jarver.c: uninitialized variables might be being used before being set

RESOLVED FIXED in 3.4

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: Aleksey Nogin, Assigned: Ian McGreer)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
jarver.c: In function `jar_validate_pkcs7':
jarver.c:1661: warning: `cinfo' might be used uninitialized in this function

Here, if SEC_PKCS7DecoderStart returns NULL, uninitialized cinfo will be
compared with NULL and if it happens to be non-NULL, that random pointer will be
accessed.

jarver.c: In function `jar_get_certificate':
jarver.c:1873: warning: `fing' might be used uninitialized in this function

Here, the code seems to be OK, but it still would be nice to get rid of compiler
warning.
(Reporter)

Updated

16 years ago
Blocks: 59652

Comment 1

16 years ago
Assigned the bug to Ian.  Both of the compiler warnings, including
the second one, should be fixed.  Here is my proposed fix for the
first compiler warning.

Index: jarver.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/jar/jarver.c,v
retrieving revision 1.3
diff -u -r1.3 jarver.c
--- jarver.c    2001/01/04 19:14:45     1.3
+++ jarver.c    2001/08/20 14:34:58
@@ -1684,11 +1684,14 @@
            (jar_catch_bytes, NULL /*cb_arg*/, NULL /*getpassword*/, jar->mw,
             NULL, NULL, NULL);

-  if (dcx != NULL)
+  if (dcx == NULL)
     {
-    SEC_PKCS7DecoderUpdate (dcx, data, length);
-    cinfo = SEC_PKCS7DecoderFinish (dcx);
+    /* strange pkcs7 failure */
+    return JAR_ERR_PK7;
     }
+
+  SEC_PKCS7DecoderUpdate (dcx, data, length);
+  cinfo = SEC_PKCS7DecoderFinish (dcx);

   if (cinfo == NULL)
     {
Assignee: wtc → mcgreer

Updated

16 years ago
Priority: -- → P1
Target Milestone: --- → 3.4
(Assignee)

Comment 2

16 years ago
checked in patch for warning #1.  Appears relyea made an earlier checkin that
fixed warning #2.  Therefore, marking bug fixed.

/cvsroot/mozilla/security/nss/lib/jar/jarver.c,v  <--  jarver.c
new revision: 1.5; previous revision: 1.4
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.