Re: [PATCH 1/7] libxc: fix uninitialized variable in xc_cpuid_pv_policy()

[Ian Campbell <ian.campbell@citrix.com>]

On Fri, 2015-07-03 at 16:15 +0100, Ian Jackson wrote:
> Jennifer Herbert writes ("[Xen-devel] [PATCH 1/7] libxc: fix uninitialized variable in xc_cpuid_pv_policy()"):
> > If xc_domain_get_guest_width were to fail, guest_width is not set, and
> > hence guest_64bit becomes undefined.
> > Fix is to initialise to 0, and report error if call fails.
> ...
> > diff --git a/tools/libxc/xc_cpuid_x86.c b/tools/libxc/xc_cpuid_x86.c
> > index c97f91a..847b701 100644
> > --- a/tools/libxc/xc_cpuid_x86.c
> > +++ b/tools/libxc/xc_cpuid_x86.c
> > @@ -437,14 +437,16 @@ static void xc_cpuid_pv_policy(
> >  {
> >      DECLARE_DOMCTL;
> >      unsigned int guest_width;
> > -    int guest_64bit;
> > +    int guest_64bit = 0;
> 
> I'm not a huge fan of this style, which some people might describe as
> `defensive initialisations'.  They turn failures to initialise a
> variable (which can be detected by tools like Coverity and some
> compilers), into uses of the wrong value.
> 
> > -    xc_domain_get_guest_width(xch, domid, &guest_width);
> > -    guest_64bit = (guest_width == 8);
> > +    if (xc_domain_get_guest_width(xch, domid, &guest_width) == 0)
> > +        guest_64bit = (guest_width == 8);
> > +    else
> > +        ERROR("Could not read guest word width.");
> 
> Surely after failure of xc_domain_get_guest_width we should not
> blunder on, making unwarranted assumptions about the guest bit width.
> 
> Unfortunately xc_cpuid_pv_policy doesn't return an error code.  I
> think it needs to.  So that's rather a yak.

I was about to say it's not one worth shaving, but actually although
this returns void it is static and has exactly one caller which can
return errors -- so it's a very easy yakk to shave it seems.

Ian.