scsi: scsi_debug: Fix uninitialized pointers with __free attr

Uninitialized pointers with '__free' attribute can cause undefined
behaviour as the memory assigned(randomly) to the pointer is freed
automatically when the pointer goes out of scope

scsi doesn't have any bugs related to this as of now, but it is better
to initialize and assign pointers with '__free' attr in one statement to
ensure proper scope-based cleanup

Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/all/aPiG_F5EBQUjZqsl@stanley.mountain/
Signed-off-by: Ally Heev <allyheev@gmail.com>
Link: https://patch.msgid.link/20251105-aheev-uninitialized-free-attr-scsi-v1-1-d28435a0a7ea@gmail.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>

diff --git a/drivers/scsi/scsi_debug.c b/drivers/scsi/scsi_debug.c
index 7291b7a7f1b08981e6d3b9e969f4625faaca0ffd..92b2af803d87ea39b6d63f177ce2ebaba8bc9b54 100644 (file)
--- a/drivers/scsi/scsi_debug.c
+++ b/drivers/scsi/scsi_debug.c
@@ -2961,11 +2961,11 @@ static int resp_mode_sense(struct scsi_cmnd *scp,
        int target_dev_id;
        int target = scp->device->id;
        unsigned char *ap;
-       unsigned char *arr __free(kfree);
        unsigned char *cmd = scp->cmnd;
        bool dbd, llbaa, msense_6, is_disk, is_zbc, is_tape;
 
-       arr = kzalloc(SDEBUG_MAX_MSENSE_SZ, GFP_ATOMIC);
+       unsigned char *arr __free(kfree) = kzalloc(SDEBUG_MAX_MSENSE_SZ, GFP_ATOMIC);
+
        if (!arr)
                return -ENOMEM;
        dbd = !!(cmd[1] & 0x8);         /* disable block descriptors */