lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <547879BE.4050502@suse.cz>
Date:	Fri, 28 Nov 2014 14:33:50 +0100
From:	Michal Marek <mmarek@...e.cz>
To:	Peter Teoh <htmldeveloper@...il.com>
CC:	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] scripts/kconfig/menu.c warning for uninitialized "jump"

On 2014-11-21 05:22, Peter Teoh wrote:
> This warning was found in v3.18-rc3-68-g20f3963 of Linus git-tree.
> 
>   SHIPPED scripts/kconfig/zconf.hash.c
>   HOSTCC  scripts/kconfig/zconf.tab.o
> In file included from scripts/kconfig/zconf.tab.c:2537:0:
> scripts/kconfig/menu.c: In function ‘get_symbol_str’:
> scripts/kconfig/menu.c:590:18: warning: ‘jump’ may be used
> uninitialized in this function [-Wmaybe-uninitialized]
>      jump->offset = strlen(r->s);
>                   ^
> scripts/kconfig/menu.c:551:19: note: ‘jump’ was declared here
>   struct jump_key *jump;
>                    ^

First of all, the warning is bogus (the condition under which 'jump' is
used is stronger than that under which 'jump' is initialized). But since
people have been reporting the warning on and off for some time, we have
to shut it up somehow, as the affected gcc versions are not dying out,
apparently.


> -                       if (head && location && menu == location)
> +                       if (head && location && (menu == location) && (jump))
>                                 jump->offset = strlen(r->s);

Let's assume, for the sake of argument, that gcc is right and jump may
be uninitialized here. Then the added check for jump being non-null just
tests an uninitialized variable and thus behaves randomly. It prevents
the code from writing to NULL->offset, but does not prevent it from
writing to <random address>->offset.

Michal
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ