-
Bug
-
Resolution: Unresolved
-
P4
-
25, 26
-
None
-
generic
-
generic
When using the GCC -fanalyzer flag (see https://developers.redhat.com/articles/2022/04/12/state-static-analysis-gcc-12-compiler# ) , we get some complaints about missing calloc return value checks for NULL (we check at some code locations but in p11_util.c we do not do it).
jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:484:34: error: dereference of possibly-NULL 'pParamsNoIvBits' [CWE-690] [-Werror=analyzer-possible-null-dereference]
484 | pParamsNoIvBits->pIv = pParams->pIv;
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
'updateGCMParams': events 1-6
|
| 478 | if (mechPtr != NULL) {
| | ^
| | |
| | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
| 479 | paramLen = mechPtr->ulParameterLen;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
| | ~
| | |
| | (3) following 'true' branch (when 'paramLen == 48')...
| 481 | // CK_GCM_PARAMS => CK_GCM_PARAMS_NO_IVBITS
| 482 | pParams = (CK_GCM_PARAMS*) mechPtr->pParameter;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| 483 | pParamsNoIvBits = calloc(1, sizeof(CK_GCM_PARAMS_NO_IVBITS));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) this call could return NULL
| 484 | pParamsNoIvBits->pIv = pParams->pIv;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) 'pParamsNoIvBits' could be NULL: unchecked value from (5)
|
jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:498:26: error: dereference of possibly-NULL 'pParams' [CWE-690] [-Werror=analyzer-possible-null-dereference]
498 | pParams->pIv = pParamsNoIvBits->pIv;
| ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
'updateGCMParams': events 1-8
|
| 478 | if (mechPtr != NULL) {
| | ^
| | |
| | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
| 479 | paramLen = mechPtr->ulParameterLen;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
| | ~
| | |
| | (3) following 'false' branch (when 'paramLen != 48')...
|......
| 494 | } else if (paramLen == sizeof(CK_GCM_PARAMS_NO_IVBITS)) {
| | ~
| | |
| | (4) ...to here
| | (5) following 'true' branch (when 'paramLen == 40')...
| 495 | // CK_GCM_PARAMS_NO_IVBITS => CK_GCM_PARAMS
| 496 | pParamsNoIvBits = (CK_GCM_PARAMS_NO_IVBITS*) mechPtr->pParameter;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
| 497 | pParams = calloc(1, sizeof(CK_GCM_PARAMS));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) this call could return NULL
| 498 | pParams->pIv = pParamsNoIvBits->pIv;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) 'pParams' could be NULL: unchecked value from (7)
jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:484:34: error: dereference of possibly-NULL 'pParamsNoIvBits' [CWE-690] [-Werror=analyzer-possible-null-dereference]
484 | pParamsNoIvBits->pIv = pParams->pIv;
| ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
'updateGCMParams': events 1-6
|
| 478 | if (mechPtr != NULL) {
| | ^
| | |
| | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
| 479 | paramLen = mechPtr->ulParameterLen;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
| | ~
| | |
| | (3) following 'true' branch (when 'paramLen == 48')...
| 481 | // CK_GCM_PARAMS => CK_GCM_PARAMS_NO_IVBITS
| 482 | pParams = (CK_GCM_PARAMS*) mechPtr->pParameter;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ...to here
| 483 | pParamsNoIvBits = calloc(1, sizeof(CK_GCM_PARAMS_NO_IVBITS));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) this call could return NULL
| 484 | pParamsNoIvBits->pIv = pParams->pIv;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) 'pParamsNoIvBits' could be NULL: unchecked value from (5)
|
jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:498:26: error: dereference of possibly-NULL 'pParams' [CWE-690] [-Werror=analyzer-possible-null-dereference]
498 | pParams->pIv = pParamsNoIvBits->pIv;
| ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
'updateGCMParams': events 1-8
|
| 478 | if (mechPtr != NULL) {
| | ^
| | |
| | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
| 479 | paramLen = mechPtr->ulParameterLen;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (2) ...to here
| 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
| | ~
| | |
| | (3) following 'false' branch (when 'paramLen != 48')...
|......
| 494 | } else if (paramLen == sizeof(CK_GCM_PARAMS_NO_IVBITS)) {
| | ~
| | |
| | (4) ...to here
| | (5) following 'true' branch (when 'paramLen == 40')...
| 495 | // CK_GCM_PARAMS_NO_IVBITS => CK_GCM_PARAMS
| 496 | pParamsNoIvBits = (CK_GCM_PARAMS_NO_IVBITS*) mechPtr->pParameter;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (6) ...to here
| 497 | pParams = calloc(1, sizeof(CK_GCM_PARAMS));
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (7) this call could return NULL
| 498 | pParams->pIv = pParamsNoIvBits->pIv;
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (8) 'pParams' could be NULL: unchecked value from (7)
- links to
-
Review(master)
openjdk/jdk/26319