On Mon, 2021-03-22 at 23:41 +0500, Muhammad Usama Anjum wrote:
> 1) Initialize the struct msghdr msg in the start of the function
> 2) Uninitialized variable msg.msg_flags can get used if branch happens to
> out_free before initialization.
>
> So initialize variable in question in the start of the function for
> simplicity in logic and use.
>
> Addresses-Coverity: ("Uninitialized variable")
> Addresses-Coverity: ("Uninitialized variable read")
> Signed-off-by: Muhammad Usama Anjum <musamaanjum@xxxxxxxxx>
> ---
> fs/io_uring.c | 10 ++--------
> 1 file changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/fs/io_uring.c b/fs/io_uring.c
> index bba74631954b..d5f83326abff 100644
> --- a/fs/io_uring.c
> +++ b/fs/io_uring.c
> @@ -4677,7 +4677,8 @@ static int io_recv(struct io_kiocb *req, unsigned int issue_flags)
> {
> struct io_buffer *kbuf;
> struct io_sr_msg *sr = &req->sr_msg;
> - struct msghdr msg;
> + struct msghdr msg = {.msg_name = NULL, .msg_control = NULL, .msg_controllen = 0,
> + .msg_namelen = 0, .msg_iocb = NULL, .msg_flags = 0};
> void __user *buf = sr->buf;
> struct socket *sock;
> struct iovec iov;
> @@ -4701,13 +4702,6 @@ static int io_recv(struct io_kiocb *req, unsigned int issue_flags)
> if (unlikely(ret))
> goto out_free;
>
> - msg.msg_name = NULL;
> - msg.msg_control = NULL;
> - msg.msg_controllen = 0;
> - msg.msg_namelen = 0;
> - msg.msg_iocb = NULL;
> - msg.msg_flags = 0;
> -
> flags = req->sr_msg.msg_flags | MSG_NOSIGNAL;
> if (flags & MSG_DONTWAIT)
> req->flags |= REQ_F_NOWAIT;
Reminder. Does anybody has any comments on it?
