From: Christian Engelmayer <cengelma@gmx.at>
Date: Wed, 7 May 2014 19:44:53 +0000 (+0200)
Subject: staging: binder: fix usage of uninit scalar in binder_transaction()
X-Git-Tag: v4.14-rc1~7083^2~39^2~533
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7d42043f093ed83ef80f03b17087a1eaaf8d2e06;p=platform%2Fkernel%2Flinux-rpi.git

staging: binder: fix usage of uninit scalar in binder_transaction()

Fix the error path when a cookie mismatch is detected. In that case the
function jumps to the exit label without setting the uninitialized, local
variable 'return_error'. Detected by Coverity - CID 201453.

Signed-off-by: Christian Engelmayer <cengelma@gmx.at>
Acked-by: Arve <arve@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/drivers/staging/android/binder.c b/drivers/staging/android/binder.c
index c78411a..e8dd7dd 100644
--- a/drivers/staging/android/binder.c
+++ b/drivers/staging/android/binder.c
@@ -1547,6 +1547,7 @@ static void binder_transaction(struct binder_proc *proc,
 					proc->pid, thread->pid,
 					(u64)fp->binder, node->debug_id,
 					(u64)fp->cookie, (u64)node->cookie);
+				return_error = BR_FAILED_REPLY;
 				goto err_binder_get_ref_for_node_failed;
 			}
 			ref = binder_get_ref_for_node(target_proc, node);