From owner-freebsd-hackers@FreeBSD.ORG  Sun Mar  1 19:32:12 2015
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 6DA7F6EE
 for <freebsd-hackers@freebsd.org>; Sun,  1 Mar 2015 19:32:12 +0000 (UTC)
Received: from mail-lb0-x233.google.com (mail-lb0-x233.google.com
 [IPv6:2a00:1450:4010:c04::233])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id F1FF2A6D
 for <freebsd-hackers@freebsd.org>; Sun,  1 Mar 2015 19:32:11 +0000 (UTC)
Received: by lbvn10 with SMTP id n10so26124362lbv.6
 for <freebsd-hackers@freebsd.org>; Sun, 01 Mar 2015 11:32:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=googlemail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:cc:content-type;
 bh=SB9RrrRMHunlgEXXN1Bse5KkLosmn97aaxhRMPDylBc=;
 b=vHhdEGBcrTFsrfjLxqHqG1fIm8Ocv10bb+nIJglVz8c9S5z5CRSFspm0277h/bFNrF
 7ewddurWgohxt3k8UxSfLTxT+G3JnrPr2I74r98LDw3p3YHoS3S9ZA5e+z0PDXtIWpC/
 S0uoBefD1k+SN4JttNF9+7Xfg/j3VWIt2C/4nAn6CieHo/oSKvY7vP38YS8nb2+MQw8g
 SWeJRgw2O0KvBvUeoJ1LG6zB/hDlOF7EB779/+elSB0h1dGyZnH4bXL6C2O+KWYb7PS0
 F2v2oGdVLvAVuH4G4bKdyqLHig8IXWZZ5PxK4Ewhx2XGRSiVXNQ11PBOBC1FyUnD1JQd
 D7Vw==
MIME-Version: 1.0
X-Received: by 10.112.198.66 with SMTP id ja2mr21020557lbc.39.1425238329881;
 Sun, 01 Mar 2015 11:32:09 -0800 (PST)
Sender: aled.w.morris@googlemail.com
Received: by 10.25.44.132 with HTTP; Sun, 1 Mar 2015 11:32:09 -0800 (PST)
In-Reply-To: <54F1D602.6050108@M00nBSD.net>
References: <54F1D602.6050108@M00nBSD.net>
Date: Sun, 1 Mar 2015 19:32:09 +0000
X-Google-Sender-Auth: eASMjQ4ySpLo8JvgTZnFNnBxGHU
Message-ID: <CAO1bj=abgfVLteigJOZwNMNTzGWVoirfbjXHz5vUDrvFXPy-ZA@mail.gmail.com>
Subject: Re: Brainy: Set of 17 potential bugs
From: Aled Morris <aledm@qix.co.uk>
To: Maxime Villard <max@m00nbsd.net>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
Cc: freebsd-hackers@freebsd.org
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Mar 2015 19:32:12 -0000

On 28 February 2015 at 14:51, Maxime Villard <max@m00nbsd.net> wrote:

> Hi,
> I have been developing a C code scanner for a while, particularly good at
> finding kernel bugs. I've scanned the FreeBSD tree partially, and among
> the numerous results, I've put here a list of 17 bugs affecting the
> FreeBSD-10 Stable kernel:
>
>         http://m00nbsd.net/59a47a86959c23b3f7c8bc495598dfde.html
>
> Found by The Brainy Code Scanner. More information: max at m00nbsd dot net
>
>
Regarding:

# 04 SYS/NFS/
0x01 UNINITIALIZED VAR: krpc_subr.c rev256281
     Uninitialized var 'so' at l.430.


Is this in subroutine "krpc_call"?  "so" is initialised by virtue of a
call-by-reference to "socreate" around the beginning of that function.

        if ((error = socreate(AF_INET, &so, SOCK_DGRAM, 0, td->td_ucred,
td)))
                goto out;

Or did I misunderstand?

Aled