staging: binder: fix usage of uninit scalar in binder_transaction()
authorChristian Engelmayer <cengelma@gmx.at>
Wed, 7 May 2014 19:44:53 +0000 (21:44 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 23 May 2014 11:51:32 +0000 (20:51 +0900)
Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Arve <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
drivers/staging/android/binder.c

index c78411a22562dc0696307bc7d7d663c141e03277..e8dd7ddcba419ccd4d4fc7f9a05afaf8f429248a 100644 (file)
@@ -1547,6 +1547,7 @@ static void binder_transaction(struct binder_proc *proc,
                                        proc->pid, thread->pid,
                                        (u64)fp->binder, node->debug_id,
                                        (u64)fp->cookie, (u64)node->cookie);
+                               return_error = BR_FAILED_REPLY;
                                goto err_binder_get_ref_for_node_failed;
                        }
                        ref = binder_get_ref_for_node(target_proc, node);