<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Greetings:<br>
<br>
I made a change to
src/share/native/sun/security/pkcs11/wrapper/p11_convert.c... I
replaced all the code that looks like this:<br>
<br>
struct fubar bar;<br>
memset(&bar, 0, sizeof(struct fubar));<br>
<br>
with code that looks like this:<br>
<br>
struct fubar bar = {0};<br>
<br>
Also, I looked for similar usage patterns in neighbouring security
code that would cause references to uninitialized data structure
memory, and found none. The basic issue that I discovered was that
certain procedures were returning structures (not pointers to
structures) that were allocated on the stack as uninitialized
memory. (I found the bug by running the native code through doxygen
and then I looked at every data structure instance.)<br>
<br>
The latest webrev image is at:<br>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<a href="http://cr.openjdk.java.net/%7Ejzavgren/8003245/webrev.02/">http://cr.openjdk.java.net/~jzavgren/8003245/webrev.02/</a><br>
<br>
Thanks!<br>
John Zavgren<br>
<br>
<div class="moz-cite-prefix">On 06/18/2013 10:27 PM, John Zavgren
wrote:<br>
</div>
<blockquote cite="mid:51C11701.7090804@oracle.com" type="cite">
<br>
Greetings:
<br>
<br>
<br>
Please consider the following changes that eliminate the use of
uninitialized memory.
<br>
<br>
<br>
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/">http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/</a>
<br>
<br>
<br>
Thanks!
<br>
John
<br>
<br>
<br>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
John Zavgren
<a class="moz-txt-link-abbreviated" href="mailto:john.zavgren@oracle.com">john.zavgren@oracle.com</a>
603-821-0904
US-Burlington-MA</pre>
</body>
</html>