| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90cddfa9-2d0c-4806-b3df-6a5ddd13c97f@suswa.mountain> Date: Thu, 17 Jul 2025 17:02:32 +0300 From: Dan Carpenter <dan.carpenter@...aro.org> To: Antonio Quartulli <antonio@...delbit.com> Cc: Sergey Bashirov <sergeybashirov@...il.com>, linux-nfs@...r.kernel.org, Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>, Konstantin Evtushenko <koevtushenko@...dex.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] pNFS: fix uninitialized pointer access On Thu, Jul 17, 2025 at 10:01:42AM +0200, Antonio Quartulli wrote: > > I agree a comment would help. > > > Another option would be to initialize the be_prev to NULL. This will > > silence the uninitialized variable warning. > > But will likely trigger a potential NULL-ptr-deref, because the static > analyzer believes we can get there with count==0. > I don't know how Coverity does this. In my experience, writing Smatch I had to treat initializations to NULL as "ignore this variable". We used to have an uninitialized_var() macro to silence uninitialized variables. It did an assignment to itself something like: #define uninitialized_var(x) x = x But we removed it and changed all those places to just initialize the variables to zero. Even before, initializing things to zero was the standard way to silence GCC uninitialized variable warnings, so warning about NULL pointer dereferences tended to be prone to false positives and the worst kind of really complicated false positives too. regards, dan carpenter
Powered by blists - more mailing lists