Hello everyone,
I recently found that a local variable in passed uninitialised to the
function at
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c:2950
u32 var;
err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
if (err) {
brcmf_err("wl dtim_assoc failed (%d)\n", err);
goto update_bss_info_out;
}
dtim_period = (u8)var;
Now, the brcmf_fil_iovar_int_get() is defined as:
s32
brcmf_fil_iovar_int_get(struct brcmf_if *ifp, char *name, u32 *data)
{
__le32 data_le = cpu_to_le32(*data);
s32 err;
err = brcmf_fil_iovar_data_get(ifp, name, &data_le, sizeof(data_le));
if (err == 0)
*data = le32_to_cpu(data_le);
return err;
}
We can cleary see that 'var' in used uninitialised in the very first line
which is an undefined behavior.
So, what could be a possible fix for the above ?
I'm not sure initialising 'var' to 0 would be the correct solution.
--
Thanks
Himanshu Jha
