{"id":810237,"url":"http://patchwork.ozlabs.org/api/1.2/patches/810237/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/20170905181550.23839-1-colin.king@canonical.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170905181550.23839-1-colin.king@canonical.com>","list_archive_url":null,"date":"2017-09-05T18:15:50","name":"[1/2] b43: fix unitialized reads of ret by initializing the array to zero","commit_ref":null,"pull_url":null,"state":"awaiting-upstream","archived":true,"hash":"4901910ee136595c99052fe318fe757b2e7a32ef","submitter":{"id":2900,"url":"http://patchwork.ozlabs.org/api/1.2/people/2900/?format=json","name":"Colin Ian King","email":"colin.king@canonical.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/20170905181550.23839-1-colin.king@canonical.com/mbox/","series":[{"id":1623,"url":"http://patchwork.ozlabs.org/api/1.2/series/1623/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=1623","date":"2017-09-05T18:15:50","name":"[1/2] b43: fix unitialized reads of ret by initializing the array to zero","version":1,"mbox":"http://patchwork.ozlabs.org/series/1623/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/810237/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/810237/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmvzW0DxSz9t16\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed,  6 Sep 2017 04:16:06 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752459AbdIESPz (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 5 Sep 2017 14:15:55 -0400","from youngberry.canonical.com ([91.189.89.112]:53018 \"EHLO\n\tyoungberry.canonical.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1752230AbdIESPx (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Tue, 5 Sep 2017 14:15:53 -0400","from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)\n\tby youngberry.canonical.com with esmtpsa\n\t(TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76)\n\t(envelope-from <colin.king@canonical.com>)\n\tid 1dpIO7-00076C-2R; Tue, 05 Sep 2017 18:15:51 +0000"],"From":"Colin King <colin.king@canonical.com>","To":"Kalle Valo <kvalo@codeaurora.org>, linux-wireless@vger.kernel.org,\n\tb43-dev@lists.infradead.org, netdev@vger.kernel.org","Cc":"kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org","Subject":"[PATCH 1/2] b43: fix unitialized reads of ret by initializing the\n\tarray to zero","Date":"Tue,  5 Sep 2017 19:15:50 +0100","Message-Id":"<20170905181550.23839-1-colin.king@canonical.com>","X-Mailer":"git-send-email 2.14.1","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"utf-8\"","Content-Transfer-Encoding":"8bit","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"From: Colin Ian King <colin.king@canonical.com>\n\nThe u8 char array ret is not being initialized and elements outside\nthe range start to end contain just garbage values from the stack.\nThis results in a later scan of the array to read potentially\nuninitialized values.  Fix this by initializing the array to zero.\nThis seems to have been an issue since the very first commit.\n\nDetected by CoverityScan CID#139652 (\"Uninitialized scalar variable\")\n\nSigned-off-by: Colin Ian King <colin.king@canonical.com>\n---\n drivers/net/wireless/broadcom/b43/phy_g.c | 2 +-\n 1 file changed, 1 insertion(+), 1 deletion(-)","diff":"diff --git a/drivers/net/wireless/broadcom/b43/phy_g.c b/drivers/net/wireless/broadcom/b43/phy_g.c\nindex 822dcaa8ace6..f59c02166462 100644\n--- a/drivers/net/wireless/broadcom/b43/phy_g.c\n+++ b/drivers/net/wireless/broadcom/b43/phy_g.c\n@@ -2297,7 +2297,7 @@ static u8 b43_gphy_aci_detect(struct b43_wldev *dev, u8 channel)\n static u8 b43_gphy_aci_scan(struct b43_wldev *dev)\n {\n \tstruct b43_phy *phy = &dev->phy;\n-\tu8 ret[13];\n+\tu8 ret[13] = { 0 };\n \tunsigned int channel = phy->channel;\n \tunsigned int i, j, start, end;\n \n","prefixes":["1/2"]}