-
Bug
-
Resolution: Unresolved
-
P4
-
25, 26
-
None
-
generic
-
generic
Seems the used j*ToCKByteArray helper functions have a potential code path where ckpObject is not written/initialized .
(we see this when using the gcc flag -fanalyzer)
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1239 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1246 | return ckpObject;
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1290 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1297 | return ckpObject;
(we see this when using the gcc flag -fanalyzer)
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1239 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1246 | return ckpObject;
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1290 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1297 | return ckpObject;
- relates to
-
JDK-8362516 Support of GCC static analyzer (-fanalyzer)
-
- New
-