[BUG] atm: firestream: possible uninitialized-variable access in fs_open()

[BUG] atm: firestream: possible uninitialized-variable access in fs_open()

[Li Tuo]

Hello,

Our static analysis tool finds a possible uninitialized-variable access 
in the firestream driver in Linux 5.14.0-rc3:

In the function fs_open(), a memory block is allocated through 
kmalloc(), and its return value is assigned to the pointer vcc.
883:    vcc = kmalloc(sizeof(struct fs_vcc), GFP_KERNEL);

If the following condition is false, vcc->channo will remain uninitialized.
898:    if (!test_bit(ATM_VF_PARTIAL, &atm_vcc->flags))

However, it is accessed in some statements such as:
1036:    submit_command (... , QE_CMD_CONFIG_TX | QE_CMD_IMM_INQ | 
vcc->channo, ...);
1040:    submit_command (... , QE_CMD_TX_EN | QE_CMD_IMM_INQ | 
vcc->channo, ...);
1043:    set_bit (vcc->channo, dev->tx_inuse);
1047:    dev->atm_vccs[vcc->channo] = atm_vcc;
1057:    dev->atm_vccs[vcc->channo] = NULL;
1065:    submit_command (... , QE_CMD_CONFIG_RX | QE_CMD_IMM_INQ | 
vcc->channo, ...);
1072:    submit_command (... , QE_CMD_CONFIG_RX | QE_CMD_IMM_INQ | 
vcc->channo, ...);
1085:    submit_command (... , QE_CMD_RX_EN | QE_CMD_IMM_INQ | 
vcc->channo, ...);

I am not quite sure whether this possible uninitialized-variable access 
is real and how to fix it if it is real.
Any feedback would be appreciated, thanks!

Reported-by: TOTE Robot <oslab@tsinghua.edu.cn>

Best wishes,
Tuo Li