lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190709224329.GA26727@archlinux-epyc>
Date:   Tue, 9 Jul 2019 15:43:29 -0700
From:   Nathan Chancellor <natechancellor@...il.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Dennis Dalessandro <dennis.dalessandro@...el.com>,
        Mike Marciniszyn <mike.marciniszyn@...el.com>,
        Doug Ledford <dledford@...hat.com>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Kamenee Arumugam <kamenee.arumugam@...el.com>,
        linux-rdma@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] IB/rdmavt: Remove err declaration in if statement in
 rvt_create_cq

On Tue, Jul 09, 2019 at 03:38:57PM -0700, Nick Desaulniers wrote:
> On Tue, Jul 9, 2019 at 3:13 PM Nathan Chancellor
> <natechancellor@...il.com> wrote:
> >
> > clang warns:
> >
> > drivers/infiniband/sw/rdmavt/cq.c:260:7: warning: variable 'err' is used
> 
> Oh, !$*@, this is a tricky one.  While the if scoped `err` declared on
> L250 is initialized when used at L260, the function scoped `err`
> declared on L211 is not initialized when it is used on L310 when
> control flow enters the if on L249 then the goto on L255 or L261.  So
> this is a bug due to the if scoped `err` "shadowing" the function
> scoped `err`.
> 
> Maybe not important enough to send a v2, but I feel like the commit
> message should say something along the lines of `fix a potential use
> of uninitialized memory due to shadowing`.  Either way, this fixes a
> real bug, so thanks for the patch.
> Reviewed-by: Nick Desaulniers <ndesaulniers@...gle.com>

Gah, shadowing was the word I was looking for. Knew the behavior, didn't
remember what it was called. I like the clarity of your explanation
better so I will clean up the message and send a v2 shortly with your
reviewed by.

Thanks for the review!
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ