Re: RFR JDK-8003245

John Zavgren Wed, 27 Mar 2013 09:33:51 -0700

Florian:

Yes, the uninitialized memory will be accessed in some cases, for example:
@@ -1733,10 +1747,12 @@
     CK_X9_42_DH1_DERIVE_PARAMS ckParam;
     jfieldID fieldID;
     jlong jKdf;
     jobject jOtherInfo, jPublicData;
 
+    memset(&ckParam, 0, sizeof(CK_X9_42_DH1_DERIVE_PARAMS));<--- added 
initialization
+
     /* get kdf */
     jX942Dh1DeriveParamsClass = (*env)->FindClass(env, 
CLASS_X9_42_DH1_DERIVE_PARAMS);
     if (jX942Dh1DeriveParamsClass == NULL) { return ckParam; }
     fieldID = (*env)->GetFieldID(env, jX942Dh1DeriveParamsClass, "kdf", "J");
     if (fieldID == NULL) { return ckParam; }


----- Original Message -----
From: fwei...@redhat.com
To: john.zavg...@oracle.com
Cc: core-libs-dev@openjdk.java.net
Sent: Wednesday, March 27, 2013 11:48:57 AM GMT -05:00 US/Canada Eastern
Subject: Re: RFR JDK-8003245

On 03/20/2013 04:27 PM, John Zavgren wrote:
> Please consider the following changes that eliminate the use of uninitialized 
> memory.

> http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/

Is the uninitialized memory accessed on the error paths?

-- 
Florian Weimer / Red Hat Product Security Team

Re: RFR JDK-8003245

Reply via email to