Closed
Bug 45247
Opened 24 years ago
Closed 24 years ago
warning shows bug (uninitialized variable) in genname.c
Categories
(NSS :: Libraries, defect, P3)
Tracking
(Not tracked)
VERIFIED
FIXED
3.1
People
(Reporter: Brade, Assigned: nelson)
Details
Attachments
(1 file)
2.93 KB,
text/plain
|
Details |
Scanning the list of warning on the Macintosh optimized build on tinderbox, I noticed this problem: Variable 'nick' is not initialized before being used I'm not really sure what line this is coming from (without doing more probing). Please let me know if you need to know more precisely or can't reproduce. My guess is: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/ genname.c&mark=1324#1313
Comment 2•24 years ago
|
||
In lib/certdb/genname.c, function CERT_GetNickName, 'nick' is passed to SEC_ASN1DecodeItem without being initialized. I don't know how to fix this. Nelson, could you take a look at this?
Assignee: wtc → nelsonb
QA Contact: lord → sonmi
Comment 3•24 years ago
|
||
nick should not be declared as a pointer. nick-> references should change to nick. references. the function should take &nick in. This must always certainly cause problems after importing a CA! bob
Assignee | ||
Comment 4•24 years ago
|
||
So, this code is obviously broken and doesn't work properly on any platform. This begs the question: is this code actually used anywhere??
Status: NEW → ASSIGNED
Updated•24 years ago
|
Version: unspecified → 3.0
Assignee | ||
Comment 5•24 years ago
|
||
There were MANY bugs in the function CERT_GetNickName(). The loop that looks for duplicate nicknames in the DB leaked the buffers containing the previous values of "nickname", AND failed to decrement the reference count on the certificates that it found. (I call this "leaking reference counts"). My proposed changes to that function are so extensive that, instead of attaching a "patch", I'm going to attach my new version of this function for y'all to review.
Assignee | ||
Comment 6•24 years ago
|
||
Assignee | ||
Comment 7•24 years ago
|
||
Another bug in this code was that after testing the variable "nicknameArena" for NULL, it then used cert->arena instead of nicknameArena in the PORT_ArenaStrdup() call. The new code checks both variables for NULL before relying on cert->arena. I believe the new code functions the same as the old, except for the leaks and the potential null pointer dereference.
Assignee | ||
Comment 8•24 years ago
|
||
Fixed by rev 1.2 to nss/lib/certdb/genname.c Thanks to Bob Relyea and Terry Hayes for reviewing this.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 9•24 years ago
|
||
verifying that this is fixed on current branch/tag
Status: RESOLVED → VERIFIED
OS: All
You need to log in
before you can comment on or make changes to this bug.
Description
•