| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jan 2017 16:41:10 +0100
From: SF Markus Elfring <elfring@...rs.sourceforge.net>
To: Al Viro <viro@...IV.linux.org.uk>, linux-alpha@...r.kernel.org
Cc: Ivan Kokshaysky <ink@...assic.park.msu.ru>,
Jan-Benedict Glaw <jbglaw@...-owl.de>,
Matt Turner <mattst88@...il.com>,
Nicolas Pitre <nicolas.pitre@...aro.org>,
Richard Cochran <richardcochran@...il.com>,
Richard Henderson <rth@...ddle.net>,
Thomas Gleixner <tglx@...utronix.de>,
LKML <linux-kernel@...r.kernel.org>,
kernel-janitors@...r.kernel.org
Subject: Re: alpha: Checking source code positions for the setting of error
codes
>> A local variable was set to an error code in two cases before a concrete
>> error situation was detected. Thus move the corresponding assignment into
>> an if branch to indicate a software failure there.
>>
>> This issue was detected by using the Coccinelle software.
>
> Why the hell is that an issue?
* Can misplaced variable assignments result in unwanted run time consequences
because of the previous approach for a control flow specification?
* How do you think about to achieve that error codes will only be set
after a specific software failure was detected?
> It's a common enough idiom,
Are corresponding implementation details worth for another look?
> and while these functions are far from being hot paths,
> blind patches like that are very much to be discouraged. NAK.
Thanks for your feedback.
Regards,
Markus
Powered by blists - more mailing lists