On 07/02/16 07:41, Greg Kroah-Hartman wrote:
> On Thu, Jan 28, 2016 at 06:48:17PM +0000, Colin Ian King wrote:
>> On 27/01/16 11:42, James Hogan wrote:
>>> Hi Colin,
>>>
>>> On Tue, Jan 26, 2016 at 11:37:25PM +0000, Colin King wrote:
>>>> From: Colin Ian King <colin.k...@canonical.com>
>>>>
>>>> number_written is not initialized, so it can be any value. In the
>>>> case where dport->xmit_cnt is zero, number_written is not set
>>>> and subsequent accesses to it will be reading a garbage value.
>>>
>>> the only subsequent accesses when dport->xmit_cnt == 0 are:
>>>
>>> /* if we've made more data available, wake up tty */
>>> if (count && number_written) {
>>>
>>> and:
>>>
>>> /* did the write fail? */
>>> return count && !number_written;
>>>
>>> but dport->xmit_cnt == 0 implies count == 0, so number_written shouldn
>> 't
>>> be used, and both will evaluate to false regardless of the uninitialis
>> ed
>>> value, so it looks fine as it is to me.
>>>
>>> Is this tripping up some static analysis tool or something?
>>
>> It was found using cppcheck, namely:
>>
>> [drivers/tty/metag_da.c:269]: (error) Uninitialized variable: number_wri
>> tten
>
> Please fix the broken tool, don't paper over it by doing unnecessary
> work in the kernel.
>
> thanks,
>
> greg k-h
>
Sorry Greg, this was my first thinko out of 80 or so fixes I've found
with static analysis. I'll try harder next time not to make a mistake.
Colin
