[POWERPC] Fix uninitialized variable bug in copy_{to|from}_user

Calls to copy_to_user() or copy_from_user() can fail when copying N
bytes, where N is a constant less than 8, but not 1, 2, 4, or 8,
because 'ret' is not initialized and is only set if the size is 1,
2, 4 or 8, but is tested after the switch statement for any constant
size <= 8.  This fixes it by initializing 'ret' to 1, causing the
code to fall through to the __copy_tofrom_user call for sizes other
than 1, 2, 4 or 8.

Signed-off-by: Dave Scidmore <dscidmore@xes-inc.com>
Signed-off-by: Nate Case <ncase@xes-inc.com>
Signed-off-by: Paul Mackerras <paulus@samba.org>

diff --git a/include/asm-powerpc/uaccess.h b/include/asm-powerpc/uaccess.h
index 8e798e3758bc38137ca15d2f0e23c954e0339c26..1a0736f8803fa8db84de6b428ae808c95b49b835 100644 (file)
--- a/include/asm-powerpc/uaccess.h
+++ b/include/asm-powerpc/uaccess.h
@@ -380,7 +380,7 @@ static inline unsigned long __copy_from_user_inatomic(void *to,
                const void __user *from, unsigned long n)
 {
        if (__builtin_constant_p(n) && (n <= 8)) {
-               unsigned long ret;
+               unsigned long ret = 1;
 
                switch (n) {
                case 1:
@@ -406,7 +406,7 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to,
                const void *from, unsigned long n)
 {
        if (__builtin_constant_p(n) && (n <= 8)) {
-               unsigned long ret;
+               unsigned long ret = 1;
 
                switch (n) {
                case 1: