[bug report] HID: pidff: Add support for AXES_ENABLE field
From: Dan Carpenter <hidden>
Date: 2025-08-19 08:33:22
Hello Tomasz Pakuła,
This is a semi-automatic email about new static checker warnings.
Commit 1d72e7bd340b ("HID: pidff: Add support for AXES_ENABLE field")
from Aug 13, 2025, leads to the following Smatch complaint:
drivers/hid/usbhid/hid-pidff.c:1308 pidff_find_special_fields()
error: we previously assumed 'pidff->axes_enable' could be null (see line 1302)
drivers/hid/usbhid/hid-pidff.c:1322 pidff_find_special_fields()
warn: variable dereferenced before check 'pidff->axes_enable' (see line 1308)
drivers/hid/usbhid/hid-pidff.c
1295 if (PIDFF_FIND_SPECIAL_KEYS(operation_id, effect_operation_status,
1296 effect_operation_status) !=
1297 ARRAY_SIZE(pidff_effect_operation_status)) {
1298 hid_err(pidff->hid, "effect operation identifiers not found\n");
1299 return -1;
1300 }
1301
1302 if (!pidff->axes_enable)
^^^^^^^^^^^^^^^^^^
This assumes pidff->axes_enable can be NULL
1303 hid_info(pidff->hid, "axes enable field not found!\n");
1304 else
1305 hid_dbg(pidff->hid, "axes enable report count: %u\n",
1306 pidff->axes_enable->report_count);
1307
1308 uint found = PIDFF_FIND_GENERAL_DESKTOP(direction_axis_id, axes_enable,
1309 direction_axis);
But the PIDFF_FIND_GENERAL_DESKTOP() function dereferences it without
checking so if it's NULL then it will crash.
1310
1311 pidff->axis_count = found;
1312 hid_dbg(pidff->hid, "found direction axes: %u", found);
1313
1314 for (int i = 0; i < sizeof(pidff_direction_axis); i++) {
1315 if (!pidff->direction_axis_id[i])
1316 continue;
1317
1318 hid_dbg(pidff->hid, "axis %d, usage: 0x%04x, index: %d", i + 1,
1319 pidff_direction_axis[i], pidff->direction_axis_id[i]);
1320 }
1321
1322 if (pidff->axes_enable && found != pidff->axes_enable->report_count)
^^^^^^^^^^^^^^^^^^
Checked for NULL again.
1323 hid_warn(pidff->hid, "axes_enable: %u != direction axes: %u",
1324 pidff->axes_enable->report_count, found);
regards,
dan carpenter