From 045788ea680a4e204aa832ba3985ee1f6a87abc4 Mon Sep 17 00:00:00 2001 From: Christian Engelmayer Date: Wed, 7 May 2014 21:44:53 +0200 Subject: [PATCH] staging: binder: fix usage of uninit scalar in binder_transaction() Fix the error path when a cookie mismatch is detected. In that case the function jumps to the exit label without setting the uninitialized, local variable 'return_error'. Detected by Coverity - CID 201453. Change-Id: I6c960b7d3ad0adb28fad106a9a0b8cb934013987 Signed-off-by: Christian Engelmayer Acked-by: Arve Signed-off-by: Greg Kroah-Hartman --- drivers/staging/android/binder.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c index c78411a22562..e8dd7ddcba41 100644 --- a/drivers/staging/android/binder.c +++ b/drivers/staging/android/binder.c @@ -1547,6 +1547,7 @@ static void binder_transaction(struct binder_proc *proc, proc->pid, thread->pid, (u64)fp->binder, node->debug_id, (u64)fp->cookie, (u64)node->cookie); + return_error = BR_FAILED_REPLY; goto err_binder_get_ref_for_node_failed; } ref = binder_get_ref_for_node(target_proc, node); -- 2.34.1