Commit 7cafe2eb authored by Arnd Bergmann's avatar Arnd Bergmann Committed by Thadeu Lima de Souza Cascardo

hostap: avoid uninitialized variable use in hfa384x_get_rid

BugLink: http://bugs.launchpad.net/bugs/1688483

commit 48dc5fb3 upstream.

The driver reads a value from hfa384x_from_bap(), which may fail,
and then assigns the value to a local variable. gcc detects that
in in the failure case, the 'rlen' variable now contains
uninitialized data:

In file included from ../drivers/net/wireless/intersil/hostap/hostap_pci.c:220:0:
drivers/net/wireless/intersil/hostap/hostap_hw.c: In function 'hfa384x_get_rid':
drivers/net/wireless/intersil/hostap/hostap_hw.c:842:5: warning: 'rec' may be used uninitialized in this function [-Wmaybe-uninitialized]
  if (le16_to_cpu(rec.len) == 0) {

This restructures the function as suggested by Russell King, to
make it more readable and get more reliable error handling, by
handling each failure mode using a goto.
Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
Signed-off-by: default avatarThadeu Lima de Souza Cascardo <cascardo@canonical.com>
parent e0fe9642
...@@ -836,25 +836,30 @@ static int hfa384x_get_rid(struct net_device *dev, u16 rid, void *buf, int len, ...@@ -836,25 +836,30 @@ static int hfa384x_get_rid(struct net_device *dev, u16 rid, void *buf, int len,
spin_lock_bh(&local->baplock); spin_lock_bh(&local->baplock);
res = hfa384x_setup_bap(dev, BAP0, rid, 0); res = hfa384x_setup_bap(dev, BAP0, rid, 0);
if (!res) if (res)
res = hfa384x_from_bap(dev, BAP0, &rec, sizeof(rec)); goto unlock;
res = hfa384x_from_bap(dev, BAP0, &rec, sizeof(rec));
if (res)
goto unlock;
if (le16_to_cpu(rec.len) == 0) { if (le16_to_cpu(rec.len) == 0) {
/* RID not available */ /* RID not available */
res = -ENODATA; res = -ENODATA;
goto unlock;
} }
rlen = (le16_to_cpu(rec.len) - 1) * 2; rlen = (le16_to_cpu(rec.len) - 1) * 2;
if (!res && exact_len && rlen != len) { if (exact_len && rlen != len) {
printk(KERN_DEBUG "%s: hfa384x_get_rid - RID len mismatch: " printk(KERN_DEBUG "%s: hfa384x_get_rid - RID len mismatch: "
"rid=0x%04x, len=%d (expected %d)\n", "rid=0x%04x, len=%d (expected %d)\n",
dev->name, rid, rlen, len); dev->name, rid, rlen, len);
res = -ENODATA; res = -ENODATA;
} }
if (!res) res = hfa384x_from_bap(dev, BAP0, buf, len);
res = hfa384x_from_bap(dev, BAP0, buf, len);
unlock:
spin_unlock_bh(&local->baplock); spin_unlock_bh(&local->baplock);
mutex_unlock(&local->rid_bap_mtx); mutex_unlock(&local->rid_bap_mtx);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment