[jdk11u-dev] RFR: 8367766: [11u] src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:321:3: error: 'tmp.dp' may be used uninitialized
Zdenek Zambersky
zzambers at openjdk.org
Tue Sep 16 16:33:15 UTC 2025
This error/warning has been seen on newer gcc versions on openjdk 11:
In function 'mp_zero',
inlined from 'mp_zero' at /home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:316:8,
inlined from 'mp_set_int' at /home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:353:3,
inlined from 'mp_cmp_int' at /home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:1735:26:
/home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:321:3: error: 'tmp.dp' may be used uninitialized [-Werror=maybe-uninitialized]
321 | s_mp_setz(DIGITS(mp), ALLOC(mp));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c: In function 'mp_cmp_int':
/home/tester/temurinbuild-1757944128/workspace/build/src/src/jdk.crypto.ec/share/native/libsunec/impl/mpi.c:1730:11: note: 'tmp' declared here
1730 | mp_int tmp;
| ^~~
Problem does not affect newer jdks, because affected code was removed by [JDK-8235710](https://bugs.openjdk.org/browse/JDK-8235710).
Also whether warning/error is generated depends on other conditions like compiler version / arch / build kind etc. Seems like compiler needs to do enough inlining to detect this, as analysis need to cross function boundary.
**Details/Fix:**
Underlining issue seems to be that `mp_init` called on `tmp` (struct) may theoretically fail, unitialized `tmp` would then still be passed to subsequent functions. Unfortunately `mp_cmp_int` is not really designed to be able to handle errors.
So I just zero initialize tmp, which makes error/warning go away. I think making more involved changes to API/implementation is probably not worth the effort, especially when code is for legacy curves, removed in newer jdks. It would also increase risk of regressions.
-------------
Commit messages:
- Fix maybe-uninitialized warning
Changes: https://git.openjdk.org/jdk11u-dev/pull/3095/files
Webrev: https://webrevs.openjdk.org/?repo=jdk11u-dev&pr=3095&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8367766
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk11u-dev/pull/3095.diff
Fetch: git fetch https://git.openjdk.org/jdk11u-dev.git pull/3095/head:pull/3095
PR: https://git.openjdk.org/jdk11u-dev/pull/3095
More information about the jdk-updates-dev
mailing list