Dan Carpenter <dan.carpenter@xxxxxxxxxx> writes: > We recently shuffled this code around and introduced a new error path > before *resp_buf_type gets initialized. It creates uninitialized > variable bugs in the callers. > > fs/cifs/smb2pdu.c:579 SMB2_negotiate() > error: uninitialized symbol 'resp_buftype'. > > Fixes: 738f9de5cdb9 ("CIFS: Send RFC1001 length in a separate iov") > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > > diff --git a/fs/cifs/transport.c b/fs/cifs/transport.c > index 526f0533cb4e..8fa5e058fb15 100644 > --- a/fs/cifs/transport.c > +++ b/fs/cifs/transport.c > @@ -807,6 +807,8 @@ SendReceive2(const unsigned int xid, struct cifs_ses *ses, > struct kvec *new_iov; > int rc; > > + *resp_buf_type = CIFS_NO_BUFFER; /* no response buf yet */ > + > new_iov = kmalloc(sizeof(struct kvec) * (n_vec + 1), GFP_KERNEL); > if (!new_iov) > return -ENOMEM; > -- > To unsubscribe from this list: send the line "unsubscribe linux-cifs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > LGTM. To be a bit more explicit: resp_buf_type is an output parameter of the SendReceive2 function and in case the kmalloc failed the function could return to the caller with this parameter left uninitialized. Reviewed-by: Aurelien Aptel <aaptel@xxxxxxxx> -- Aurélien Aptel / SUSE Labs Samba Team GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3 SUSE Linux GmbH, Maxfeldstraße 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe from this list: send the line "unsubscribe linux-cifs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html