Closed Bug 119376 Opened 23 years ago Closed 23 years ago

Occurances of uninitialized variables being used before being set (secucity/nss).

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mozilla-bugs, Assigned: wtc)

References

Details

Attachments

(2 files)

Fix the uninitialized variable 'rv' in rsa_PrivateKeyOp
542 bytes, patch
Details | Diff | Splinter Review
Initialize 'stanProfile' to NULL in CERT_SaveSMimeProfile
625 bytes, patch
bugz
: review+
Details | Diff | Splinter Review 
For more details on this problem, see bug 59652

This bug is just for the warnings in various source files in the NSS Library.

Currently (http://tinderbox.mozilla.org/SeaMonkey/warn1010706660.6236.html) I
see the following warnings:

security/nss/lib/base/error.c:329
 `errcode' might be used uninitialized in this function

security/nss/lib/certdb/certdb.c:1947
 `fcerts' might be used uninitialized in this function

security/nss/lib/ckfw/dbm/find.c:137
 `fwFindObjects' might be used uninitialized in this function

security/nss/lib/crmf/cmmfresp.c:76
 `rv' might be used uninitialized in this function

security/nss/lib/crmf/crmfcont.c:263
 `mark' might be used uninitialized in this function

security/nss/lib/crmf/crmfcont.c:663
 `usage' might be used uninitialized in this function

security/nss/lib/crmf/crmfcont.c:668
 `usageCount' might be used uninitialized in this function

security/nss/lib/crmf/crmfreq.c:174
 `mark' might be used uninitialized in this function

security/nss/lib/fortcrypt/forsock.c:522
 `index' might be used uninitialized in this function

security/nss/lib/fortcrypt/forsock.c:525
 `numPersonalities' might be used uninitialized in this function

security/nss/lib/fortcrypt/forsock.c:556
 `cryptoType' might be used uninitialized in this function

security/nss/lib/fortcrypt/fortpk11.c:241
 `nextObject' might be used uninitialized in this function

security/nss/lib/fortcrypt/swfort/swfutl.c:212
 `keyInfo' might be used uninitialized in this function

security/nss/lib/freebl/arcfour.c:351
 `nextInWord' might be used uninitialized in this function

security/nss/lib/freebl/dh.c:216
 `len' might be used uninitialized in this function

security/nss/lib/freebl/dh.c:281
 `len' might be used uninitialized in this function

security/nss/lib/freebl/rijndael.c:445
 `c2' might be used uninitialized in this function
 `c3' might be used uninitialized in this function

security/nss/lib/freebl/rijndael.c:484
 `c2' might be used uninitialized in this function
 `c3' might be used uninitialized in this function

security/nss/lib/freebl/rsa.c:666
 `rv' might be used uninitialized in this function

security/nss/lib/jar/jar.c:397
 `list' might be used uninitialized in this function

security/nss/lib/jar/jarjart.c:115
 `status' might be used uninitialized in this function

security/nss/lib/jar/jarver.c:1661
 `cinfo' might be used uninitialized in this function

security/nss/lib/jar/jarver.c:1873
 `fing' might be used uninitialized in this function

security/nss/lib/pk11wrap/pk11skey.c:4162
 `usageCount' might be used uninitialized in this function

security/nss/lib/pk11wrap/pk11skey.c:4164
 `usage' might be used uninitialized in this function

security/nss/lib/pk11wrap/pk11util.c:387
 `last' might be used uninitialized in this function

security/nss/lib/pkcs12/p12d.c:1159
 `pk11cx' might be used uninitialized in this function

security/nss/lib/pkcs7/p7encode.c:237
 `whichKEA' might be used uninitialized in this function

security/nss/lib/smime/cmsdecode.c:317
 `rv' might be used uninitialized in this function

security/nss/lib/smime/cmsencode.c:369
 `rv' might be used uninitialized in this function

security/nss/lib/smime/cmsenvdata.c:318
 `recipient_list' might be used uninitialized in this function

security/nss/lib/smime/cmsmessage.c:57
 `mark' might be used uninitialized in this function

security/nss/lib/smime/cmspubkey.c:134
 `whichKEA' might be used uninitialized in this function

security/nss/lib/smime/cmspubkey.c:136
 `arena' might be used uninitialized in this function

security/nss/lib/smime/cmspubkey.c:67
 `mark' might be used uninitialized in this function

security/nss/lib/smime/cmsrecinfo.c:209
 `versionitem' might be used uninitialized in this function

security/nss/lib/smime/cmsrecinfo.c:234
 `enckey' might be used uninitialized in this function

security/nss/lib/smime/cmsrecinfo.c:256
 `encalgtag' might be used uninitialized in this function

security/nss/lib/smime/smimeutil.c:653
 `tmppoolp' might be used uninitialized in this function

security/nss/lib/softoken/keydb.c:863
 `keyItem' might be used uninitialized in this function

security/nss/lib/softoken/pkcs11c.c:4238
 `extractable' might be used uninitialized in this function

security/nss/lib/ssl/authcert.c:62
 `cert' might be used uninitialized in this function

security/nss/lib/ssl/authcert.c:63
 `privkey' might be used uninitialized in this function

security/nss/lib/ssl/emulate.c:205
 `addr' might be used uninitialized in this function

security/nss/lib/ssl/emulate.c:464
 `addr' might be used uninitialized in this function

security/nss/lib/ssl/ssl3con.c:2927
 `asymWrapMechanism' might be used uninitialized in this function

security/nss/lib/ssl/ssl3con.c:3459
 `pwSpec' might be used uninitialized in this function

security/nss/lib/ssl/sslcon.c:1460
 `sec' might be used uninitialized in this function

security/nss/lib/ssl/sslcon.c:1462
 `rk' might be used uninitialized in this function

security/nss/lib/ssl/sslcon.c:1463
 `wk' might be used uninitialized in this function

security/nss/lib/ssl/sslcon.c:1616
 `kk' might be used uninitialized in this function

security/nss/lib/ssl/sslsnce.c:1548
 `envValue' might be used uninitialized in this function

security/nss/lib/util/secitem.c:49
 `mark' might be used uninitialized in this function

security/nss/lib/util/utf8.c:111
 `c' might be used uninitialized in this function
Blocks: 59652
NSS3.4 landing got rid of most of these warnings (thank you so much!), but a few
are still there:

security/nss/lib/base/error.c:329
 `errcode' might be used uninitialized in this function

security/nss/lib/certdb/stanpcertdb.c:667
 `stanProfile' might be used uninitialized in this function

security/nss/lib/freebl/rsa.c:666
 `rv' might be used uninitialized in this function

security/nss/lib/util/utf8.c:111
 `c' might be used uninitialized in this function
Keywords: mozilla1.0
Summary: Occurances of uninitialized variables being used before being set. → Occurances of uninitialized variables being used before being set (secucity/nss).
Version: 3.0 → 3.4
> security/nss/lib/base/error.c:329
>  `errcode' might be used uninitialized in this function

There is no 'errcode' in this file.

> security/nss/lib/certdb/stanpcertdb.c:667
>  `stanProfile' might be used uninitialized in this function

I reviewed that function and verified that 'stanProfile' is
never used uninitialized.  I guess I can initialize it to
NULL to shut the compiler up.

> security/nss/lib/freebl/rsa.c:666
>  `rv' might be used uninitialized in this function

This is a real uninitialized variable.  A patch will be
coming up.

> security/nss/lib/util/utf8.c:111
>  `c' might be used uninitialized in this function

There is no variable 'c' in that function.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.4
Nelson, could you review this patch?  Thanks.
There is no problem with our usage of 'stanProfile' in CERT_SaveSMimeProfile.
'stanProfile' is set when cc is not null and only used when cc is not null.
So we never use 'stanProfile' uninitialized.  Ian, please verify this.

The patch is meant to shut up the compiler.
> > security/nss/lib/base/error.c:329
> > `errcode' might be used uninitialized in this function
>
> There is no 'errcode' in this file.
> > security/nss/lib/util/utf8.c:111
> > `c' might be used uninitialized in this function
> 
> There is no variable 'c' in that function.

Ah, seems these are a case of TBox
(http://tinderbox.mozilla.org/SeaMonkey/warn1013026020.23864.html) messing
things up when pulling warnings out of the build log, sorry about that.

The first is actually directory/c-sdk/ldap/libraries/libldap/error.c:329 and the
second is directory/c-sdk/ldap/libraries/libldap/utf8.c:111

P.S. Anybody know if this TBox issue is already reported?



r=nelsonb for Ian's patch to rsa.c
Comment on attachment 68220 [details] [diff] [review]
Initialize 'stanProfile' to NULL in CERT_SaveSMimeProfile

looks good
Attachment #68220 - Flags: review+
Both patches have been checked into the tip of NSS.
They will appear in the NSS_CLIENT_TAG next time we
update that tag.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
P.S. I've filed the TBox problem as bug 124614
Some new warning have appeared in NSS. I've filed bug 145029 for those.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: