This poor/inefficient code has been revealed by coverity GH issue in #2788 where
some quic_cc_rs struct member initializations were mentionned as overwritten
(after initialization) before being used as follows:
CID
1565821: Code maintainability issues (UNUSED_VALUE)
/src/quic_cc_bbr.c: 1373 in bbr_handle_lost_packet()
1367 }
1368
1369 static void bbr_handle_lost_packet(struct bbr *bbr, struct quic_cc_path *p,
1370 struct quic_tx_packet *pkt,
1371 uint32_t lost)
1372 {
>>> CID
1565821: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "0UL" to "rs.tx_in_flight" here, but that stored value is overwritten before it can be used.
1373 struct quic_cc_rs rs = {0};
1374
1375 /* C.delivered = bbr->drs.delivered */
1376 bbr_note_loss(bbr, bbr->drs.delivered);
1377 if (!bbr->bw_probe_samples)
1378 return; /* not a packet sent while probing bandwidth */
Remove the {0} initializer for <rs> variable. This is safe because the members
initializations of <rs> local variable passed to functions from
bbr_handle_lost_packet() are done. Add a comment to mention this.
struct quic_tx_packet *pkt,
uint32_t lost)
{
- struct quic_cc_rs rs = {0};
+ struct quic_cc_rs rs;
/* C.delivered = bbr->drs.delivered */
bbr_note_loss(bbr, bbr->drs.delivered);
if (!bbr->bw_probe_samples)
return; /* not a packet sent while probing bandwidth */
+ /* Only ->tx_in_fligth, ->lost and ->is_app_limited <rs> member
+ * initializations are needed.
+ */
rs.tx_in_flight = pkt->rs.tx_in_flight; /* inflight at transmit */
BUG_ON(bbr->drs.lost + pkt->len < lost);
/* bbr->rst->lost is not yet incremented */
projects / thirdparty / haproxy.git / commitdiff
