Closed
Bug 560266
Opened 14 years ago
Closed 11 years ago
cert_ProcessOCSPResponse can return uninitialized data in its outparam [ocsp.c:5192: warning: ‘rv_cache’ may be used uninitialized in this function]
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 469577
People
(Reporter: dholbert, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [build_warning])
Filing this bug on this opt-only build warning: > ocsp.c:5192: warning: ‘rv_cache’ may be used uninitialized in this function The warning appears to be for a real issue (i.e. we actually can use uninitialized values), though since I don't know the contextual code very well, I'm not sure how much trouble it can cause. Here's the context: > 5183 cert_ProcessOCSPResponse(CERTCertDBHandle *handle, [...] > 5189 SECStatus *cacheUpdateStatus) > 5190 { > 5191 SECStatus rv; > 5192 SECStatus rv_cache; [...] > 5213 if (OCSP_Global.maxCacheEntries >= 0) { > 5214 /* single == NULL means: remember response failure */ > 5215 rv_cache = > 5216 ocsp_CreateOrUpdateCacheEntry(&OCSP_Global.cache, certID, > 5217 single, certIDWasConsumed); > 5218 } > 5219 PR_ExitMonitor(OCSP_Global.monitor); > 5220 if (cacheUpdateStatus) { > 5221 *cacheUpdateStatus = rv_cache; http://hg.mozilla.org/mozilla-central/file/1908834320d8/security/nss/lib/certhigh/ocsp.c#l5182 So, the problem is that the *cacheUpdateStatus outparam gets set to an uninitialized value, if OCSP_Global.maxCacheEntries is negative. (which I'm assuming it could be, given that we think it's worth checking for)
|
Reporter | |
Updated•14 years ago
|
Component: Build → Libraries
OS: Linux → All
QA Contact: build → libraries
Hardware: x86 → All
Version: unspecified → 3.12.6
|
||
Updated•13 years ago
|
Whiteboard: [build_warning]
|
|
||
Updated•13 years ago
|
Blocks: buildwarning
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•