| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 27 Jan 2020 08:10:02 -0600
From: Alex Elder <elder@...aro.org>
To: SAURAV GIREPUNJE <saurav.girepunje@...il.com>,
Johan Hovold <johan@...nel.org>
Cc: devel@...verdev.osuosl.org, elder@...nel.org, vireshk@...nel.org,
linux-kernel@...r.kernel.org, greybus-dev@...ts.linaro.org
Subject: Re: [greybus-dev] [PATCH] staging: greybus: bootrom: fix
uninitialized variables
On 1/25/20 6:14 AM, SAURAV GIREPUNJE wrote:
> On 25/01/20 11:00 +0100, Johan Hovold wrote:
>> On Sat, Jan 25, 2020 at 02:14:03PM +0530, Saurav Girepunje wrote:
>>> fix uninitialized variables issue found using static code analysis tool
>>
>> Which tool is that?
>>
>>> (error) Uninitialized variable: offset
>>> (error) Uninitialized variable: size
>>>
>>> Signed-off-by: Saurav Girepunje <saurav.girepunje@...il.com>
>>> ---
>>> drivers/staging/greybus/bootrom.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/drivers/staging/greybus/bootrom.c b/drivers/staging/greybus/bootrom.c
>>> index a8efb86..9eabeb3 100644
>>> --- a/drivers/staging/greybus/bootrom.c
>>> +++ b/drivers/staging/greybus/bootrom.c
>>> @@ -245,7 +245,7 @@ static int gb_bootrom_get_firmware(struct gb_operation *op)
>>> struct gb_bootrom_get_firmware_request *firmware_request;
>>> struct gb_bootrom_get_firmware_response *firmware_response;
>>> struct device *dev = &op->connection->bundle->dev;
>>> - unsigned int offset, size;
>>> + unsigned int offset = 0, size = 0;
>>> enum next_request_type next_request;
>>> int ret = 0;
>>
>> I think this has come up in the past, and while the code in question is
>> overly complicated and confuses static checkers as well as humans, it
>> looks correct to me.
>>
>> Please make sure to verify the output of any tools before posting
>> patches based on them.
>>
>> Johan
> I used cppcheck tool .
Implied in Johan's question is a suggestion.
When you propose a patch that addresses something flagged by a
tool of some kind, it is good practice to identify the tool in
the patch description, and even better, give an example of how
the tool was invoked when reported the problem you're fixing.
Sometimes people even include the output of the tool, though
I think that can sometimes be a bit much.
And as you have now heard several times, do not blindly trust
the output of these tools. They're intended to call attention
to things for you to examine; they are no match for a human,
and things they tell you about are not guaranteed to be real
problems.
-Alex
> _______________________________________________
> greybus-dev mailing list
> greybus-dev@...ts.linaro.org
> https://lists.linaro.org/mailman/listinfo/greybus-dev
Powered by blists - more mailing lists