| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250715221403.1339526-1-kuniyu@google.com>
Date: Tue, 15 Jul 2025 22:14:01 +0000
From: Kuniyuki Iwashima <kuniyu@...gle.com>
To: nathan@...nel.org
Cc: courmisch@...il.com, davem@...emloft.net, edumazet@...gle.com,
horms@...nel.org, kuba@...nel.org, llvm@...ts.linux.dev,
netdev@...r.kernel.org, pabeni@...hat.com
Subject: Re: -Wuninitialized-const-pointer in net/phonet/pep.c
From: Nathan Chancellor <nathan@...nel.org>
Date: Tue, 15 Jul 2025 13:16:37 -0700
> Hi all,
>
> A new warning in clang [1] points out that dst is not initialized when
> passed to pep_find_pipe() in pep_sock_accept():
>
> net/phonet/pep.c:829:37: error: variable 'dst' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer]
> 829 | newsk = pep_find_pipe(&pn->hlist, &dst, pipe_handle);
> | ^~~
>
> It looks like this was introduced by commit f7ae8d59f661 ("Phonet:
> allocate sock from accept syscall rather than soft IRQ") if I understand
> correctly. Prior to that change, both calls to pep_find_pipe() were in
> the same function with pn_skb_get_dst_sockaddr(skb, &dst) before them,
> so dst would always be initialized. Should pn_skb_get_dst_sockaddr() be
> called before pep_find_pipe() in pep_sock_accept() as well
This sounds good to me, and AFAICT, there's no fix queued for this uninit
issue in net.git.
Could you post an official patch ?
> or is there
> some other fix for this? I am not familiar with this code, hence the
> inquiry.
>
> [1]: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d441f19b319e
Powered by blists - more mailing lists