[PATCH 1/2] cifs: remove initialization value
ematsumiya at suse.de
Fri Oct 7 19:22:59 UTC 2022
On 10/05, David Laight wrote:
>From: Enzo Matsumiya
>> Sent: 04 October 2022 15:23
>> Hi Usama,
>> On 10/04, Muhammad Usama Anjum wrote:
>> >Don't initialize the rc as its value is being overwritten before its
>> Being bitten by an unitialized variable bug as recent as 2 days ago, I'd
>> say this is a step backwards from the "best practices" POV.
>Depends on your POV.
My POV was, considering "unitialized variables" is a _whole_ class of
security bugs, a patch to specifically deinitialize a variable is pretty
much like saying "let's leave this to chance".
>If you don't initialise locals there is a fair chance that the
>compiler will detect buggy code.
>If you initialise them you get well defined behaviour - but
>the compiler won't find bugs for you.
>Mostly the kernel is in the first camp.
My money is on the smaller unfair chances that the compiler cannot catch
even the smallest bit of complexity of uninitialized use.
Also, initializing something to 0/NULL will, most of the time, if at all,
be "just" a bug, whereas an uninitialized variable bug might turn into a
security bug and even go unnoticed for years.
Anyway, this patch got merged and I seem to be alone with this
More information about the samba-technical