Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8361868

[GCC static analyzer] complains about missing calloc - NULL checks in p11_util.c

XMLWordPrintable

        When using the GCC -fanalyzer flag (see https://developers.redhat.com/articles/2022/04/12/state-static-analysis-gcc-12-compiler# ) , we get some complaints about missing calloc return value checks for NULL (we check at some code locations but in p11_util.c we do not do it).


        jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:484:34: error: dereference of possibly-NULL 'pParamsNoIvBits' [CWE-690] [-Werror=analyzer-possible-null-dereference]
          484 | pParamsNoIvBits->pIv = pParams->pIv;
              | ~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~
          'updateGCMParams': events 1-6
            |
            | 478 | if (mechPtr != NULL) {
            | | ^
            | | |
            | | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
            | 479 | paramLen = mechPtr->ulParameterLen;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (2) ...to here
            | 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
            | | ~
            | | |
            | | (3) following 'true' branch (when 'paramLen == 48')...
            | 481 | // CK_GCM_PARAMS => CK_GCM_PARAMS_NO_IVBITS
            | 482 | pParams = (CK_GCM_PARAMS*) mechPtr->pParameter;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (4) ...to here
            | 483 | pParamsNoIvBits = calloc(1, sizeof(CK_GCM_PARAMS_NO_IVBITS));
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (5) this call could return NULL
            | 484 | pParamsNoIvBits->pIv = pParams->pIv;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (6) 'pParamsNoIvBits' could be NULL: unchecked value from (5)
            |

        jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:498:26: error: dereference of possibly-NULL 'pParams' [CWE-690] [-Werror=analyzer-possible-null-dereference]
          498 | pParams->pIv = pParamsNoIvBits->pIv;
              | ~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~
          'updateGCMParams': events 1-8
            |
            | 478 | if (mechPtr != NULL) {
            | | ^
            | | |
            | | (1) following 'true' branch (when 'mechPtr' is non-NULL)...
            | 479 | paramLen = mechPtr->ulParameterLen;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (2) ...to here
            | 480 | if (paramLen == sizeof(CK_GCM_PARAMS)) {
            | | ~
            | | |
            | | (3) following 'false' branch (when 'paramLen != 48')...
            |......
            | 494 | } else if (paramLen == sizeof(CK_GCM_PARAMS_NO_IVBITS)) {
            | | ~
            | | |
            | | (4) ...to here
            | | (5) following 'true' branch (when 'paramLen == 40')...
            | 495 | // CK_GCM_PARAMS_NO_IVBITS => CK_GCM_PARAMS
            | 496 | pParamsNoIvBits = (CK_GCM_PARAMS_NO_IVBITS*) mechPtr->pParameter;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (6) ...to here
            | 497 | pParams = calloc(1, sizeof(CK_GCM_PARAMS));
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (7) this call could return NULL
            | 498 | pParams->pIv = pParamsNoIvBits->pIv;
            | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            | | |
            | | (8) 'pParams' could be NULL: unchecked value from (7)

              mbaesken Matthias Baesken
              mbaesken Matthias Baesken
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: