| Project Name | CID | Checker | Category | Developer Description |
|---|---|---|---|---|
| Linux | 102363 | UNINIT | Uninitialized variables | This was potentially problematic, due to the assert on an uninitialized variable. But the much bigger win was that along with 4 other similar CIDs highlighted code replication; fixing the defects and refactoring the code led to a significant reduction in code: 10 files changed, 68 insertions, 218 deletions https://git.kernel.org/cgit/linux/kernel/git/dgc/linux-xfs.git/commit/?h=for-next&id=f6106efae5f4144b32f6c10de0dc3e7efc9181e3 |
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 |
retval = error = 0; out: if (state) xfs_da_state_free(state); if (error) return error; return retval; } /* * Remove a name from a B-tree attribute list. * * This will involve walking down the Btree, and may involve joining * leaf nodes and even joining intermediate nodes up to and including * the root node (a special case of an intermediate node). */ STATIC int xfs_attr_node_removename(xfs_da_args_t *args) { xfs_da_state_t *state; xfs_da_state_blk_t *blk; xfs_inode_t *dp; struct xfs_buf *bp; |
<< 1. Declaring variable "committed" without initializer.
1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 |
int retval, error, committed, forkoff; trace_xfs_attr_node_removename(args); /* * Tie a string around our finger to remind us where we are. */ dp = args->dp; state = xfs_da_state_alloc(); state->args = args; state->mp = dp->i_mount; /* * Search to see if name exists, and get back a pointer to it. */ error = xfs_da3_node_lookup_int(state, &retval); |
< 2. Condition "error", taking false branch
< 3. Condition "retval != -17", taking false branch
1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 |
if (error || (retval != -EEXIST)) { if (error == 0) error = retval; goto out; } /* * If there is an out-of-line value, de-allocate the blocks. * This is done before we remove the attribute so that we don't * overflow the maximum size of a transaction and/or hit a deadlock. */ blk = &state->path.blk[ state->path.active-1 ]; |
< 4. Condition "!!(blk->bp != NULL)", taking true branch
< 5. Condition "!!(blk->bp != NULL)", taking true branch
1177 |
ASSERT(blk->bp != NULL); |
< 6. Condition "!!(blk->magic == 64494)", taking true branch
< 7. Condition "!!(blk->magic == 64494)", taking true branch
1178 |
ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC); |
< 8. Condition "args->rmtblkno > 0", taking false branch
1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 |
if (args->rmtblkno > 0) { /* * Fill in disk block numbers in the state structure * so that we can get the buffers back after we commit * several transactions in the following calls. */ error = xfs_attr_fillstate(state); if (error) goto out; /* * Mark the attribute as INCOMPLETE, then bunmapi() the * remote value. */ error = xfs_attr3_leaf_setflag(args); if (error) goto out; error = xfs_attr_rmtval_remove(args); if (error) goto out; /* * Refill the state structure with buffers, the prior calls * released our buffers. */ error = xfs_attr_refillstate(state); if (error) goto out; } /* * Remove the name and update the hashvals in the tree. */ blk = &state->path.blk[ state->path.active-1 ]; |
< 9. Condition "!!(blk->magic == 64494)", taking true branch
< 10. Condition "!!(blk->magic == 64494)", taking true branch
1213 1214 1215 1216 1217 1218 1219 |
ASSERT(blk->magic == XFS_ATTR_LEAF_MAGIC);
retval = xfs_attr3_leaf_remove(blk->bp, args);
xfs_da3_fixhashpath(state, &state->path);
/*
* Check to see if the tree needs to be collapsed.
*/ |
< 11. Condition "retval", taking true branch
< 12. Condition "state->path.active > 1", taking true branch
1220 1221 1222 |
if (retval && (state->path.active > 1)) { xfs_bmap_init(args->flist, args->firstblock); error = xfs_da3_join(state); |
< 13. Condition "!error", taking false branch
1223 1224 1225 1226 |
if (!error) {
error = xfs_bmap_finish(&args->trans, args->flist,
&committed);
} |
< 14. Condition "error", taking true branch
1227 |
if (error) { |
<<< CID 102363: Uninitialized variables UNINIT <<< 15. Using uninitialized value "committed".
1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 |
ASSERT(committed);
args->trans = NULL;
xfs_bmap_cancel(args->flist);
goto out;
}
/*
* bmap_finish() may have committed the last trans and started
* a new one. We need the inode to be in all transactions.
*/
if (committed)
xfs_trans_ijoin(args->trans, dp, 0);
/*
* Commit the Btree join operation and start a new trans.
*/
error = xfs_trans_roll(&args->trans, dp);
if (error)
goto out;
}
/*
* If the result is small enough, push it all into the inode.
*/
if (xfs_bmap_one_block(dp, XFS_ATTR_FORK)) {
/*
* Have to get rid of the copy of this dabuf in the state. |
| 1. var_decl | xfs_attr.c:1149 | |
| 15. uninit_use | xfs_attr.c:1228 |