Closed Bug 95983 Opened 18 years ago Closed 18 years ago

jarver.c: uninitialized variables might be being used before being set

Categories

(NSS :: Libraries, defect, P1)

x86
Linux
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: mozilla-bugs, Assigned: bugz)

References

Details

jarver.c: In function `jar_validate_pkcs7':
jarver.c:1661: warning: `cinfo' might be used uninitialized in this function

Here, if SEC_PKCS7DecoderStart returns NULL, uninitialized cinfo will be
compared with NULL and if it happens to be non-NULL, that random pointer will be
accessed.

jarver.c: In function `jar_get_certificate':
jarver.c:1873: warning: `fing' might be used uninitialized in this function

Here, the code seems to be OK, but it still would be nice to get rid of compiler
warning.
Blocks: 59652
Assigned the bug to Ian.  Both of the compiler warnings, including
the second one, should be fixed.  Here is my proposed fix for the
first compiler warning.

Index: jarver.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/jar/jarver.c,v
retrieving revision 1.3
diff -u -r1.3 jarver.c
--- jarver.c    2001/01/04 19:14:45     1.3
+++ jarver.c    2001/08/20 14:34:58
@@ -1684,11 +1684,14 @@
            (jar_catch_bytes, NULL /*cb_arg*/, NULL /*getpassword*/, jar->mw,
             NULL, NULL, NULL);

-  if (dcx != NULL)
+  if (dcx == NULL)
     {
-    SEC_PKCS7DecoderUpdate (dcx, data, length);
-    cinfo = SEC_PKCS7DecoderFinish (dcx);
+    /* strange pkcs7 failure */
+    return JAR_ERR_PK7;
     }
+
+  SEC_PKCS7DecoderUpdate (dcx, data, length);
+  cinfo = SEC_PKCS7DecoderFinish (dcx);

   if (cinfo == NULL)
     {
Assignee: wtc → mcgreer
Priority: -- → P1
Target Milestone: --- → 3.4
checked in patch for warning #1.  Appears relyea made an earlier checkin that
fixed warning #2.  Therefore, marking bug fixed.

/cvsroot/mozilla/security/nss/lib/jar/jarver.c,v  <--  jarver.c
new revision: 1.5; previous revision: 1.4
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.