From: Nate Case Date: Mon, 12 May 2008 20:14:14 +0000 (+1000) Subject: [POWERPC] Fix uninitialized variable bug in copy_{to|from}_user X-Git-Tag: firefly_0821_release~20278^2~3 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=9c8387afdc93f90bf0241411d44e011d8d5b76df;p=firefly-linux-kernel-4.4.55.git [POWERPC] Fix uninitialized variable bug in copy_{to|from}_user Calls to copy_to_user() or copy_from_user() can fail when copying N bytes, where N is a constant less than 8, but not 1, 2, 4, or 8, because 'ret' is not initialized and is only set if the size is 1, 2, 4 or 8, but is tested after the switch statement for any constant size <= 8. This fixes it by initializing 'ret' to 1, causing the code to fall through to the __copy_tofrom_user call for sizes other than 1, 2, 4 or 8. Signed-off-by: Dave Scidmore Signed-off-by: Nate Case Signed-off-by: Paul Mackerras --- diff --git a/include/asm-powerpc/uaccess.h b/include/asm-powerpc/uaccess.h index 8e798e3758bc..1a0736f8803f 100644 --- a/include/asm-powerpc/uaccess.h +++ b/include/asm-powerpc/uaccess.h @@ -380,7 +380,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { if (__builtin_constant_p(n) && (n <= 8)) { - unsigned long ret; + unsigned long ret = 1; switch (n) { case 1: @@ -406,7 +406,7 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { if (__builtin_constant_p(n) && (n <= 8)) { - unsigned long ret; + unsigned long ret = 1; switch (n) { case 1: