[PATCH v2] lockdown: Initialize array before use
Tanya Agarwal
tanyaagarwal25699 at gmail.com
Sun Jan 5 06:07:56 UTC 2025
On Sun, Jan 5, 2025 at 9:45 AM Paul Moore <paul at paul-moore.com> wrote:
>
> On Jan 4, 2025 Tanya Agarwal <tanyaagarwal25699 at gmail.com> wrote:
> >
> > - char temp[80];
> > + char temp[80] = {0};
> > int i, offset = 0;
>
> Since @temp is a string, it reads a bit better if we initialize it with
> double quotes, e.g. 'char temp[80] = ""'.
Hi Paul,
Thanks for the review.
I agree to change it to double quotes and will send it in a revision patch.
>
> This is also a case where the static analysis is a bit misleading. The
> @temp variable is uninitialized only if the @lockdown_levels array is
> empty and seeing as the @lockdown_levels array is a constant array
> defined in the source, this isn't a real issue we need to worry about.
> However, if you wanted to fix this simply to quiet Coverity, I think
> that would be okay, especially since this isn't a hot code path.
I understand that is likely a false positive. However, as you
mentioned this is not a hot path, making initialization explicit could
help silence the static analyzer without any real downside.
Thanks,
Tanya
>
> > for (i = 0; i < ARRAY_SIZE(lockdown_levels); i++) {
> > --
> > 2.39.5
>
> --
> paul-moore.com
More information about the Linux-security-module-archive
mailing list