Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8361871

[GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c

XMLWordPrintable

        Seems the used j*ToCKByteArray helper functions have a potential code path where ckpObject is not written/initialized .
        (we see this when using the gcc flag -fanalyzer)

        /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
         1239 | return ckpObject;
              | ^~~~~~~~~

        /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
         1246 | return ckpObject;
         
         
        /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
         1290 | return ckpObject;
              | ^~~~~~~~~

        /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
         1297 | return ckpObject;

              mbaesken Matthias Baesken
              mbaesken Matthias Baesken
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: