Smatch (and presumably other static checkers) complain that MAX_TID_COUNT is
past the end of the array. In the resulting discussion, Zhu Yi pointed out
that this value is not used in real life and the assignment was only there to
silence a gcc warning.
If there were a bug in the surrounding code and the value were used, the
WARN_ON(!qc) would print a warning before the crash.
Signed-off-by: Dan Carpenter <[email protected]>
--- orig/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-01-03 11:02:42.000000000 +0300
+++ devel/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-01-06 00:27:00.000000000 +0300
@@ -1961,7 +1961,7 @@ static void iwl4965_rx_reply_tx(struct i
struct ieee80211_tx_info *info;
struct iwl4965_tx_resp *tx_resp = (void *)&pkt->u.raw[0];
u32 status = le32_to_cpu(tx_resp->u.status);
- int tid = MAX_TID_COUNT;
+ int uninitialized_var(tid);
int sta_id;
int freed;
u8 *qc = NULL;
On Sat, 2010-01-09 at 16:41 +0800, Dan Carpenter wrote:
> Smatch (and presumably other static checkers) complain that MAX_TID_COUNT is
> past the end of the array. In the resulting discussion, Zhu Yi pointed out
> that this value is not used in real life and the assignment was only there to
> silence a gcc warning.
>
> If there were a bug in the surrounding code and the value were used, the
> WARN_ON(!qc) would print a warning before the crash.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Zhu Yi <[email protected]>
Thanks,
-yi
> --- orig/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-01-03 11:02:42.000000000 +0300
> +++ devel/drivers/net/wireless/iwlwifi/iwl-4965.c 2010-01-06 00:27:00.000000000 +0300
> @@ -1961,7 +1961,7 @@ static void iwl4965_rx_reply_tx(struct i
> struct ieee80211_tx_info *info;
> struct iwl4965_tx_resp *tx_resp = (void *)&pkt->u.raw[0];
> u32 status = le32_to_cpu(tx_resp->u.status);
> - int tid = MAX_TID_COUNT;
> + int uninitialized_var(tid);
> int sta_id;
> int freed;
> u8 *qc = NULL;