Daniel,
On 08.01.2026 10:18, Jan Beulich wrote:
> Gcc's "threading" of conditionals can lead to undue warnings, as reported
> in e.g. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116519 (no matter
> that the overall situation is different there). While my gcc15 complains
> ("buf[2] may be used uninitialized in this function") about only two of
> the three instances (not about the one in type_read()), adjust all three
> to be on the safe side.
>
> Signed-off-by: Jan Beulich <[email protected]>
any chance of an ack (or otherwise)?
Thanks, Jan
> ---
> While auditing uses of next_entry(), I noticed POLICYDB_VERSION_ROLETRANS
> dependent ones in policydb_read(): How come the 4th slot isn't used at all
> there (not even checked for being e.g. zero, i.e. holding no useful data)?
> Then again other instances can be found where data is read but outright
> ignored.
>
> --- a/xen/xsm/flask/ss/policydb.c
> +++ b/xen/xsm/flask/ss/policydb.c
> @@ -1271,7 +1271,10 @@ static int cf_check role_read(struct pol
> if ( ver >= POLICYDB_VERSION_BOUNDARY )
> rc = next_entry(buf, fp, sizeof(buf[0]) * 3);
> else
> + {
> rc = next_entry(buf, fp, sizeof(buf[0]) * 2);
> + buf[2] = cpu_to_le32(0); /* gcc14 onwards */
> + }
>
> if ( rc < 0 )
> goto bad;
> @@ -1342,7 +1345,10 @@ static int cf_check type_read(struct pol
> if ( ver >= POLICYDB_VERSION_BOUNDARY )
> rc = next_entry(buf, fp, sizeof(buf[0]) * 4);
> else
> + {
> rc = next_entry(buf, fp, sizeof(buf[0]) * 3);
> + buf[3] = cpu_to_le32(0); /* gcc14 onwards */
> + }
>
> if ( rc < 0 )
> goto bad;
> @@ -1436,7 +1442,10 @@ static int cf_check user_read(struct pol
> if ( ver >= POLICYDB_VERSION_BOUNDARY )
> rc = next_entry(buf, fp, sizeof(buf[0]) * 3);
> else
> + {
> rc = next_entry(buf, fp, sizeof(buf[0]) * 2);
> + buf[2] = cpu_to_le32(0); /* gcc14 onwards */
> + }
>
> if ( rc < 0 )
> goto bad;
