From: Petr Machata <petrm@mellanox.com>
To: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: Himanshu Jha <himanshujha199640@gmail.com>,
franky.lin@broadcom.com, hante.meuleman@broadcom.com,
chi-hsien.lin@cypress.com, wright.feng@cypress.com,
kvalo@codeaurora.org, johannes.berg@intel.com,
linux-wireless@vger.kernel.org,
brcm80211-dev-list.pdl@broadcom.com,
brcm80211-dev-list@cypress.com, netdev@vger.kernel.org
Subject: Re: Passing uninitialised local variable
Date: Mon, 09 Apr 2018 15:23:07 +0300 [thread overview]
Message-ID: <wiho9is602c.fsf@dev-r-vrt-156.mtr.labs.mlnx> (raw)
In-Reply-To: <5ABD5735.1050608@broadcom.com> (Arend van Spriel's message of "Thu, 29 Mar 2018 23:14:29 +0200")
Arend van Spriel <arend.vanspriel@broadcom.com> writes:
> On 3/28/2018 1:20 PM, Himanshu Jha wrote:
>> I recently found that a local variable in passed uninitialised to the
>> function at
>>
>> drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2950
>>
>> u32 var;
>> err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
>>
>> s32
>> brcmf_fil_iovar_int_get(struct brcmf_if *ifp, char *name, u32 *data)
>> {
>> __le32 data_le = cpu_to_le32(*data);
>> }
>>
>> We can cleary see that 'var' in used uninitialised in the very first line
>> which is an undefined behavior.
>
> Why undefined? We copy some stack data and we do transfer that to the device. However in this case
> the device does nothing with it and it is simply overwritten by the response.
"Undefined behavior" is a technical term for when there are no
guarantees as to what the result of executing a given code will be. None
at all--it might for example abort, and that would be perfectly valid as
well. (To be clear, this is not about the device, but about the CPU that
this code runs on.)
Uninitialized reads are one example of a code construct that invokes
undefined behavior.
Thanks,
Petr
prev parent reply other threads:[~2018-04-09 12:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-28 11:20 Passing uninitialised local variable Himanshu Jha
2018-03-29 21:14 ` Arend van Spriel
2018-04-09 12:23 ` Petr Machata [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=wiho9is602c.fsf@dev-r-vrt-156.mtr.labs.mlnx \
--to=petrm@mellanox.com \
--cc=arend.vanspriel@broadcom.com \
--cc=brcm80211-dev-list.pdl@broadcom.com \
--cc=brcm80211-dev-list@cypress.com \
--cc=chi-hsien.lin@cypress.com \
--cc=franky.lin@broadcom.com \
--cc=hante.meuleman@broadcom.com \
--cc=himanshujha199640@gmail.com \
--cc=johannes.berg@intel.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=wright.feng@cypress.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox