On 6/05/2014 1:13 PM, Arthur Mesh via RT wrote: > Coverity run has uncovered the following use of uninitialized local > variable in b64_read(). This applies to both 1.0.1g and master branch:
Arthur - what version of the coverity analysis tools are you running? I don't see this in the current scan.coverity.com reported list of items so either it has been previously looked at or your configuration is different or your version of tools is different or you are running across a more recent source drop than we have put into scan.coverity.com (I suspect the latter is the issue). If you refer to this issue you will see where the code was introduced. https://rt.openssl.org/Ticket/Display.html?id=3289 diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 72a2a67..ac6d441 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -264,7 +264,7 @@ static int b64_read(BIO *b, char *out, int outl) } /* we fell off the end without starting */ - if (j == i) + if ((j == i) && (num == 0)) There needs to be a corresponding num=0 initialisation prior to the immediately preceding for loop. I have re-opened that RT issue and cross-referenced both the new RT issue and the original one which introduced the patch. Thanks, Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
