cifs: Fix oops due to uninitialised variable

PlaidCat · PlaidCat · commit 10852157afc3 · 2025-12-11T03:01:15.000-05:00
jira KERNEL-318 cve CVE-2025-38737 Rebuild_History Non-Buildable kernel-6.12.0-124.20.1.el10_1 commit-author David Howells <dhowells@redhat.com> commit 453a6d2 Fix smb3_init_transform_rq() to initialise buffer to NULL before calling netfs_alloc_folioq_buffer() as netfs assumes it can append to the buffer it is given. Setting it to NULL means it should start a fresh buffer, but the value is currently undefined. Fixes: a2906d3 ("cifs: Switch crypto buffer to use a folio_queue rather than an xarray") Signed-off-by: David Howells <dhowells@redhat.com> cc: Steve French <sfrench@samba.org> cc: Paulo Alcantara <pc@manguebit.org> cc: linux-cifs@vger.kernel.org cc: linux-fsdevel@vger.kernel.org Signed-off-by: Steve French <stfrench@microsoft.com> (cherry picked from commit 453a6d2) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
diff --git a/fs/smb/client/smb2ops.c b/fs/smb/client/smb2ops.c
@@ -4509,7 +4509,7 @@ smb3_init_transform_rq(struct TCP_Server_Info *server, int num_rqst,
 	for (int i = 1; i < num_rqst; i++) {
 		struct smb_rqst *old = &old_rq[i - 1];
 		struct smb_rqst *new = &new_rq[i];
-		struct folio_queue *buffer;
+		struct folio_queue *buffer = NULL;
 		size_t size = iov_iter_count(&old->rq_iter);
 
 		orig_len += smb_rqst_len(server, old);
