-
Bug
-
Resolution: Fixed
-
P4
-
25, 26
-
b09
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8366243 | 25.0.2 | Matthias Baesken | P4 | Resolved | Fixed | master |
Seems the used j*ToCKByteArray helper functions have a potential code path where ckpObject is not written/initialized .
(we see this when using the gcc flag -fanalyzer)
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1239 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1246 | return ckpObject;
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1290 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1297 | return ckpObject;
(we see this when using the gcc flag -fanalyzer)
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1239 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1246 | return ckpObject;
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1290 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1297 | return ckpObject;
- backported by
-
JDK-8366243 [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c
-
- Resolved
-
- relates to
-
JDK-8362516 Support of GCC static analyzer (-fanalyzer)
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk25u/f672a4c4
-
Commit(master)
openjdk/jdk/518d5f4b
-
Review(master)
openjdk/jdk21u-dev/2264
-
Review(master)
openjdk/jdk25u/129
-
Review(master)
openjdk/jdk/26427
(2 links to)