43178 (#1 of 1): Unused value (UNUSED_VALUE)assigned_pointer:
Assigning value from val - (1 << chan->scan_type.realbits) / 2 to val
here, but that stored value is not used.
223 val -= (1 << chan->scan_type.realbits) / 2;
224 return IIO_VAL_INT;
val is a pointer and so updating it before a return is probably not the
intention. I suspect the intention was probably:
*val -= (1 << chan->scan_type.realbits) / 2;
However, I'm not confident about this as the following case has:
225 case IIO_CHAN_INFO_SCALE:
226 *val = 2 * st->vref;
227 *val2 = chan->scan_type.realbits;
228 return IIO_VAL_FRACTIONAL_LOG2;
which may imply the update maybe to *val2 instead, e.g.:
*val2 -= (1 << chan->scan_type.realbits) / 2;
Any ideas?
Colin
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: static analysis bug report in drivers/staging/iio/dac/ad5380.c
2019-08-15 10:21 static analysis bug report in drivers/staging/iio/dac/ad5380.c Colin Ian King
@ 2019-08-15 11:40 ` Lars-Peter Clausen
0 siblings, 0 replies; 2+ messages in thread
From: Lars-Peter Clausen @ 2019-08-15 11:40 UTC (permalink / raw)
To: Colin Ian King, Jonathan Cameron, Hartmut Knaack,
Peter Meerwald-Stadler, Greg Kroah-Hartman, Michael Hennerich,
Stefan Popa, linux-iio, devel
Cc: linux-kernel
On 8/15/19 12:21 PM, Colin Ian King wrote:
> Hi,
>
> Static analysis with Coverity Scan has detected a potential assignment
> bug in ad5380.c:
>
> 217 case IIO_CHAN_INFO_CALIBBIAS:
> 218 ret = regmap_read(st->regmap,
> AD5380_REG_OFFSET(chan->address),
> 219 val);
> 220 if (ret)
> 221 return ret;
> 222 *val >>= chan->scan_type.shift;
>
> CID 43178 (#1 of 1): Unused value (UNUSED_VALUE)assigned_pointer:
> Assigning value from val - (1 << chan->scan_type.realbits) / 2 to val
> here, but that stored value is not used.
>
> 223 val -= (1 << chan->scan_type.realbits) / 2;
> 224 return IIO_VAL_INT;
>
> val is a pointer and so updating it before a return is probably not the
> intention. I suspect the intention was probably:
>
> *val -= (1 << chan->scan_type.realbits) / 2;
>
> However, I'm not confident about this as the following case has:
>
> 225 case IIO_CHAN_INFO_SCALE:
> 226 *val = 2 * st->vref;
> 227 *val2 = chan->scan_type.realbits;
> 228 return IIO_VAL_FRACTIONAL_LOG2;
>
> which may imply the update maybe to *val2 instead, e.g.:
>
> *val2 -= (1 << chan->scan_type.realbits) / 2;
>
> Any ideas?
Updating changing val to *val is the right fix in this case.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-15 12:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-15 10:21 static analysis bug report in drivers/staging/iio/dac/ad5380.c Colin Ian King
2019-08-15 11:40 ` Lars-Peter Clausen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).