From 4f772025229af4f8048695ebfcd066c219f24b1c Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 6 Jul 2018 11:46:44 -0700
Subject: [PATCH 1/2] libsmbclient: Initialize written value before use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 2e4878a69a62fb59d843ee53a1a9469b987e3a59)
---
 source3/libsmb/libsmb_file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source3/libsmb/libsmb_file.c b/source3/libsmb/libsmb_file.c
index 6b436768ecb..ebd0bfe422a 100644
--- a/source3/libsmb/libsmb_file.c
+++ b/source3/libsmb/libsmb_file.c
@@ -298,7 +298,7 @@ SMBC_splice_ctx(SMBCCTX *context,
                 int (*splice_cb)(off_t n, void *priv),
                 void *priv)
 {
-	off_t written;
+	off_t written = 0;
 	TALLOC_CTX *frame = talloc_stackframe();
 	NTSTATUS status;
 
-- 
2.18.0.203.gfac676dfb9-goog


From b41ab7ade3c61ecd966cc2e2f166958721f44c19 Mon Sep 17 00:00:00 2001
From: Bailey Berro <baileyberro@chromium.org>
Date: Tue, 26 Jun 2018 13:13:39 -0700
Subject: [PATCH 2/2] libsmbclient: Initialize written in cli_splice_fallback()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Bailey Berro <baileyberro@chromium.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jul  9 21:29:48 CEST 2018 on sn-devel-144

(cherry picked from commit fe25bc793d30a64f06b19f737c652b0c7389ca92)
---
 source3/libsmb/clireadwrite.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source3/libsmb/clireadwrite.c b/source3/libsmb/clireadwrite.c
index 39874779bc1..00ee09ece89 100644
--- a/source3/libsmb/clireadwrite.c
+++ b/source3/libsmb/clireadwrite.c
@@ -1459,6 +1459,7 @@ static NTSTATUS cli_splice_fallback(TALLOC_CTX *frame,
 	uint8_t *buf = talloc_size(frame, SPLICE_BLOCK_SIZE);
 	size_t nread;
 	off_t remaining = initial_size;
+	*written = 0;
 
 	while (remaining) {
 		status = cli_read(srccli, src_fnum,
@@ -1480,6 +1481,7 @@ static NTSTATUS cli_splice_fallback(TALLOC_CTX *frame,
 		}
 		src_offset += nread;
 		dst_offset += nread;
+		*written += nread;
 		if (remaining < nread) {
 			return NT_STATUS_INTERNAL_ERROR;
 		}
-- 
2.18.0.203.gfac676dfb9-goog