lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160311111909.GE5273@mwanda>
Date:	Fri, 11 Mar 2016 14:19:09 +0300
From:	Dan Carpenter <dan.carpenter@...cle.com>
To:	Hannes Reinecke <hare@...e.de>
Cc:	"James E.J. Bottomley" <JBottomley@...n.com>,
	"Martin K. Petersen" <martin.petersen@...cle.com>,
	Bart Van Assche <bart.vanassche@...disk.com>,
	Johannes Thumshirn <jthumshirn@...e.de>,
	Ewan Milne <emilne@...hat.com>, linux-scsi@...r.kernel.org,
	linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [patch] scsi_dh_alua: uninitialized variable in alua_check_vpd()

On Fri, Mar 11, 2016 at 11:50:30AM +0100, Hannes Reinecke wrote:
> On 03/11/2016 11:17 AM, Dan Carpenter wrote:
> > The pg_updated variable is support to be set to zero at the start but
> > it is uninitialized.
> > 
> > Fixes: cb0a168cb6b8 ('scsi_dh_alua: update 'access_state' field')
> > Signed-off-by: Dan Carpenter <dan.carpenter@...cle.com>
> > 
> > diff --git a/drivers/scsi/device_handler/scsi_dh_alua.c b/drivers/scsi/device_handler/scsi_dh_alua.c
> > index 5bcdf8d..e4f6174 100644
> > --- a/drivers/scsi/device_handler/scsi_dh_alua.c
> > +++ b/drivers/scsi/device_handler/scsi_dh_alua.c
> > @@ -332,7 +332,7 @@ static int alua_check_vpd(struct scsi_device *sdev, struct alua_dh_data *h,
> >  {
> >  	int rel_port = -1, group_id;
> >  	struct alua_port_group *pg, *old_pg = NULL;
> > -	bool pg_updated;
> > +	bool pg_updated = 0;
> >  	unsigned long flags;
> >  
> >  	group_id = scsi_vpd_tpg_id(sdev, &rel_port);
> > 
> I'd prefer 'pg_updated = false'.
> Not that we trip over a static code analyser here :-)

Duh...  Sorry about that.

regards,
dan carpenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ