On Wed, 2021-03-31 at 11:48 +0300, Dan Carpenter wrote:
> On Mon, Mar 22, 2021 at 11:41:58PM +0500, Muhammad Usama Anjum wrote:
> > 1) Initialize the struct msghdr msg in the start of the function
> > 2) Uninitialized variable msg.msg_flags can get used if branch happens to
> > out_free before initialization.
> >
> > So initialize variable in question in the start of the function for
> > simplicity in logic and use.
> >
> > Addresses-Coverity: ("Uninitialized variable")
> > Addresses-Coverity: ("Uninitialized variable read")
>
> This bug is a false positive.
>
> When msg.msg_flags is uninitialized then ret is negative and min_ret is
> zero.
>
> fs/io_uring.c
> 4666 ret = -EINTR;
> 4667 out_free:
> 4668 if (req->flags & REQ_F_BUFFER_SELECTED)
> 4669 cflags = io_put_recv_kbuf(req);
> 4670 if (ret < min_ret || ((flags & MSG_WAITALL) && (msg.msg_flags & (MSG_TRUNC | MSG_CTRUNC))))
> ^^^^^^^^^^^^^ ^^^^^^^^^^^^^
> The first part of the condition is true so the second part is not used.
>
> 4671 req_set_fail_links(req);
> 4672 __io_req_complete(req, issue_flags, ret, cflags);
> 4673 return 0;
> 4674 }
>
Understood. Thank you so much!
Thanks,
Usama
> regards,
> dan carpenter
>
