qtnfmac: fix error handling in control path

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch fixes the following warnings:

- smatch
drivers/net/wireless/quantenna/qtnfmac/commands.c:132 qtnf_cmd_send_with_reply() warn: variable dereferenced before check 'resp' (see line 117)
drivers/net/wireless/quantenna/qtnfmac/commands.c:716 qtnf_cmd_get_sta_info() error: uninitialized symbol 'var_resp_len'.
drivers/net/wireless/quantenna/qtnfmac/commands.c:1668 qtnf_cmd_get_mac_info() error: uninitialized symbol 'var_data_len'.
drivers/net/wireless/quantenna/qtnfmac/commands.c:1697 qtnf_cmd_get_hw_info() error: uninitialized symbol 'info_len'.
drivers/net/wireless/quantenna/qtnfmac/commands.c:1753 qtnf_cmd_band_info_get() error: uninitialized symbol 'info_len'.
drivers/net/wireless/quantenna/qtnfmac/commands.c:1782 qtnf_cmd_send_get_phy_params() error: uninitialized symbol 'response_size'.
drivers/net/wireless/quantenna/qtnfmac/commands.c:2438 qtnf_cmd_get_chan_stats() error: uninitialized symbol 'var_data_len'.

- gcc-8.2.1
drivers/net/wireless/quantenna/qtnfmac/commands.c: In function 'qtnf_cmd_send_with_reply':
drivers/net/wireless/quantenna/qtnfmac/commands.c:133:54: error: 'resp' may be used uninitialized in this function [-Werror=maybe-uninitialized]

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>

authored by

Sergey Matyukevich and committed by

Kalle Valo 7 years ago 1066bd19 e966a79c

+13 -8

1 changed file

expand all

drivers

net

wireless

quantenna

qtnfmac

commands.c

+13 -8

drivers/net/wireless/quantenna/qtnfmac/commands.c

··· 84 84 size_t *var_resp_size) 85 85 { 86 86 struct qlink_cmd *cmd; 87 - const struct qlink_resp *resp; 87 + struct qlink_resp *resp = NULL; 88 88 struct sk_buff *resp_skb = NULL; 89 89 u16 cmd_id; 90 90 u8 mac_id; ··· 113 113 if (ret) 114 114 goto out; 115 115 116 - resp = (const struct qlink_resp *)resp_skb->data; 116 + if (WARN_ON(!resp_skb || !resp_skb->data)) { 117 + ret = -EFAULT; 118 + goto out; 119 + } 120 + 121 + resp = (struct qlink_resp *)resp_skb->data; 117 122 ret = qtnf_cmd_check_reply_header(resp, cmd_id, mac_id, vif_id, 118 123 const_resp_size); 119 124 if (ret) ··· 691 686 struct sk_buff *cmd_skb, *resp_skb = NULL; 692 687 struct qlink_cmd_get_sta_info *cmd; 693 688 const struct qlink_resp_get_sta_info *resp; 694 - size_t var_resp_len; 689 + size_t var_resp_len = 0; 695 690 int ret = 0; 696 691 697 692 cmd_skb = qtnf_cmd_alloc_new_cmdskb(vif->mac->macid, vif->vifid, ··· 1655 1650 { 1656 1651 struct sk_buff *cmd_skb, *resp_skb = NULL; 1657 1652 const struct qlink_resp_get_mac_info *resp; 1658 - size_t var_data_len; 1653 + size_t var_data_len = 0; 1659 1654 int ret = 0; 1660 1655 1661 1656 cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, QLINK_VIFID_RSVD, ··· 1685 1680 { 1686 1681 struct sk_buff *cmd_skb, *resp_skb = NULL; 1687 1682 const struct qlink_resp_get_hw_info *resp; 1683 + size_t info_len = 0; 1688 1684 int ret = 0; 1689 - size_t info_len; 1690 1685 1691 1686 cmd_skb = qtnf_cmd_alloc_new_cmdskb(QLINK_MACID_RSVD, QLINK_VIFID_RSVD, 1692 1687 QLINK_CMD_GET_HW_INFO, ··· 1714 1709 struct ieee80211_supported_band *band) 1715 1710 { 1716 1711 struct sk_buff *cmd_skb, *resp_skb = NULL; 1717 - size_t info_len; 1718 1712 struct qlink_cmd_band_info_get *cmd; 1719 1713 struct qlink_resp_band_info_get *resp; 1714 + size_t info_len = 0; 1720 1715 int ret = 0; 1721 1716 u8 qband; 1722 1717 ··· 1769 1764 int qtnf_cmd_send_get_phy_params(struct qtnf_wmac *mac) 1770 1765 { 1771 1766 struct sk_buff *cmd_skb, *resp_skb = NULL; 1772 - size_t response_size; 1773 1767 struct qlink_resp_phy_params *resp; 1768 + size_t response_size = 0; 1774 1769 int ret = 0; 1775 1770 1776 1771 cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, 0, ··· 2436 2431 struct sk_buff *cmd_skb, *resp_skb = NULL; 2437 2432 struct qlink_cmd_get_chan_stats *cmd; 2438 2433 struct qlink_resp_get_chan_stats *resp; 2439 - size_t var_data_len; 2434 + size_t var_data_len = 0; 2440 2435 int ret = 0; 2441 2436 2442 2437 cmd_skb = qtnf_cmd_alloc_new_cmdskb(mac->macid, QLINK_VIFID_RSVD,