From: Christian Engelmayer <cengelma@gmx.at>
Date: Wed, 7 May 2014 19:44:53 +0000 (+0200)
Subject: staging: binder: fix usage of uninit scalar in binder_transaction()
X-Git-Tag: firefly_0821_release~4090^2~117
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=045788ea680a4e204aa832ba3985ee1f6a87abc4;p=firefly-linux-kernel-4.4.55.git

staging: binder: fix usage of uninit scalar in binder_transaction()

Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.

Change-Id: I6c960b7d3ad0adb28fad106a9a0b8cb934013987
Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Arve <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index c78411a22562..e8dd7ddcba41 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -1547,6 +1547,7 @@ static void binder_transaction(struct binder_proc *proc,
 					proc->pid, thread->pid,
 					(u64)fp->binder, node->debug_id,
 					(u64)fp->cookie, (u64)node->cookie);
+				return_error = BR_FAILED_REPLY;
 				goto err_binder_get_ref_for_node_failed;
 			}
 			ref = binder_get_ref_for_node(target_proc, node);