keyspan_pda.c use of keyspan_pda_get_modem_info

[Benny Halevy]

with gcc 4.3.0 i see these warnings:

drivers/usb/serial/keyspan_pda.c: In function 'keyspan_pda_tiocmget':
drivers/usb/serial/keyspan_pda.c:444: warning: 'status' may be used uninitialized in this function
drivers/usb/serial/keyspan_pda.c: In function 'keyspan_pda_tiocmset':
drivers/usb/serial/keyspan_pda.c:465: warning: 'status' may be used uninitialized in this function

In these two call sites the callers bail out if
keyspan_pda_get_modem_info return value is < 0
e.g.
static int keyspan_pda_tiocmget(struct usb_serial_port *port, struct file *file)
{
...
	unsigned char status;
...
	rc = keyspan_pda_get_modem_info(serial, &status);
	if (rc < 0)
		return rc;
	value =
		((status & (1<<7)) ? TIOCM_DTR : 0) |
...
	return value;

However, keyspan_pda_get_modem_info sets status only for rc > 0
so it may indeed be used uninitialized in case keyspan_pda_get_modem_info
returns 0.

static int keyspan_pda_get_modem_info(struct usb_serial *serial,
				      unsigned char *value)
{
	int rc;
	unsigned char data;
	rc = usb_control_msg(serial->dev, usb_rcvctrlpipe(serial->dev, 0),
			     3, /* get pins */
			     USB_TYPE_VENDOR|USB_RECIP_INTERFACE|USB_DIR_IN,
			     0, 0, &data, 1, 2000);
	if (rc > 0)
		*value = data;
	return rc;
}

In the usb_control_msg/usb_internal_control_msg/usb_start_wait_urb path,
if usb_submit_urb

That said, I'm not sure if that can happen at all but regardless,
it seems like a good idea to handle this case.

Benny
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/