Date: Sun, 7 Feb 2016 18:32:36 +1100 (EST) From: Bruce Evans <brde@optusnet.com.au> To: "Pedro F. Giffuni" <pfg@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r295359 - head/sys/fs/fdescfs Message-ID: <20160207182245.J867@besplex.bde.org> In-Reply-To: <201602070109.u1719dcr053281@repo.freebsd.org> References: <201602070109.u1719dcr053281@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 7 Feb 2016, Pedro F. Giffuni wrote:
> Log:
> fdesc_setattr: unitialized pointer read
>
> CID: 1018688
Bug in Coverity.
> Modified: head/sys/fs/fdescfs/fdesc_vnops.c
> ==============================================================================
> --- head/sys/fs/fdescfs/fdesc_vnops.c Sun Feb 7 01:04:47 2016 (r295358)
> +++ head/sys/fs/fdescfs/fdesc_vnops.c Sun Feb 7 01:09:38 2016 (r295359)
> @@ -465,7 +465,7 @@ fdesc_setattr(ap)
> {
> struct vattr *vap = ap->a_vap;
> struct vnode *vp;
> - struct mount *mp;
> + struct mount *mp = NULL;
> struct file *fp;
> struct thread *td = curthread;
> cap_rights_t rights;
2 style bugs in the caller to hide the Coverity bug:
- initialization in declaration
- unused initialization
The initialization is done by calling vn_start_write(... &mp, flags).
mp is only an output parameter unless (flags & V_MNTREF), and fdesc
doesn't put V_MNTREF in flags.
This is a common way of returning extra values so it shouldn't cause
warning is the source code doesn't have bogus initializations in the
caller. Compilers that look at only 1 source file at a time can't see
the full API so they have to assume that such parameters are output-only
if they are uninitialized in callers. Checkers need to understand the
API if they want to do more.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160207182245.J867>