Thanks Dan. I just noticed your mail after getting back from vacation.
Greg- what is the best remedy for this? As Dan mentions, line 3622
should be "e->cmd" instead of "cmd". This problem can't really cause
any damage, but results in bogus "cmd" in trace output and can cause
some stats to be incremented incorrectly. Should I resubmit that
patch? Submit a new bugfix patch?
-Todd
On Wed, Jul 19, 2017 at 12:00 PM, Dan Carpenter
<dan.carpenter@xxxxxxxxxx> wrote:
> Hello Todd Kjos,
>
> The patch 26549d177410: "binder: guarantee txn complete / errors
> delivered in-order" from Jun 29, 2017, leads to the following static
> checker warning:
>
> drivers/android/binder.c:3622 binder_thread_read()
> error: uninitialized symbol 'cmd'.
>
> drivers/android/binder.c
> 3611 case BINDER_WORK_RETURN_ERROR: {
> 3612 struct binder_error *e = container_of(
> 3613 w, struct binder_error, work);
> 3614
> 3615 WARN_ON(e->cmd == BR_OK);
> 3616 binder_inner_proc_unlock(proc);
> 3617 if (put_user(e->cmd, (uint32_t __user *)ptr))
> 3618 return -EFAULT;
> 3619 e->cmd = BR_OK;
> 3620 ptr += sizeof(uint32_t);
> 3621
> 3622 binder_stat_br(proc, thread, cmd);
> ^^^
>
> Uninitialized. Probably e->cmd was intended?
>
> 3623 } break;
> 3624 case BINDER_WORK_TRANSACTION_COMPLETE: {
> 3625 binder_inner_proc_unlock(proc);
> 3626 cmd = BR_TRANSACTION_COMPLETE;
> 3627 if (put_user(cmd, (uint32_t __user *)ptr))
> 3628 return -EFAULT;
>
> regards,
> dan carpenter
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
