From b6c2346173ee1a8b8cd6ec045bb80243e47400f2 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 22 Nov 2014 10:18:16 +0000 Subject: [PATCH] Fix uninitialised variable in two Windows event loops. If (Msg)WaitForMultipleObjects returns WAIT_TIMEOUT, we expect 'next' to have been initialised. This can occur without having called run_timers(), if a toplevel callback was pending, so we can't expect run_timers to have reliably initialised 'next'. I'm not actually convinced this could have come up in either of the affected programs (Windows PSFTP and Plink), due to the list of things toplevel callbacks are currently used for, but it certainly wants fixing anyway for the future. Spotted by Coverity. --- windows/winplink.c | 3 +++ windows/winsftp.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/windows/winplink.c b/windows/winplink.c index 1c4f3307..43826622 100644 --- a/windows/winplink.c +++ b/windows/winplink.c @@ -661,6 +661,7 @@ int main(int argc, char **argv) if (toplevel_callback_pending()) { ticks = 0; + next = now; } else if (run_timers(now, &next)) { then = now; now = GETTICKCOUNT(); @@ -670,6 +671,8 @@ int main(int argc, char **argv) ticks = next - now; } else { ticks = INFINITE; + /* no need to initialise next here because we can never + * get WAIT_TIMEOUT */ } handles = handle_get_events(&nhandles); diff --git a/windows/winsftp.c b/windows/winsftp.c index 25ac6c94..f37ef243 100644 --- a/windows/winsftp.c +++ b/windows/winsftp.c @@ -495,6 +495,7 @@ int do_eventsel_loop(HANDLE other_event) if (toplevel_callback_pending()) { ticks = 0; + next = now; } else if (run_timers(now, &next)) { then = now; now = GETTICKCOUNT(); @@ -504,6 +505,8 @@ int do_eventsel_loop(HANDLE other_event) ticks = next - now; } else { ticks = INFINITE; + /* no need to initialise next here because we can never get + * WAIT_TIMEOUT */ } handles = handle_get_events(&nhandles);