From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nUxXh-0003q9-T3 for mharc-grub-devel@gnu.org; Thu, 17 Mar 2022 17:20:22 -0400 Received: from eggs.gnu.org ([209.51.188.92]:39770) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUxXg-0003oP-I8 for grub-devel@gnu.org; Thu, 17 Mar 2022 17:20:20 -0400 Received: from mx0b-00069f02.pphosted.com ([205.220.177.32]:36678) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nUxXe-0007wm-26 for grub-devel@gnu.org; Thu, 17 Mar 2022 17:20:20 -0400 Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 22HK3xf5003304; Thu, 17 Mar 2022 21:20:11 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=date : from : to : cc : subject : message-id : references : content-type : in-reply-to : mime-version; s=corp-2021-07-09; bh=uJVvSrqANr2LUdOmcNTFFVTX8He1aPuRjd1YqVvFWNE=; b=cWay6Opb9UXjeghKL773AzAeec/FC+i08LrIkSUS3QKa6IXP7778WCX9BVCT4RfDiSIS qD9RQT3wvjGQYgqmODiqSqINCpR9nqKpQKHk4ordkYq3GALf12DHXnRnviAWPoh0xqsv NMr3iNP8qCYqcX229ixzbK8n7kyG9hMtfHRTKdwKDY6st0hXW3O2cGq0XVsD/9ZmAnRs eo+jqabKt9iZAKB+KI8CIl2ARAviyXIDjeORUhFDZxgic0/AUp26xmN40adc8sXPJgzg K2ZZVXKhRjkOHBai3pwjrTNzFq7qjxRQyhLSu4Xy7lBfGOWcSMoINjtKw4LIGP3gRtkF GQ== Received: from userp3030.oracle.com (userp3030.oracle.com [156.151.31.80] (may be forged)) by mx0b-00069f02.pphosted.com with ESMTP id 3et60rtj74-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 17 Mar 2022 21:20:11 +0000 Received: from pps.filterd (userp3030.oracle.com [127.0.0.1]) by userp3030.oracle.com (8.16.1.2/8.16.1.2) with SMTP id 22HLHF1e017057; Thu, 17 Mar 2022 21:20:10 GMT Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2040.outbound.protection.outlook.com [104.47.66.40]) by userp3030.oracle.com with ESMTP id 3et65q4334-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 17 Mar 2022 21:20:10 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=W+3a4gR7G2ldmnlgxt+2KMgUsuWboH9OZSVvdiCfzKxfwKJMo/8PukPlVdVfn5O8k25lRHN/gksCKe/ujVxmJzYaUZusQpSrWKWpjiGG2UCXB5pb8puK9haLAQETviMCN+5nUtBLSAP27m9ziK6HpRdFky36wEuYKkg3J7BKCRe/1kGuxjgG/n6wcwXRMEFn/k8NinJkETSuIHq/IhRP30uAH7KjaAYtQX08Ds7gu7ePA5JgX8s4dxb6SBPetnl9Uu+wUh87k+vX4Y9FiDmcoZKu3ct3H3SBfQ5XPgiB+Lw9nPF5qIvHY1RfzWeKRpe9iyhMyEmJKTgVuPOYhXAe5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uJVvSrqANr2LUdOmcNTFFVTX8He1aPuRjd1YqVvFWNE=; b=g/v+QMf0/nFeO3SE+J1aAjRU1nRp3t2stZaS+MyLv9vnzborD4gY+LDUWwmGMKyEDAYJdV3ZtouoBD9umguBt1d9slLRaax9c+ZKtohd3P+LoDviyMGKuWDKzItb1y/iZpAecl0RDoxL/Q+ENyP+2LnRwclnqHMfTHi4MpyCQs++yHvV9MXVnI8+hrNdoUGIJzo+Qhr+QE6tvwRvX+yQa6ggogquT8epE4X3Px81tg0kkAb5cZ6eXndvia1nsL/ZIqYQjZnmDbqERA6GEYs7tZ2CMSw7tyQvB73kB+510PeVsJwKu+hpCnfTAbJCvGcT4vtR0p3T1FbxKnDBYU4Vng== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uJVvSrqANr2LUdOmcNTFFVTX8He1aPuRjd1YqVvFWNE=; b=MRHW69NSPTdJ07sFFLJktw/qfBDaksw1sgSAeHXzaRL91bDgOn6kpXF3o8Xo0igewqqgxG6mpVY0bECA1MB/EoP9tePUOJnBz4XfikV5czrt9HgL3Nr7rl7jR2FXJ8ZsBvLR05zrWWkf+tCIVOCzMyqPVDVzbixRAgKdvi8A8Nw= Received: from BN0PR10MB4822.namprd10.prod.outlook.com (2603:10b6:408:124::13) by MWHPR10MB1549.namprd10.prod.outlook.com (2603:10b6:300:26::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15; Thu, 17 Mar 2022 21:20:07 +0000 Received: from BN0PR10MB4822.namprd10.prod.outlook.com ([fe80::13a:62fb:671e:c7b7]) by BN0PR10MB4822.namprd10.prod.outlook.com ([fe80::13a:62fb:671e:c7b7%7]) with mapi id 15.20.5081.017; Thu, 17 Mar 2022 21:20:07 +0000 Date: Thu, 17 Mar 2022 22:20:01 +0100 From: Daniel Kiper To: Glenn Washburn Cc: Alec Brown , The development of GNU GRUB , darren.kenny@oracle.com Subject: Re: [PATCH 5/7] grub-core/net/net.c: Fix uninitialized scalar variable Message-ID: <20220317212001.rzl76qb6llsgjjfz@tomti.i.net-space.pl> References: <1647375849-24164-1-git-send-email-alec.r.brown@oracle.com> <1647375849-24164-6-git-send-email-alec.r.brown@oracle.com> <20220315201601.2b2828a4@crass-HP-ZBook-15-G2> Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220315201601.2b2828a4@crass-HP-ZBook-15-G2> User-Agent: NeoMutt/20170113 (1.7.2) X-ClientProxiedBy: AS8PR04CA0156.eurprd04.prod.outlook.com (2603:10a6:20b:331::11) To BN0PR10MB4822.namprd10.prod.outlook.com (2603:10b6:408:124::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 411cb575-9e5b-40df-6871-08da085be942 X-MS-TrafficTypeDiagnostic: MWHPR10MB1549:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 93uLChIaJ1+It9dyv1JgxfOGRCn9ofpEenp5KpIDQhg+BhvkRP7iqzy+FYB7rPDoIg9C3Ag0u27ixIlGafq2QgvpZN7fZZU1x/2gpf80yq79s6LV8cOEnagX1F0N4gEI4SlCyywIF6TnJw6xr0LM2SysoOpEpGxr+1oNrA+kYuh9rMRWfx4OoXV5xICTF03sTv5QILra1lm9c2IqqBu3a5I4+Vg90L7u5y8xYy3X4kP5whwW0QxHEvPa66NSIJmZxaEQI1wqVz/RpnFLFLEiH+I7KK05RBFP1XHelu4u5y6PZcx+lCmzk/jUHbSULz1DbgFN0N9iYIfzFKxc97kWV5JHhajpA3mlyMJqcUhcGLcVYbn6urgNdsBK1kosuDqGQu96c6128xV2CcqO8ly19OBwV8QT3CI2wnHKCd+cK1avPjP2HbTFTqhPgZGSThw0EspoHrq8hDIz9woIhdWLUNVxzfwgReYRy9GwYuH86FpHAndBMjJZ62607KhNlqGzxMM9gI5RqCqGXLY7Kw+LwBH4R4vi24PwopHDEOeObEeot+/1H/n8xFqR4e10b0ZxKIR7Ooi6gbxsJl+Hr1401779K6jHBK9xQl8Ij3CJEIhb/n2CjwTKrsEGQqG2MiYcxOqCSnVD+BNpJE670Bk7a2slZFtNQ6wf58D6FiLdWA5HKcRadshXLhTXJa8Ihb8uX6fviVPaU5CfiTBokeKplQ== X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0PR10MB4822.namprd10.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(2906002)(54906003)(5660300002)(66556008)(8676002)(66476007)(44832011)(86362001)(8936002)(38350700002)(6916009)(66946007)(316002)(38100700002)(4326008)(107886003)(83380400001)(1076003)(186003)(26005)(508600001)(6486002)(6506007)(9686003)(6666004)(6512007)(52116002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?1v1sFLuPFfKDE5ANs2yrXRwOGgDczDL61UZHdRNwZ+Jp1bYFmU1i31X6tdms?= =?us-ascii?Q?g756xmpavWQ4Vvnc/nvl26hN/GL3ZgUJJzTwCUOUaC+nJdDB0RXOn7s79qvj?= =?us-ascii?Q?4ubJL5l7ss5nH6llbKkvP5mW+TtZJBTI2tt6SvPP7qzdvQLytc/o3l0vdwDl?= =?us-ascii?Q?hMxseB56da6NShgJvMy6m8NOcmX73r6F4PbAmrye18LqYLWmDGU5hAQFcs+3?= =?us-ascii?Q?9lA/x7G1oULlJkCKHMibH2B8CAFrsVJzTFuskwuPEy5pOP9L699y5z44ASNe?= =?us-ascii?Q?prFgbpCqe/VMMTvvnlXOL7FTgAkMaGIv6k/BAB/e+7Ua8sjuqs9gPylK+6Q/?= =?us-ascii?Q?53aotvKDPm/3RSOjkFADIy3cz/StGFpPpEhpWvvXcXwoWaaEe3PEPNIOzjUl?= =?us-ascii?Q?WE/Hno3p0I7uv3P9QSdllcCSfaLZIVlxEOmXrmqLavjqZ8cGD3nUZzHFfow3?= =?us-ascii?Q?TGnIEmEFkY9z8F5A/4naadOySICQM7FiksfS88EWImzNglM/i/36mgMig5oW?= =?us-ascii?Q?VdcT35/1PrxFDhhISZu2PQug4yxRZQUy3F/F1JJNbNgsanjrk/lWuEJheGjO?= =?us-ascii?Q?ACSYjR9x7z75auBcjHyXCtldu+H4Krszkr7Sr5cZPeHDPINSE9Fs3MuhnXZX?= =?us-ascii?Q?NhMAhYzadi0n3TWMOS8cDBSQ/BGul17VQYYa4y3slF8fTy/RN7qENNyRcU4G?= =?us-ascii?Q?2ZSFKQCfzEkkUkJhFj6hGG9eWUqdr0Rl1GkM5bexlIRSe9GztusUKb5OlTOP?= =?us-ascii?Q?DYeZJCFd4wRJC/eG8QQ/LT9Ad58W0Hu+R256qSVY20MKADFsNzbNqTybvfs6?= =?us-ascii?Q?vLmdLp1X5kmGyO60IcwVjLz3GC1dJGqlaLbILtM+tzSJ8wmhotie8pH43ele?= =?us-ascii?Q?vzoAtMH2mS7ciWCXMKoLw2R9txY2iIoP5BN5mwprMKxEMUgMdSjdGY1TIRef?= =?us-ascii?Q?mPFcDyOOXC99S1l5TYKUAaakhl9lfgYtobj0SUG5jBfFv0LeqmfQZozsc+uq?= =?us-ascii?Q?XFr1rH6p8LWHfTNalafFWN9VG7PHlAmtX7m5hmjdB5yPrvYLYatTzpCBxfPM?= =?us-ascii?Q?7E3acVD9gtmOj/gzFbJWVV8pJJveMyo00HA1/0PcTf0fP54FO9DkvFG4py05?= =?us-ascii?Q?LTwqfNXKg+SAqxoIDq6F6kx5DmJYHVrnXEjbYlsdORFncXPE2b54ytqfsZeQ?= =?us-ascii?Q?1QzZZU8pknLvwNoKrkAp02NvSbPZCbbhwn/3zpDG053WgeX98iI+V8wn1OVs?= =?us-ascii?Q?Arx+hi4o2Ku+Wm58X9pBkaFx7IFgrE61uq9OQEDM87MqhuoJj+oZZjz/tJe1?= =?us-ascii?Q?/3x951SHOU+0SYUCvfi0g28Yphc5VY0hEtcHsxKZg+j1LF5r0jDcRXYWDd+T?= =?us-ascii?Q?mrGLgRQsf/Rrz+x1qJvEZDJf4/FfN9E6sGC7DdJ7xIjxDNJt1ZaLB9fCfrTa?= =?us-ascii?Q?XDokPKNkI7/+mnMi4hFa0Z2wFTy7vmXcajtMXEZjR6iLMh+KKIfWUQ=3D=3D?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 411cb575-9e5b-40df-6871-08da085be942 X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB4822.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 21:20:07.5773 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 35TIA7kB60ZjkFcmq6PYUKsvcruQmDnm94MS+/AOejsAx1bM4tYDMkfJcZ50lWUIYgHiy1+CZVIeJsAEmHn3ug== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR10MB1549 X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10289 signatures=693715 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 suspectscore=0 adultscore=0 spamscore=0 bulkscore=0 malwarescore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203170117 X-Proofpoint-ORIG-GUID: G6XZ2c3nChTLsLy1Szm3NGoPiifD4ZGT X-Proofpoint-GUID: G6XZ2c3nChTLsLy1Szm3NGoPiifD4ZGT Received-SPF: pass client-ip=205.220.177.32; envelope-from=daniel.kiper@oracle.com; helo=mx0b-00069f02.pphosted.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2022 21:20:20 -0000 On Tue, Mar 15, 2022 at 08:16:01PM -0500, Glenn Washburn wrote: > On Tue, 15 Mar 2022 16:24:07 -0400 > Alec Brown wrote: > > > In the function grub_net_ipv6_get_link_local(), grub_net_network_level_address_t > > addr is called but isn't being initialized. To prevent contents of this > > structure from being filled with junk data from the stack, we can initialize it > > to 0 by setting addr to {}; > > > > Fixes: CID 375033 > > > > Signed-off-by: Alec Brown > > --- > > grub-core/net/net.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/grub-core/net/net.c b/grub-core/net/net.c > > index 4d3eb5c1a..4e93365a7 100644 > > --- a/grub-core/net/net.c > > +++ b/grub-core/net/net.c > > @@ -287,7 +287,7 @@ grub_net_ipv6_get_link_local (struct grub_net_card *card, > > struct grub_net_network_level_interface *inf; > > char *name; > > char *ptr; > > - grub_net_network_level_address_t addr; > > + grub_net_network_level_address_t addr = {}; > > > > addr.type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6; > > addr.ipv6[0] = grub_cpu_to_be64_compile_time (0xfe80ULL << 48); > > This seems not quite necessary. The local "addr" is initialized just > below its initialization, so "junk" data doesn't matter. Only the > "option" member is not initialized, so we could just add another line to > initialize that. Yeah, I chatted about that with Alec and he will fix it. > The "{}" syntax seems to not be used much either, "{0}" being > preferred, but also not used much. Good point! I asked Alec to fix it too. > I think I remember Vladimir saying that GRUB doesn't use initializers, > but there are some in the code, so perhaps this isn't a thing > anymore. If Coverity complains I think we should make it happy. I think it is better to be on safe side than sorry. > Another option, which would be my preference, would be to move the 3 > lines below the declaraction of "addr" into the initializer and use > C99's designated initializer, so something like: > > grub_net_network_level_address_t addr = { > .type = GRUB_NET_NETWORK_LEVEL_PROTOCOL_IPV6, > .ipv6 = { > grub_cpu_to_be64_compile_time (0xfe80ULL << 48), > grub_net_ipv6_get_id (hwaddr) > } > }; I think it is rather an overkill here. Daniel