From owner-freebsd-bugs@FreeBSD.ORG  Mon Aug  6 08:30:06 2012
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2A0E81065674
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Aug 2012 08:30:06 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id EE3E18FC17
	for <freebsd-bugs@hub.freebsd.org>;
	Mon,  6 Aug 2012 08:30:05 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q768U5ZZ090023
	for <freebsd-bugs@freefall.freebsd.org>; Mon, 6 Aug 2012 08:30:05 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q768U5eC090020;
	Mon, 6 Aug 2012 08:30:05 GMT (envelope-from gnats)
Resent-Date: Mon, 6 Aug 2012 08:30:05 GMT
Resent-Message-Id: <201208060830.q768U5eC090020@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Dimitry Andric <dim@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EA9D31065721
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  6 Aug 2012 08:28:16 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 812058FC0A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Mon,  6 Aug 2012 08:28:16 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q768SGQe065068
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 6 Aug 2012 08:28:16 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q768SGs8065067;
	Mon, 6 Aug 2012 08:28:16 GMT (envelope-from nobody)
Message-Id: <201208060828.q768SGs8065067@red.freebsd.org>
Date: Mon, 6 Aug 2012 08:28:16 GMT
From: Dimitry Andric <dim@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/170411: Uninitialized variables in if_ath.c
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2012 08:30:06 -0000


>Number:         170411
>Category:       kern
>Synopsis:       Uninitialized variables in if_ath.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 06 08:30:05 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Dimitry Andric
>Release:        10.0-CURRENT
>Organization:
The FreeBSD Project
>Environment:
FreeBSD vm-dvs-dimtest1.home.andric.com 10.0-CURRENT FreeBSD 10.0-CURRENT #1 r238827M: Fri Jul 27 20:42:11 CEST 2012 dim@vm-dvs-dimtest1.home.andric.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
I'm busy with importing a new clang snapshot into head. This version
has a bunch of interesting new warnings, and I got the following one
during building of ath:

  sys/dev/ath/if_ath.c:4337:6: error: variable 'isCalDone' is used uninitialized whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
	  if (shortCal || longCal) {
	      ^~~~~~~~~~~~~~~~~~~
  sys/dev/ath/if_ath.c:4354:7: note: uninitialized use occurs here
	  if (!isCalDone) {
	       ^~~~~~~~~
  sys/dev/ath/if_ath.c:4337:2: note: remove the 'if' if its condition is always true
	  if (shortCal || longCal) {
	  ^~~~~~~~~~~~~~~~~~~~~~~~~
  sys/dev/ath/if_ath.c:4288:2: note: variable 'isCalDone' is declared here
	  HAL_BOOL longCal, isCalDone;
	  ^

It's because isCalDone is never initialized, if shortCal and longCal are
both false.  In that case, the next test for isCalDone will have an
unpredictable result.

Looking at the code in the various ar5xxxPerCalibrationN() functions,
they only seem to set isCalDone to AH_TRUE in the explicit case
calibration succeeded, so initializing isCalDone to AH_FALSE at the
start of ath_calibrate() looks like the safest thing to do.

Please see the attached patch.

>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff --git a/sys/dev/ath/if_ath.c b/sys/dev/ath/if_ath.c
index caae6308..bc88c7b 100644
--- a/sys/dev/ath/if_ath.c
+++ b/sys/dev/ath/if_ath.c
@@ -4285,7 +4285,7 @@ ath_calibrate(void *arg)
 	struct ath_hal *ah = sc->sc_ah;
 	struct ifnet *ifp = sc->sc_ifp;
 	struct ieee80211com *ic = ifp->if_l2com;
-	HAL_BOOL longCal, isCalDone;
+	HAL_BOOL longCal, isCalDone = AH_FALSE;
 	HAL_BOOL aniCal, shortCal = AH_FALSE;
 	int nextcal;
 


>Release-Note:
>Audit-Trail:
>Unformatted: