lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 2 Dec 2022 13:26:03 +0300
From:   Dan Carpenter <error27@...il.com>
To:     liqiong <liqiong@...china.com>
Cc:     Peilin Ye <yepeilin.cs@...il.com>,
        Simon Horman <horms@...ge.net.au>,
        Julian Anastasov <ja@....bg>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>,
        "David S . Miller" <davem@...emloft.net>,
        Eric Dumazet <edumazet@...gle.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, lvs-devel@...r.kernel.org,
        netfilter-devel@...r.kernel.org, kernel-janitors@...r.kernel.org,
        coreteam@...filter.org, Yu Zhe <yuzhe@...china.com>
Subject: Re: [PATCH] ipvs: initialize 'ret' variable in do_ip_vs_set_ctl()

On Fri, Dec 02, 2022 at 06:18:37PM +0800, liqiong wrote:
> 
> 
> 在 2022年12月02日 18:07, Dan Carpenter 写道:
> > On Fri, Dec 02, 2022 at 11:25:11AM +0800, Li Qiong wrote:
> >> The 'ret' should need to be initialized to 0, in case
> >> return a uninitialized value because no default process
> >> for "switch (cmd)".
> >>
> >> Signed-off-by: Li Qiong <liqiong@...china.com>
> > If this is a real bug, then it needs a fixes tag.  The fixes tag helps
> > us know whether to back port or not and it also helps in reviewing the
> > patch.  Also get_maintainer.pl will CC the person who introduced the
> > bug so they can review it.  They are normally the best person to review
> > their own code.
> >
> > Here it would be:
> > Fixes: c5a8a8498eed ("ipvs: Fix uninit-value in do_ip_vs_set_ctl()")
> >
> > Which is strange...  Also it suggest that the correct value is -EINVAL
> > and not 0.
> >
> > The thing about uninitialized variable bugs is that Smatch and Clang
> > both warn about them so they tend to get reported pretty quick.
> > Apparently neither Nathan nor I sent forwarded this static checker
> > warning.  :/
> >
> > regards,
> > dan carpenter
> 
> It is not a real bug,   I  use tool (eg: smatch, sparse) to audit the
> code,  got this warning and check it, found may be a real problem.

Yeah.  If it is a false positive just ignore it, do not bother to
silence wrong static checker warnings.

The code in question here is:

	if (len != set_arglen[CMDID(cmd)]) {

The only time that condition can be true is for the cases in the switch
statement.  So Peilin's patch is correct.

Smatch is bad at understanding arrays so Smatch cannot parse the if
statement above as a human reader can.

regards,
dan carpenter

Powered by blists - more mailing lists