ASoC: Intel: atom: remove static analysis false positive
authorPierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Mon, 31 Jul 2023 21:37:47 +0000 (16:37 -0500)
committerMark Brown <broonie@kernel.org>
Mon, 31 Jul 2023 22:22:17 +0000 (23:22 +0100)
make KCFLAGS='-fanalyzer' sound/soc/intel/atom/ reports a possible
NULL pointer dereference.

sound/soc/intel/atom/sst/sst_stream.c:221:40: error: dereference of
NULL ‘block’ [CWE-476] [-Werror=analyzer-null-dereference]
  221 |                         unsigned char *r = block->data;

This is a false-positive, the GCC analyzer generated that report by
considering if (bytes->block) as true in some cases and false in
others.

We can simplify the code and use a local variable so that static
analysis does not try to look for cases where bytes->block can be
modified concurrently.

Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
Reviewed-by: Rander Wang <rander.wang@intel.com>
Reviewed-by: Daniel Baluta <daniel.baluta@nxp.com>
Reviewed-by: Yaochun Hung <yc.hung@mediatek.com>
Link: https://lore.kernel.org/r/20230731213748.440285-8-pierre-louis.bossart@linux.intel.com
Signed-off-by: Mark Brown <broonie@kernel.org>
sound/soc/intel/atom/sst/sst_stream.c

index 862a19ae54299f071391fd533a9be91ef27d1800..288221db7323f600c7007aa4b18f991e1750d01a 100644 (file)
@@ -173,10 +173,11 @@ int sst_send_byte_stream_mrfld(struct intel_sst_drv *sst_drv_ctx,
        u32 length;
        int pvt_id, ret = 0;
        struct sst_block *block = NULL;
+       u8 bytes_block = bytes->block;
 
        dev_dbg(sst_drv_ctx->dev,
                "type:%u ipc_msg:%u block:%u task_id:%u pipe: %#x length:%#x\n",
-               bytes->type, bytes->ipc_msg, bytes->block, bytes->task_id,
+               bytes->type, bytes->ipc_msg, bytes_block, bytes->task_id,
                bytes->pipe_id, bytes->len);
 
        if (sst_create_ipc_msg(&msg, true))
@@ -185,12 +186,12 @@ int sst_send_byte_stream_mrfld(struct intel_sst_drv *sst_drv_ctx,
        pvt_id = sst_assign_pvt_id(sst_drv_ctx);
        sst_fill_header_mrfld(&msg->mrfld_header, bytes->ipc_msg,
                        bytes->task_id, 1, pvt_id);
-       msg->mrfld_header.p.header_high.part.res_rqd = bytes->block;
+       msg->mrfld_header.p.header_high.part.res_rqd = bytes_block;
        length = bytes->len;
        msg->mrfld_header.p.header_low_payload = length;
        dev_dbg(sst_drv_ctx->dev, "length is %d\n", length);
        memcpy(msg->mailbox_data, &bytes->bytes, bytes->len);
-       if (bytes->block) {
+       if (bytes_block) {
                block = sst_create_block(sst_drv_ctx, bytes->ipc_msg, pvt_id);
                if (block == NULL) {
                        kfree(msg);
@@ -203,7 +204,7 @@ int sst_send_byte_stream_mrfld(struct intel_sst_drv *sst_drv_ctx,
        dev_dbg(sst_drv_ctx->dev, "msg->mrfld_header.p.header_low_payload:%d",
                        msg->mrfld_header.p.header_low_payload);
 
-       if (bytes->block) {
+       if (bytes_block) {
                ret = sst_wait_timeout(sst_drv_ctx, block);
                if (ret) {
                        dev_err(sst_drv_ctx->dev, "fw returned err %d\n", ret);
@@ -216,7 +217,7 @@ int sst_send_byte_stream_mrfld(struct intel_sst_drv *sst_drv_ctx,
                 * copy the reply and send back
                 * we need to update only sz and payload
                 */
-               if (bytes->block) {
+               if (bytes_block) {
                        unsigned char *r = block->data;
 
                        dev_dbg(sst_drv_ctx->dev, "read back %d bytes",
@@ -224,7 +225,7 @@ int sst_send_byte_stream_mrfld(struct intel_sst_drv *sst_drv_ctx,
                        memcpy(bytes->bytes, r, bytes->len);
                }
        }
-       if (bytes->block)
+       if (bytes_block)
                sst_free_block(sst_drv_ctx, block);
 out:
        test_and_clear_bit(pvt_id, &sst_drv_ctx->pvt_id);