lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7b58f7c7-1586-0e0f-4166-d5132322fe58@canonical.com>
Date:   Mon, 3 May 2021 12:58:25 +0100
From:   Colin Ian King <colin.king@...onical.com>
To:     Dan Carpenter <dan.carpenter@...cle.com>,
        Khaled Romdhani <khaledromdhani216@...il.com>
Cc:     clm@...com, josef@...icpanda.com, dsterba@...e.com,
        linux-btrfs@...r.kernel.org, linux-kernel@...r.kernel.org,
        kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] fs/btrfs: Fix uninitialized variable

On 03/05/2021 12:55, Dan Carpenter wrote:
> On Mon, May 03, 2021 at 11:13:12AM +0100, Khaled Romdhani wrote:
>> On Mon, May 03, 2021 at 10:23:22AM +0300, Dan Carpenter wrote:
>>> On Sat, May 01, 2021 at 11:50:46PM +0100, Khaled ROMDHANI wrote:
>>>> Fix the warning: variable 'zone' is used
>>>> uninitialized whenever '?:' condition is true.
>>>>
>>>> Fix that by preventing the code to reach
>>>> the last assertion. If the variable 'mirror'
>>>> is invalid, the assertion fails and we return
>>>> immediately.
>>>>
>>>> Reported-by: kernel test robot <lkp@...el.com>
>>>> Signed-off-by: Khaled ROMDHANI <khaledromdhani216@...il.com>
>>>> ---
>>>
>>> This is not how you send a v4 patch...  v2 patches have to apply to the
>>> original code and not on top of the patched code.
>>>
>>> I sort of think you should find a different thing to work on.  This code
>>> works fine as-is.  Just leave it and try to find a real bug and fix that
>>> instead.
>>>
>>> regards,
>>> dan carpenter
>>>
>>
>> Sorry, I was wrong and I shall send a proper V4.
>>
>> Yes, this code works fine just a warning caught by Coverity scan analysis. 
> 
> We're going to a lot of work to silence a static checker false positive.
> As a rule, I tell people to ignore the static checker when it is wrong.
> 
> Btw, Smatch parses this code correctly and understands that the callers
> only pass valid values for "mirror".

..and Coverity does report a lot of false positives, so one needs to be
really sure the issue is a genuine issue rather than a warning that can
be ignore.

Colin

> 
> regards,
> dan carpenter
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ