On Wed, May 27, 2020 at 5:20 AM Yuxuan Shui <yshuiv7@xxxxxxxxx> wrote: > > > In ovl_copy_xattr, if all the xattrs to be copied are overlayfs private > xattrs, the copy loop will terminate without assigning anything to the > error variable, thus returning an uninitialized value. > > If ovl_copy_xattr is called from ovl_clear_empty, this uninitialized > error value is put into a pointer by ERR_PTR(), causing potential > invalid memory accesses down the line. > > This commit initialize error with 0. This is the correct value because > when there's no xattr to copy, because all xattrs are private, > ovl_copy_xattr should succeed. > > This bug is discovered with the help of INIT_STACK_ALL and clang. > > Signed-off-by: Yuxuan Shui <yshuiv7@xxxxxxxxx> Thanks, applied. Miklos
