From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner+willy=40w.ods.org@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S271271AbTGPXkU (ORCPT <rfc822;willy@w.ods.org>);
	Wed, 16 Jul 2003 19:40:20 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S271267AbTGPXkU
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Wed, 16 Jul 2003 19:40:20 -0400
Received: from pool-250.gatesgroup.hu ([195.56.144.250]:4356 "EHLO
	iluvatar.bonehunter.rulez.org") by vger.kernel.org with ESMTP
	id S271271AbTGPXiz (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Wed, 16 Jul 2003 19:38:55 -0400
Date: Thu, 17 Jul 2003 01:53:42 +0200
Message-ID: <83he5mm3jt.wl@iluvatar.bonehunter.rulez.org>
Cc: Gergely Nagy <algernon@gandalph.mad.hu>
From: Gergely Nagy <algernon@gandalph.mad.hu>
To: linux-kernel@vger.kernel.org
Subject: [devfs] Use before initialisation in devfs_mk_cdev()
User-Agent: Wanderlust/2.10.1 (Watching The Wheels) Emacs/21.3 Mule/5.0 (SAKAKI)
X-Fortune: The superfluous is very necessary. -- Voltaire
X-Marvin: Life, loathe it or ignore it, you can't like it.
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org

Hi!

While playing around with implementing my first linux 2.5 module, I
stumbled upon a buglet in devfs (though, if used properly, it probably
won't surface ever). The problem - as I see it - is that
devfs_mk_cdev() first checks the mode passed to it, and if it thinks
it is not a char device, it prints a warning and aborts. Now, this
printing involves the local variable `buf' (char buf[64]), which is
not initialised at that point.

The problematic code is:

int devfs_mk_cdev(dev_t dev, umode_t mode, const char *fmt, ...)
{
	struct devfs_entry *dir = NULL, *de;
	char buf[64];
	va_list args;
	int error, n;

	if (!S_ISCHR(mode)) {
		printk(KERN_WARNING "%s: invalide mode (%u) for %s\n",
				__FUNCTION__, mode, buf);
		return -EINVAL;
	}

One option would be to try to initialise buf earlier, another would be
to just remove the "for %s" part, and the buf reference in the printk
(but that way, some information would be lost).

Anyways, I just noticed that when my buggy code called devfs_mk_cdev
(blah, 0, etc..) it printed garbage on module insertion, so I thought
I'd drop a notice.

Oh, this is with Linux 2.6.0-test1-mm1.

Cheers,
-- 
Gergely Nagy