Return-path: Received: from bues.ch ([80.190.117.144]:48857 "EHLO bues.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753095AbdIEUut (ORCPT ); Tue, 5 Sep 2017 16:50:49 -0400 Date: Tue, 5 Sep 2017 22:18:28 +0200 From: Michael =?UTF-8?B?QsO8c2No?= To: Colin King Cc: Larry Finger , Kalle Valo , linux-wireless@vger.kernel.org, b43-dev@lists.infradead.org, netdev@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] b43legacy: fix unitialized reads of ret by initializing the array to zero Message-ID: <20170905221705.3a5c4ffa@wiggum> (sfid-20170905_225222_925786_DCA8A5DC) In-Reply-To: <20170905181658.23893-1-colin.king@canonical.com> References: <20170905181658.23893-1-colin.king@canonical.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/rTL4C4h=cV3+DjO11=n_ZB9"; protocol="application/pgp-signature" Sender: linux-wireless-owner@vger.kernel.org List-ID: --Sig_/rTL4C4h=cV3+DjO11=n_ZB9 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Tue, 5 Sep 2017 19:16:58 +0100 Colin King wrote: > From: Colin Ian King >=20 > The u8 char array ret is not being initialized and elements outside > the range start to end contain just garbage values from the stack. > This results in a later scan of the array to read potentially > uninitialized values. Fix this by initializing the array to zero. > This seems to have been an issue since the very first commit. >=20 > Detected by CoverityScan CID#139653 ("Uninitialized scalar variable") >=20 > Signed-off-by: Colin Ian King > --- > drivers/net/wireless/broadcom/b43legacy/radio.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/drivers/net/wireless/broadcom/b43legacy/radio.c b/drivers/ne= t/wireless/broadcom/b43legacy/radio.c > index 9501420340a9..eab1c9387846 100644 > --- a/drivers/net/wireless/broadcom/b43legacy/radio.c > +++ b/drivers/net/wireless/broadcom/b43legacy/radio.c > @@ -280,7 +280,7 @@ u8 b43legacy_radio_aci_detect(struct b43legacy_wldev = *dev, u8 channel) > u8 b43legacy_radio_aci_scan(struct b43legacy_wldev *dev) > { > struct b43legacy_phy *phy =3D &dev->phy; > - u8 ret[13]; > + u8 ret[13] =3D { 0 }; > unsigned int channel =3D phy->channel; > unsigned int i; > unsigned int j; This fix seems to be correct. Thanks for finding and fixing the issue. Reviewed-by: Michael Buesch --=20 Michael --Sig_/rTL4C4h=cV3+DjO11=n_ZB9 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEihRzkKVZOnT2ipsS9TK+HZCNiw4FAlmvBpUACgkQ9TK+HZCN iw7mcxAAuwPN4Hx9k9uBlKOS/Qdd4vDkyEBZ4NpLrTu8+8VcXgD/RWa0LACvQQEy zJN1IEeFD34yl8eX16+eRaeEzzDuDsmHUwZB8zyWu1KlUpXEGTf1Pkm1cwZTROL0 8IAyUdmXt+jO0O/xOcb+9+p9LXGSL99R1PTPof1SK2y9zUd9UnadMWJXS2cc3NpM 02v3J3r7fXVg7IDAt3YpZ7M5fH7Pri+2BiM2xkNinb7L1KIcBhSF2pEJJLtFk2Ww xO9wOwAwqCZkeT27C+jv8XQrwEZSL3/F+fzbBpKl8Bhj6LaptB3JRWio1n7fG9iM IUrXsgNJtLqPW3H5+e3O51zcyggMMw/Iyj5KdAayAkouvf7n880MC++9bbWnsZcz KBrhna9wrG5O5Qo1HiO1QgomtsWfsaZ45pH5AmK/MnVDlnVjI0f6w+FyYPwlSE5b mad3PyAfUD7ALG3+fxIgXe/GtuzZO/KTDB4G4zJPpZamdnl4s63Hei6K3YbtruTG SffWyZR2tsiEgJ8w/ABNCg1fOUIypEtuf6v6IW6kkjEqxyviuI6C1BtyRjhS7rfM gRs6SHzj9NsnXaYv7neTG6a9aPl6X149+YRmNLpj1pWSEoOofbLiKC0qvYQcugw6 SZjt7kTNNRiyO+O2rxDfOI6uKnIWISFPZoNpVKyf9vc1j5ehuRc= =L1fw -----END PGP SIGNATURE----- --Sig_/rTL4C4h=cV3+DjO11=n_ZB9--