assoc_array.c uninitialized variable (was: Re: [PATCH 02/10] Add ageneric associative array implementation.)

From: Geert Uytterhoeven
Date: Sat Nov 23 2013 - 07:09:58 EST

Next message: Sebastian Reichel: "Re: [PATCH v2 2/3] hwrng: OMAP3 ROM Random Number Generator support"
Previous message: Sebastian Reichel: "Re: [PATCH] iio:light:tsl2563: Add DT support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 17, 2013 at 10:43 PM, David Howells <dhowells@xxxxxxxxxx> wrote:
> +/*
> + * Handle insertion into a terminal node.
> + */
> +static bool assoc_array_insert_into_terminal_node(struct assoc_array_edit *edit,
> + const struct assoc_array_ops *ops,
> + const void *index_key,
> + struct assoc_array_walk_result *result)
> +{
> + struct assoc_array_shortcut *shortcut, *new_s0;
> + struct assoc_array_node *node, *new_n0, *new_n1, *side;
> + struct assoc_array_ptr *ptr;
> + unsigned long dissimilarity, base_seg, blank;
> + size_t keylen;
> + bool have_meta;
> + int level, diff;
> + int slot, next_slot, free_slot, i, j;

lib/assoc_array.c: In function âassoc_array_insert_into_terminal_nodeâ:
lib/assoc_array.c:502: warning: âjâ may be used uninitialized in this function

> + /* Begin by finding two matching leaves. There have to be at least two
> + * that match - even if there are meta pointers - because any leaf that
> + * would match a slot with a meta pointer in it must be somewhere
> + * behind that meta pointer and cannot be here. Further, given N
> + * remaining leaf slots, we now have N+1 leaves to go in them.
> + */
> + for (i = 0; i < ASSOC_ARRAY_FAN_OUT; i++) {
> + slot = edit->segment_cache[i];
> + if (slot != 0xff)
> + for (j = i + 1; j < ASSOC_ARRAY_FAN_OUT + 1; j++)

j is initialized here, but only if slot != 0xff.

The comment above states "there have to be at least two that match",
so this may be a false positive, but better safe than sorry.

> + if (edit->segment_cache[j] == slot)
> + goto found_slot_for_multiple_occupancy;
> + }
> +found_slot_for_multiple_occupancy:
> + pr_devel("same slot: %x %x [%02x]\n", i, j, slot);
> + BUG_ON(i >= ASSOC_ARRAY_FAN_OUT);
> + BUG_ON(j >= ASSOC_ARRAY_FAN_OUT + 1);
> + BUG_ON(slot >= ASSOC_ARRAY_FAN_OUT);

Gr{oetje,eeting}s,

Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sebastian Reichel: "Re: [PATCH v2 2/3] hwrng: OMAP3 ROM Random Number Generator support"
Previous message: Sebastian Reichel: "Re: [PATCH] iio:light:tsl2563: Add DT support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]