From 0ac0cffb0eba819832aa62f6683ec9ad8d47d8bd Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Mon, 11 Jan 2021 16:48:50 +0100 Subject: [PATCH] platform/surface: aggregator_cdev: Fix access of uninitialized variables When copy_struct_from_user() in ssam_cdev_request() fails, we directly jump to the 'out' label. In this case, however 'spec' and 'rsp' are not initialized, but we still access fields of those variables. Fix this by initializing them at the time of their declaration. Reported-by: Colin Ian King Fixes: 3f35ea58e598 ("platform/surface: Add Surface Aggregator user-space interface") Addresses-Coverity: ("Uninitialized pointer read") Signed-off-by: Maximilian Luz Link: https://lore.kernel.org/r/20210111154851.325404-2-luzmaximilian@gmail.com Signed-off-by: Hans de Goede --- drivers/platform/surface/surface_aggregator_cdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/platform/surface/surface_aggregator_cdev.c b/drivers/platform/surface/surface_aggregator_cdev.c index 340d15b148b98..979340cdd9deb 100644 --- a/drivers/platform/surface/surface_aggregator_cdev.c +++ b/drivers/platform/surface/surface_aggregator_cdev.c @@ -66,8 +66,8 @@ static long ssam_cdev_request(struct ssam_cdev *cdev, unsigned long arg) { struct ssam_cdev_request __user *r; struct ssam_cdev_request rqst; - struct ssam_request spec; - struct ssam_response rsp; + struct ssam_request spec = {}; + struct ssam_response rsp = {}; const void __user *plddata; void __user *rspdata; int status = 0, ret = 0, tmp; -- 2.39.5