300068 - gcc4 warning about uninitialized variable

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Wolfgang Rosenauer [:wolfiR]]

gcc4 complains about an uninitialized used variable in
security/nss/lib/pki/certificate.c

I think the attached patch should be safe.

Comment 1

[Wolfgang Rosenauer [:wolfiR]]

Attachment: initialize with NULL pointer

Comment 2

[Wolfgang Rosenauer [:wolfiR]]

certificate.c:484: warning: `collection' might be used uninitialized in this
function

gcc4 says: "is used uninitialized" which is a more relevant warning.

Comment 3

[Wan-Teh Chang]

Comment on attachment 188655 [details] [diff] [review]
initialize with NULL pointer

r=wtc.	The gcc4 warning is correct.  Here is the relevant code.

"td", "c", and "cc" are function parameters.

    nssPKIObjectCollection *collection;

    if (!td)
	td = NSSCertificate_GetTrustDomain(c);
    if (!td || !c || !cc)
	goto loser;
...
    collection = nssCertificateCollection_Create(td, NULL);
...
loser:
    if (collection)
	nssPKIObjectCollection_Destroy(collection);
...

So if "td", "c", or "cc" is NULL, we go to "loser" and test
an uninitialized "collection".

In NSS, this function is only called in two places.  At
both places we pass the following as function arguments:

c: STAN_GetNSSCertificate(cert)
td: STAN_GetDefaultTrustDomain()
cc: STAN_GetDefaultCryptoContext()

So "td" and "cc" can't be NULL (when NSS is initialized).
"c" is unlikely to be NULL.  So I see no need to back port
this fix to previous release branches.	I checked in this
patch on the NSS trunk for NSS 3.11.

Checking in certificate.c;
/cvsroot/mozilla/security/nss/lib/pki/certificate.c,v  <--  certificate.c
new revision: 1.56; previous revision: 1.55
done