On 3 July 2014 22:35, Kurt Roeckx <k...@roeckx.be> wrote: > On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote: >> On 3 July 2014 20:06, Kurt Roeckx via RT <r...@openssl.org> wrote: >> > On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote: >> >> I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85 >> >> and 96, or ?: >> >> >> > The line before that: >> > >> > dp=d; >> >> l2c(v0,dp);<--- Uninitialized variable: d >> >> l2c(v1,dp);<--- Uninitialized variable: d >> >> while (l--) >> >> { >> >> if (n == 0) >> >> { >> >> DES_encrypt1(ti,schedule,DES_ENCRYPT); >> >> dp=d; >> >> t=ti[0]; l2c(t,dp); >> >> t=ti[1]; l2c(t,dp); >> >> save++; >> >> } >> >> *(out++)= *(in++)^d[n];<--- Uninitialized variable: d >> >> n=(n+1)&0x07; >> >> } >> > >> > d is uninitialized, but it's being written to, not read from, >> > so I don't see a problem with this. >> >> What? > > So l2c is: > #define l2c(l,c) (*((c)++)=(unsigned char)(((l))&0xff), \ > *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ > *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ > *((c)++)=(unsigned char)(((l)>>24L)&0xff)) > > It reads v0 and v1 and writes to d (dp). d being uninitialized > shouldn't be an issue. Or am I missing something?
It writes to *d, surely? Which means d uninitialised is very much an issue, no? However, now I've read the code (it'd help if people posted enough snippet to make that unnecessary!) I see d is DES_cblock, i.e. an array, so the diagnosis is basically incorrect. And therefore I agree with you, not a problem. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org