Closed Bug 119376 Opened 23 years ago Closed 23 years ago

Occurances of uninitialized variables being used before being set (secucity/nss).

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: mozilla-bugs, Assigned: wtc)

References

Details

Attachments

(2 files)

Fix the uninitialized variable 'rv' in rsa_PrivateKeyOp
542 bytes, patch
Details | Diff | Splinter Review
Initialize 'stanProfile' to NULL in CERT_SaveSMimeProfile
625 bytes, patch
bugz
: review+
Details | Diff | Splinter Review
For more details on this problem, see bug 59652 This bug is just for the warnings in various source files in the NSS Library. Currently (http://tinderbox.mozilla.org/SeaMonkey/warn1010706660.6236.html) I see the following warnings: security/nss/lib/base/error.c:329 `errcode' might be used uninitialized in this function security/nss/lib/certdb/certdb.c:1947 `fcerts' might be used uninitialized in this function security/nss/lib/ckfw/dbm/find.c:137 `fwFindObjects' might be used uninitialized in this function security/nss/lib/crmf/cmmfresp.c:76 `rv' might be used uninitialized in this function security/nss/lib/crmf/crmfcont.c:263 `mark' might be used uninitialized in this function security/nss/lib/crmf/crmfcont.c:663 `usage' might be used uninitialized in this function security/nss/lib/crmf/crmfcont.c:668 `usageCount' might be used uninitialized in this function security/nss/lib/crmf/crmfreq.c:174 `mark' might be used uninitialized in this function security/nss/lib/fortcrypt/forsock.c:522 `index' might be used uninitialized in this function security/nss/lib/fortcrypt/forsock.c:525 `numPersonalities' might be used uninitialized in this function security/nss/lib/fortcrypt/forsock.c:556 `cryptoType' might be used uninitialized in this function security/nss/lib/fortcrypt/fortpk11.c:241 `nextObject' might be used uninitialized in this function security/nss/lib/fortcrypt/swfort/swfutl.c:212 `keyInfo' might be used uninitialized in this function security/nss/lib/freebl/arcfour.c:351 `nextInWord' might be used uninitialized in this function security/nss/lib/freebl/dh.c:216 `len' might be used uninitialized in this function security/nss/lib/freebl/dh.c:281 `len' might be used uninitialized in this function security/nss/lib/freebl/rijndael.c:445 `c2' might be used uninitialized in this function `c3' might be used uninitialized in this function security/nss/lib/freebl/rijndael.c:484 `c2' might be used uninitialized in this function `c3' might be used uninitialized in this function security/nss/lib/freebl/rsa.c:666 `rv' might be used uninitialized in this function security/nss/lib/jar/jar.c:397 `list' might be used uninitialized in this function security/nss/lib/jar/jarjart.c:115 `status' might be used uninitialized in this function security/nss/lib/jar/jarver.c:1661 `cinfo' might be used uninitialized in this function security/nss/lib/jar/jarver.c:1873 `fing' might be used uninitialized in this function security/nss/lib/pk11wrap/pk11skey.c:4162 `usageCount' might be used uninitialized in this function security/nss/lib/pk11wrap/pk11skey.c:4164 `usage' might be used uninitialized in this function security/nss/lib/pk11wrap/pk11util.c:387 `last' might be used uninitialized in this function security/nss/lib/pkcs12/p12d.c:1159 `pk11cx' might be used uninitialized in this function security/nss/lib/pkcs7/p7encode.c:237 `whichKEA' might be used uninitialized in this function security/nss/lib/smime/cmsdecode.c:317 `rv' might be used uninitialized in this function security/nss/lib/smime/cmsencode.c:369 `rv' might be used uninitialized in this function security/nss/lib/smime/cmsenvdata.c:318 `recipient_list' might be used uninitialized in this function security/nss/lib/smime/cmsmessage.c:57 `mark' might be used uninitialized in this function security/nss/lib/smime/cmspubkey.c:134 `whichKEA' might be used uninitialized in this function security/nss/lib/smime/cmspubkey.c:136 `arena' might be used uninitialized in this function security/nss/lib/smime/cmspubkey.c:67 `mark' might be used uninitialized in this function security/nss/lib/smime/cmsrecinfo.c:209 `versionitem' might be used uninitialized in this function security/nss/lib/smime/cmsrecinfo.c:234 `enckey' might be used uninitialized in this function security/nss/lib/smime/cmsrecinfo.c:256 `encalgtag' might be used uninitialized in this function security/nss/lib/smime/smimeutil.c:653 `tmppoolp' might be used uninitialized in this function security/nss/lib/softoken/keydb.c:863 `keyItem' might be used uninitialized in this function security/nss/lib/softoken/pkcs11c.c:4238 `extractable' might be used uninitialized in this function security/nss/lib/ssl/authcert.c:62 `cert' might be used uninitialized in this function security/nss/lib/ssl/authcert.c:63 `privkey' might be used uninitialized in this function security/nss/lib/ssl/emulate.c:205 `addr' might be used uninitialized in this function security/nss/lib/ssl/emulate.c:464 `addr' might be used uninitialized in this function security/nss/lib/ssl/ssl3con.c:2927 `asymWrapMechanism' might be used uninitialized in this function security/nss/lib/ssl/ssl3con.c:3459 `pwSpec' might be used uninitialized in this function security/nss/lib/ssl/sslcon.c:1460 `sec' might be used uninitialized in this function security/nss/lib/ssl/sslcon.c:1462 `rk' might be used uninitialized in this function security/nss/lib/ssl/sslcon.c:1463 `wk' might be used uninitialized in this function security/nss/lib/ssl/sslcon.c:1616 `kk' might be used uninitialized in this function security/nss/lib/ssl/sslsnce.c:1548 `envValue' might be used uninitialized in this function security/nss/lib/util/secitem.c:49 `mark' might be used uninitialized in this function security/nss/lib/util/utf8.c:111 `c' might be used uninitialized in this function
Blocks: 59652
NSS3.4 landing got rid of most of these warnings (thank you so much!), but a few are still there: security/nss/lib/base/error.c:329 `errcode' might be used uninitialized in this function security/nss/lib/certdb/stanpcertdb.c:667 `stanProfile' might be used uninitialized in this function security/nss/lib/freebl/rsa.c:666 `rv' might be used uninitialized in this function security/nss/lib/util/utf8.c:111 `c' might be used uninitialized in this function
Keywords: mozilla1.0
Summary: Occurances of uninitialized variables being used before being set. → Occurances of uninitialized variables being used before being set (secucity/nss).
Version: 3.0 → 3.4
> security/nss/lib/base/error.c:329 > `errcode' might be used uninitialized in this function There is no 'errcode' in this file. > security/nss/lib/certdb/stanpcertdb.c:667 > `stanProfile' might be used uninitialized in this function I reviewed that function and verified that 'stanProfile' is never used uninitialized. I guess I can initialize it to NULL to shut the compiler up. > security/nss/lib/freebl/rsa.c:666 > `rv' might be used uninitialized in this function This is a real uninitialized variable. A patch will be coming up. > security/nss/lib/util/utf8.c:111 > `c' might be used uninitialized in this function There is no variable 'c' in that function.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.4
Nelson, could you review this patch? Thanks.
There is no problem with our usage of 'stanProfile' in CERT_SaveSMimeProfile. 'stanProfile' is set when cc is not null and only used when cc is not null. So we never use 'stanProfile' uninitialized. Ian, please verify this. The patch is meant to shut up the compiler.
> > security/nss/lib/base/error.c:329 > > `errcode' might be used uninitialized in this function > > There is no 'errcode' in this file. > > security/nss/lib/util/utf8.c:111 > > `c' might be used uninitialized in this function > > There is no variable 'c' in that function. Ah, seems these are a case of TBox (http://tinderbox.mozilla.org/SeaMonkey/warn1013026020.23864.html) messing things up when pulling warnings out of the build log, sorry about that. The first is actually directory/c-sdk/ldap/libraries/libldap/error.c:329 and the second is directory/c-sdk/ldap/libraries/libldap/utf8.c:111 P.S. Anybody know if this TBox issue is already reported?
r=nelsonb for Ian's patch to rsa.c
Comment on attachment 68220 [details] [diff] [review] Initialize 'stanProfile' to NULL in CERT_SaveSMimeProfile looks good
Attachment #68220 - Flags: review+
Both patches have been checked into the tip of NSS. They will appear in the NSS_CLIENT_TAG next time we update that tag.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
P.S. I've filed the TBox problem as bug 124614
Some new warning have appeared in NSS. I've filed bug 145029 for those.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: