ip_frag_reasm() can return uninitialized variable - Kernel

This is a discussion on ip_frag_reasm() can return uninitialized variable - Kernel ; Since commit 1706d58763c36133d7fce6cc78b1444fd40db28c ip_frag_reasm() can return the value of an uninitialized variable: .... static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev, struct net_device *dev) { struct iphdr *iph; struct sk_buff *fp, *head = qp->q.fragments; int len; int ihlen; int err; ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: ip_frag_reasm() can return uninitialized variable

  1. ip_frag_reasm() can return uninitialized variable

    Since commit 1706d58763c36133d7fce6cc78b1444fd40db28c ip_frag_reasm()
    can return the value of an uninitialized variable:

    <-- snip -->

    ....
    static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
    struct net_device *dev)
    {
    struct iphdr *iph;
    struct sk_buff *fp, *head = qp->q.fragments;
    int len;
    int ihlen;
    int err;

    ipq_kill(qp);

    /* Make the one we just received the head. */
    if (prev) {
    head = prev->next;
    fp = skb_clone(head, GFP_ATOMIC);

    if (!fp)
    goto out_nomem;
    ....
    out_nomem:
    LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
    "queue %p\n", qp);
    goto out_fail;
    ....
    out_fail:
    IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
    return err;
    }
    ....

    <-- snip -->

    Spotted by the Coverity checker.

    cu
    Adrian

    --

    "Is there not promise of rain?" Ling Tan asked suddenly out
    of the darkness. There had been need of rain for many days.
    "Only a promise," Lao Er said.
    Pearl S. Buck - Dragon Seed

    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  2. Re: ip_frag_reasm() can return uninitialized variable

    From: Adrian Bunk
    Date: Thu, 18 Oct 2007 12:52:03 +0200

    > Since commit 1706d58763c36133d7fce6cc78b1444fd40db28c ip_frag_reasm()
    > can return the value of an uninitialized variable:


    I have a fix for this in my net-2.6 tree, thanks Adrian.
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread