| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260120131827.12183-1-jun85566@gmail.com>
Date: Tue, 20 Jan 2026 22:18:27 +0900
From: Lee Yongjun <jun85566@...il.com>
To: yury.norov@...il.com
Cc: linux@...musvillemoes.dk,
akpm@...ux-foundation.org,
linux-kernel@...r.kernel.org,
Lee Yongjun <jun85566@...il.com>
Subject: [PATCH] lib/find_bit: fix uninitialized variable use in FIND_NTH_BIT
In the FIND_NTH_BIT macro, if the 'size' parameter is 0, both the
loop conditions and the modulo condition are not met. Consequently,
the 'tmp' variable remains uninitialized before being used in the
'found' label.
This results in the following smatch errors:
lib/find_bit.c:164 __find_nth_bit() error: uninitialized symbol 'tmp'.
lib/find_bit.c:171 __find_nth_and_bit() error: uninitialized symbol 'tmp'.
lib/find_bit.c:178 __find_nth_andnot_bit() error: uninitialized symbol 'tmp'.
lib/find_bit.c:187 __find_nth_and_andnot_bit() error: uninitialized symbol 'tmp'.
Initialize 'tmp' to 0 to ensure that fns() operates on a zeroed value
(no bits set) when size is 0, preventing the use of garbage values.
Signed-off-by: Lee Yongjun <jun85566@...il.com>
---
lib/find_bit.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/find_bit.c b/lib/find_bit.c
index d4b5a29e3e72..5a0066c26d9a 100644
--- a/lib/find_bit.c
+++ b/lib/find_bit.c
@@ -71,7 +71,7 @@ out: \
#define FIND_NTH_BIT(FETCH, size, num) \
({ \
- unsigned long sz = (size), nr = (num), idx, w, tmp; \
+ unsigned long sz = (size), nr = (num), idx, w, tmp = 0; \
\
for (idx = 0; (idx + 1) * BITS_PER_LONG <= sz; idx++) { \
if (idx * BITS_PER_LONG + nr >= sz) \
--
2.34.1
Powered by blists - more mailing lists