From 2667f59e12ddba9d73c9996a28d7c63414887713 Mon Sep 17 00:00:00 2001
From: Benjamin Kaduk <kaduk@mit.edu>
Date: Wed, 5 Feb 2014 18:32:16 -0500
Subject: [PATCH] afs_fetchstore: re-avoid uninitialized variable

As noted in the gerrit comments for change 10742, commit
baf6af8a8f2207ce39b746d59ca4bc661c002883 does not handle the case
where the second rx_Read() call fails, and the 'length' variable
can still be used uninitialized.

Instead of using an err label and jumping to it on the case of
errors, initialize length to zero and take care to neither
set nor access *alength if an error has occurred.  This is
more consistent with the style of the surrounding code while still
avoiding the use of an uninitialized variable.

Reviewed-on: http://gerrit.openafs.org/10806
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
(cherry picked from commit b7326e487f6387033282cc5d1128b00a0456673a)

Change-Id: I371ec319b9a984e61e41a30110b8f2c0cf14b379
Reviewed-on: http://gerrit.openafs.org/10835
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: D Brashear <shadow@your-file-system.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---
 src/afs/afs_fetchstore.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/afs/afs_fetchstore.c b/src/afs/afs_fetchstore.c
index 49d02134c..38b064ceb 100644
--- a/src/afs/afs_fetchstore.c
+++ b/src/afs/afs_fetchstore.c
@@ -913,7 +913,7 @@ rxfs_fetchInit(struct afs_conn *tc, struct rx_connection *rxconn,
 #ifdef AFS_64BIT_CLIENT
     afs_uint32 length_hi = 0;
 #endif
-    afs_uint32 length, bytes;
+    afs_uint32 length = 0, bytes;
 
     v = (struct rxfs_fetchVariables *)
 	    osi_AllocSmallSpace(sizeof(struct rxfs_fetchVariables));
@@ -968,9 +968,7 @@ rxfs_fetchInit(struct afs_conn *tc, struct rx_connection *rxconn,
 	    }
 	    afs_serverSetNo64Bit(tc);
 	}
-	if (code) {
-	    goto err;
-	} else {
+	if (!code) {
 	    RX_AFS_GUNLOCK();
 	    bytes = rx_Read(v->call, (char *)&length, sizeof(afs_int32));
 	    RX_AFS_GLOCK();
@@ -981,6 +979,7 @@ rxfs_fetchInit(struct afs_conn *tc, struct rx_connection *rxconn,
 		code = rx_Error(v->call);
                 code1 = rx_EndCall(v->call, code);
 		v->call = NULL;
+		length = 0;
 		RX_AFS_GLOCK();
 	    }
 	}
@@ -989,7 +988,8 @@ rxfs_fetchInit(struct afs_conn *tc, struct rx_connection *rxconn,
 		   ICL_TYPE_POINTER, avc, ICL_TYPE_INT32, code,
 		   ICL_TYPE_OFFSET,
 		   ICL_HANDLE_OFFSET(length64));
-	*alength = length;
+	if (!code)
+	    *alength = length;
 #else /* AFS_64BIT_CLIENT */
 	RX_AFS_GUNLOCK();
 	code = StartRXAFS_FetchData(v->call, (struct AFSFid *)&avc->f.fid.Fid,
@@ -1028,7 +1028,6 @@ rxfs_fetchInit(struct afs_conn *tc, struct rx_connection *rxconn,
 	code = EIO;
     }
 
-err:
     if (!code && code1)
 	code = code1;
 
-- 
2.39.5