RFR: 8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c
Matthias Baesken
mbaesken at openjdk.org
Tue Jul 22 13:38:05 UTC 2025
Seems the used j*ToCKByteArray helper functions have a potential code path where ckpObject is not written/initialized .
(we see this when using the gcc flag -fanalyzer)
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1239 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1246 | return ckpObject;
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1290 | return ckpObject;
| ^~~~~~~~~
/jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: error: use of uninitialized value 'ckpObject' [CWE-457] [-Werror=analyzer-use-of-uninitialized-value]
1297 | return ckpObject;
-------------
Commit messages:
- JDK-8361871
Changes: https://git.openjdk.org/jdk/pull/26427/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26427&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8361871
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/26427.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26427/head:pull/26427
PR: https://git.openjdk.org/jdk/pull/26427
More information about the security-dev
mailing list