[PATCH V3] lockdown: Initialize array before use
Kuan-Wei Chiu
visitorckw at gmail.com
Sun Jan 5 10:42:10 UTC 2025
Hi Tanya,
On Sun, Jan 05, 2025 at 12:35:38PM +0530, Tanya Agarwal wrote:
> From: Tanya Agarwal <tanyaagarwal25699 at gmail.com>
>
> The static code analysis tool "Coverity Scan" pointed the following
> details out for further development considerations:
> CID 1486102: Uninitialized scalar variable (UNINIT)
> uninit_use_in_call: Using uninitialized value *temp when calling
> strlen.
>
> Conclusion:
> Initialize array before use in lockdown_read() to satisfy the static
> analyzer.
>
> Fixes: 000d388ed3bb ("security: Add a static lockdown policy LSM")
> Signed-off-by: Tanya Agarwal <tanyaagarwal25699 at gmail.com>
I don't believe this is a real bug. The lockdown_reasons array is a
non-empty constant, so temp is guaranteed to be written to by sprintf
before being passed to strlen.
When submitting patches in the future, could you also include an
analysis of the conditions that might lead to the bug, along with the
coverity scan report?
Regards,
Kuan-Wei
More information about the Linux-security-module-archive
mailing list