Re: Some potentially uninitialized values in pid_list_refill_irq()

[Steven Rostedt]

On Mon, 18 Oct 2021 18:14:53 +0200
Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> wrote:

> Dear Steven,
> 
> Commit 8d6e90983ade ("tracing: Create a sparse bitmask for pid
> filtering") in linux-next adds the new function pid_list_refill_irq().
> For this function, 'make clang-analyzer' reports potentially
> uninitialized values for lower and upper under certain branch
> conditions, see the full report below.
> 
> As far as I understand the analyzer's report and the code at hand:
> 
> if lower_count is zero (and upper_count is not), then lower_next is
> not assigned (because the while lower_count loop is not entered) and
> lower is pointing to an address with an uninitialized value and hence,
> the if (lower) conditional reads this uninitialized value.
> 
> Analogously for upper_count:
> 
> if upper_count is zero (and lower_count is not), then upper_count is
> not assigned (because the while upper_count loop is not entered) and
> upper is pointing to an address with an uninitialized value and hence,
> the if (upper) conditional reads this uninitialized value.
> 
> I think this can be resolved by initializing upper and lower to point
> to an address carrying a zero; but I really fight understanding the
> whole pointer magic, you did :)
> 
> Let me know if clang-analyzer found something buggy here or if the
> tool and I misunderstood the code; we are certainly interested.
> 

No, you are the third (or fourth) person to report this. I just haven't
gotten around to pushing my fixes to linux-next, as my test boxes have been
busy testing stuff for current 5.15-rc. And the fixes are still in the
queue to be tested.

I'll have that fixed in a couple of days at most.

Thanks,

-- Steve