Simon Horman <simon.horman@xxxxxxxxxxxx> wrote: > I'm assuming the answer is that this cannot occur, > but I thought I should mention this anyway. > > If the initial value of len is 0 (or less). > ... > > + return spliced ?: ret; > > Then ret will be used uninitialised here. len shouldn't be <0 as it's size_t. I don't think it should be possible to get there with len==0 - at least from userspace. sys_splice() returns immediately and sys_sendfile() either splices to a pipe or goes via splice_direct_to_actor() will just drop straight out. But there are kernel users - nfsd for example - but I don't know if they would splice directly to a socket. That said, it's probably worth preclearing ret just to be sure. David
