aboutsummaryrefslogtreecommitdiffstats
path: root/include/asm-powerpc
diff options
context:
space:
mode:
authorNate Case <ncase@xes-inc.com>2008-05-12 16:14:14 -0400
committerPaul Mackerras <paulus@samba.org>2008-05-15 06:49:52 -0400
commit9c8387afdc93f90bf0241411d44e011d8d5b76df (patch)
tree97611f22b5a627f5d6067aae0bff6c32247fb577 /include/asm-powerpc
parent64e4566f6d590fbb284da061b9b664c2486dd2de (diff)
[POWERPC] Fix uninitialized variable bug in copy_{to|from}_user
Calls to copy_to_user() or copy_from_user() can fail when copying N bytes, where N is a constant less than 8, but not 1, 2, 4, or 8, because 'ret' is not initialized and is only set if the size is 1, 2, 4 or 8, but is tested after the switch statement for any constant size <= 8. This fixes it by initializing 'ret' to 1, causing the code to fall through to the __copy_tofrom_user call for sizes other than 1, 2, 4 or 8. Signed-off-by: Dave Scidmore <dscidmore@xes-inc.com> Signed-off-by: Nate Case <ncase@xes-inc.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Diffstat (limited to 'include/asm-powerpc')
-rw-r--r--include/asm-powerpc/uaccess.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/asm-powerpc/uaccess.h b/include/asm-powerpc/uaccess.h
index 8e798e3758bc..1a0736f8803f 100644
--- a/include/asm-powerpc/uaccess.h
+++ b/include/asm-powerpc/uaccess.h
@@ -380,7 +380,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
380 const void __user *from, unsigned long n) 380 const void __user *from, unsigned long n)
381{ 381{
382 if (__builtin_constant_p(n) && (n <= 8)) { 382 if (__builtin_constant_p(n) && (n <= 8)) {
383 unsigned long ret; 383 unsigned long ret = 1;
384 384
385 switch (n) { 385 switch (n) {
386 case 1: 386 case 1:
@@ -406,7 +406,7 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
406 const void *from, unsigned long n) 406 const void *from, unsigned long n)
407{ 407{
408 if (__builtin_constant_p(n) && (n <= 8)) { 408 if (__builtin_constant_p(n) && (n <= 8)) {
409 unsigned long ret; 409 unsigned long ret = 1;
410 410
411 switch (n) { 411 switch (n) {
412 case 1: 412 case 1: