Closed
Bug 166741
Opened 22 years ago
Closed 22 years ago
Variables may be used uninitialized in devutil.c
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.6
People
(Reporter: wtc, Assigned: bugz)
Details
Attachments
(1 file, 3 obsolete files)
|
2.50 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
When compiling NSS under gcc on Linux, we get the following warnings in devutil.c: devutil.c: In function `find_objects_in_array': devutil.c:1059: warning: `oi' might be used uninitialized in this function devutil.c:1061: warning: `match' might be used uninitialized in this function The first warning is benign, but the second warning is an error. (This bug refers to rev. 1.15 of devutil.c.)
|
Reporter | |
Updated•22 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.6
|
Assignee | |
Comment 1•22 years ago
|
||
It wasn't an error, the value of match would never be checked unless the previous loop terminated early, in which case match would have been set. But I agree that is non-obvious :)
|
|
Reporter | |
Comment 2•22 years ago
|
||
Here is the code in question:
for (i=0; i<otlen; i++) {
for (j=0; j<obj->numAttributes; j++) {
if (ot[i].type == obj->attributes[j].type) {
if (ot[i].ulValueLen == obj->attributes[j].ulValueLen &&
nsslibc_memequal(ot[i].pValue,
obj->attributes[j].pValue,
ot[i].ulValueLen, NULL))
{
match = PR_TRUE;
} else {
match = PR_FALSE;
}
break;
}
}
if (j == obj->numAttributes || !match) {
break;
}
}
if (match) {
'match' is used in two places. In the first place, I agree
'match' can't be used uninitialized. In the second place,
I think 'match' may be used uninitialized. For example, if
we break out of the outer for loop because j == obj->numAttributes,
'match' won't be set.
I have another question: do you still want to break out of the
inner for loop if you set 'match' to PR_FALSE?|
|
Assignee | |
Comment 3•22 years ago
|
||
Okay, agreed. Yes, I want to break out of the loop. I am looking for a particular type in the array. If the type is found, I'm done. 'match' indicates whether the type had the same value between the two arrays.
|
|
Assignee | |
Comment 4•22 years ago
|
||
Attachment #97989 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 5•22 years ago
|
||
Comment on attachment 98030 [details] [diff] [review] based on wtc's review r=wtc.
Attachment #98030 -
Flags: review+
|
|
Assignee | |
Comment 6•22 years ago
|
||
checked in.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 7•22 years ago
|
||
The patch caused bug 167532. I am reopening the bug.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
Reporter | |
Comment 8•22 years ago
|
||
This patch fixes bug 167532.
|
|
Assignee | |
Comment 9•22 years ago
|
||
Comment on attachment 98548 [details] [diff] [review] Incremental patch Patch is correct. That code could definitely be made more readable. I overlooked that the goal wasn't to match a single attribute, but a whole set. It is possible for match to be true, and then changed to false within the loop.
Attachment #98548 -
Flags: review+
|
|
Assignee | |
Comment 10•22 years ago
|
||
After further discussion with Wan-Teh, it appeared there wer still bugs in the above two patches. This patch tries to clean the code up, so it is more clear what is going on.
Attachment #98030 -
Attachment is obsolete: true
Attachment #98548 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 11•22 years ago
|
||
Comment on attachment 98610 [details] [diff] [review] yet another patch r=wtc. Could you add a comment describing what the find_objects_in_array function does?
Attachment #98610 -
Flags: review+
|
|
Assignee | |
Comment 12•22 years ago
|
||
patch checked in, marking fixed.
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•