From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([140.186.70.92]:45751)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1ROvzv-00012u-4g
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 13:38:47 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1ROvzt-0002VM-Kj
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 13:38:43 -0500
Received: from mx1.redhat.com ([209.132.183.28]:61918)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1ROvzt-0002V7-CR
	for qemu-devel@nongnu.org; Fri, 11 Nov 2011 13:38:41 -0500
From: Kevin Wolf <kwolf@redhat.com>
Date: Fri, 11 Nov 2011 18:39:25 +0100
Message-Id: <1321033168-8739-14-git-send-email-kwolf@redhat.com>
In-Reply-To: <1321033168-8739-1-git-send-email-kwolf@redhat.com>
References: <1321033168-8739-1-git-send-email-kwolf@redhat.com>
Subject: [Qemu-devel] [PATCH 13/16] hw/pc.c: Fix use-while-uninitialized of
	fd_type[]
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: anthony@codemonkey.ws
Cc: kwolf@redhat.com, qemu-devel@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

Fix a use-while-uninitialized of the fd_type[] array (introduced
in commit 34d4260e1, noticed by Coverity). This is more theoretical
than practical, since it's quite hard to get here with floppy==NULL
(the qdev_try_create() of the isa-fdc device has to fail).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
 hw/pc.c |    4 +---
 1 files changed, 1 insertions(+), 3 deletions(-)

diff --git a/hw/pc.c b/hw/pc.c
index 3015671..33778fe 100644
--- a/hw/pc.c
+++ b/hw/pc.c
@@ -335,7 +335,7 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size,
                   ISADevice *s)
 {
     int val, nb, nb_heads, max_track, last_sect, i;
-    FDriveType fd_type[2];
+    FDriveType fd_type[2] = { FDRIVE_DRV_NONE, FDRIVE_DRV_NONE };
     BlockDriverState *fd[MAX_FD];
     static pc_cmos_init_late_arg arg;
 
@@ -385,8 +385,6 @@ void pc_cmos_init(ram_addr_t ram_size, ram_addr_t above_4g_mem_size,
                 bdrv_get_floppy_geometry_hint(fd[i], &nb_heads, &max_track,
                                               &last_sect, FDRIVE_DRV_NONE,
                                               &fd_type[i]);
-            } else {
-                fd_type[i] = FDRIVE_DRV_NONE;
             }
         }
     }
-- 
1.7.6.4