On Tue, Oct 04, 2022 at 11:23:06AM -0300, Enzo Matsumiya wrote: > Hi Usama, > > On 10/04, Muhammad Usama Anjum wrote: > > Don't initialize the rc as its value is being overwritten before its > > use. > > Being bitten by an unitialized variable bug as recent as 2 days ago, I'd > say this is a step backwards from the "best practices" POV. Zero is a random bogus value. How likely is it that zero is the correct value or a negative error code is correct? There are probably a four to one ratio of error paths to success paths in the kernel (100% made up statistic). But mostly success paths end in "return 0;". So when you see a "return rc;" there is probably less than one in ten chance that rc is potentially zero. So there is an over 90% chance that zero is the wrong initializer to use. Meanwhile what initializing things to bogus values does is it disables static analysis checking for uninitialized value bugs. So it hides bugs until the user hits them. Disabling static analysis can make sense for a very complicated function but it's not best practice in general. On the other hand uninitialized memory is a source of security bugs. There are two ways to prevent this: 1) Use static analysis. Currently the GCC uninitialized variable warning is disabled because it is kind of rubbish but there are other static analysis tools out there. 2) Use the GCC extension to automatically initialize stack data to zero. regards, dan carpenter
