Closed Bug 560266 Opened 10 years ago Closed 7 years ago

cert_ProcessOCSPResponse can return uninitialized data in its outparam [ocsp.c:5192: warning: ‘rv_cache’ may be used uninitialized in this function]

Categories

(NSS :: Libraries, defect)

3.12.6
defect
Not set

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 469577

People

(Reporter: dholbert, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [build_warning])

Filing this bug on this opt-only build warning:
> ocsp.c:5192: warning: ‘rv_cache’ may be used uninitialized in this function

The warning appears to be for a real issue (i.e. we actually can use uninitialized values), though since I don't know the contextual code very well, I'm not sure how much trouble it can cause.

Here's the context:

> 5183 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, 
[...]
> 5189                          SECStatus        *cacheUpdateStatus)
> 5190 {
> 5191     SECStatus rv;
> 5192     SECStatus rv_cache;
[...]
> 5213         if (OCSP_Global.maxCacheEntries >= 0) {
> 5214             /* single == NULL means: remember response failure */
> 5215             rv_cache = 
> 5216                 ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID,
> 5217                                               single, certIDWasConsumed);
> 5218         }
> 5219         PR_ExitMonitor(OCSP_Global.monitor);
> 5220         if (cacheUpdateStatus) {
> 5221             *cacheUpdateStatus = rv_cache;
http://hg.mozilla.org/mozilla-central/file/1908834320d8/security/nss/lib/certhigh/ocsp.c#l5182

So, the problem is that the *cacheUpdateStatus outparam gets set to an uninitialized value, if OCSP_Global.maxCacheEntries is negative. (which I'm assuming it could be, given that we think it's worth checking for)
Component: Build → Libraries
OS: Linux → All
QA Contact: build → libraries
Hardware: x86 → All
Version: unspecified → 3.12.6
Whiteboard: [build_warning]
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 469577
You need to log in before you can comment on or make changes to this bug.