gcc4 complains about an uninitialized used variable in security/nss/lib/pki/certificate.c I think the attached patch should be safe.
Assignee: wtchang → mozilla
Status: NEW → ASSIGNED
Attachment #188655 - Flags: review?(wtchang)
certificate.c:484: warning: `collection' might be used uninitialized in this function gcc4 says: "is used uninitialized" which is a more relevant warning.
Comment on attachment 188655 [details] [diff] [review] initialize with NULL pointer r=wtc. The gcc4 warning is correct. Here is the relevant code. "td", "c", and "cc" are function parameters. nssPKIObjectCollection *collection; if (!td) td = NSSCertificate_GetTrustDomain(c); if (!td || !c || !cc) goto loser; ... collection = nssCertificateCollection_Create(td, NULL); ... loser: if (collection) nssPKIObjectCollection_Destroy(collection); ... So if "td", "c", or "cc" is NULL, we go to "loser" and test an uninitialized "collection". In NSS, this function is only called in two places. At both places we pass the following as function arguments: c: STAN_GetNSSCertificate(cert) td: STAN_GetDefaultTrustDomain() cc: STAN_GetDefaultCryptoContext() So "td" and "cc" can't be NULL (when NSS is initialized). "c" is unlikely to be NULL. So I see no need to back port this fix to previous release branches. I checked in this patch on the NSS trunk for NSS 3.11. Checking in certificate.c; /cvsroot/mozilla/security/nss/lib/pki/certificate.c,v <-- certificate.c new revision: 1.56; previous revision: 1.55 done
Attachment #188655 - Flags: review?(wtchang) → review+
Severity: normal → minor
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Component: Build → Libraries
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → 3.11
You need to log in before you can comment on or make changes to this bug.