-
Bug
-
Resolution: Fixed
-
P4
-
25, 26
-
b14
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8367732 | 25.0.2 | Matthias Baesken | P4 | Resolved | Fixed | master |
When using gcc static analyzer (-fanalyzer) with gcc 13.2 the following issue is reported :
/jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c: In function 'get_jvmticks':
/jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c:208:24: warning: use of uninitialized value 'systemTicks' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
208 | pticks->usedKernel = systemTicks;
vsscanf usually/normally reads the systemTicks info from /proc file system. see
https://github.com/openjdk/jdk/blob/45726a1f8b8f76586037867a32b82f8ab9b96937/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c#L163
but we never check that the *exact* number of params is read with vsscanf :
n = vsscanf(tmp, fmt, args);
So potentially we could get a non complete info without systemTicks and the call would still succeed.
So better initialize systemTicks , to make sure we have at least a defined value in the unlikely event that vsscanf is not able to get the system ticks info.
/jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c: In function 'get_jvmticks':
/jdk/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c:208:24: warning: use of uninitialized value 'systemTicks' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
208 | pticks->usedKernel = systemTicks;
vsscanf usually/normally reads the systemTicks info from /proc file system. see
https://github.com/openjdk/jdk/blob/45726a1f8b8f76586037867a32b82f8ab9b96937/src/jdk.management/linux/native/libmanagement_ext/UnixOperatingSystem.c#L163
but we never check that the *exact* number of params is read with vsscanf :
n = vsscanf(tmp, fmt, args);
So potentially we could get a non complete info without systemTicks and the call would still succeed.
So better initialize systemTicks , to make sure we have at least a defined value in the unlikely event that vsscanf is not able to get the system ticks info.
- backported by
-
JDK-8367732 [GCC static analyzer] UnixOperatingSystem.c warning: use of uninitialized value 'systemTicks'
-
- Resolved
-
- relates to
-
JDK-8362516 Support of GCC static analyzer (-fanalyzer)
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk25u/d241152f
-
Commit(master)
openjdk/jdk/a6e2a329
-
Review(master)
openjdk/jdk25u/190
-
Review(master)
openjdk/jdk/26962
(1 links to)