b43{,legacy}_start can return uninitialized value

[Adrian Bunk]

drivers/net/wireless/b43/main.c:b43_start() consists of the
following code:

<--  snip -->

static int b43_start(struct ieee80211_hw *hw)
{
        struct b43_wl *wl = hw_to_b43_wl(hw);
        struct b43_wldev *dev = wl->current_dev;
        int did_init = 0;
        int err;

        mutex_lock(&wl->mutex);

        if (b43_status(dev) < B43_STAT_INITIALIZED) {
                err = b43_wireless_core_init(dev);
                if (err)
                        goto out_mutex_unlock;
                did_init = 1;
        }

        if (b43_status(dev) < B43_STAT_STARTED) {
                err = b43_wireless_core_start(dev);
                if (err) {
                        if (did_init)
                                b43_wireless_core_exit(dev);
                        goto out_mutex_unlock;
                }
        }

 out_mutex_unlock:
        mutex_unlock(&wl->mutex);

        return err;
}

<--  snip  -->


If (b43_status(dev) == B43_STAT_STARTED) this function returns the value 
of an uninitialized variable.

drivers/net/wireless/b43legacy/main.c:b43legacy_start() has the same 
issue.

Spotted by the Coverity checker.


cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/