It'd be nice, btw, if someone would report the bug to cppcheck.
On 4 July 2014 10:15, Ben Laurie <b...@links.org> wrote:
> On 3 July 2014 22:35, Kurt Roeckx <k...@roeckx.be> wrote:
>> On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote:
>>> On 3 July 2014 20:06, Kurt Roeckx via RT <r...@openssl.org> wrote:
>>> > On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf Förster via RT wrote:
>>> >> I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, 85
>>> >> and 96, or ?:
>>> >>
>>> > The line before that:
>>> >
>>> > dp=d;
>>> >> l2c(v0,dp);<--- Uninitialized variable: d
>>> >> l2c(v1,dp);<--- Uninitialized variable: d
>>> >> while (l--)
>>> >> {
>>> >> if (n == 0)
>>> >> {
>>> >> DES_encrypt1(ti,schedule,DES_ENCRYPT);
>>> >> dp=d;
>>> >> t=ti[0]; l2c(t,dp);
>>> >> t=ti[1]; l2c(t,dp);
>>> >> save++;
>>> >> }
>>> >> *(out++)= *(in++)^d[n];<--- Uninitialized variable: d
>>> >> n=(n+1)&0x07;
>>> >> }
>>> >
>>> > d is uninitialized, but it's being written to, not read from,
>>> > so I don't see a problem with this.
>>>
>>> What?
>>
>> So l2c is:
>> #define l2c(l,c) (*((c)++)=(unsigned char)(((l))&0xff), \
>> *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
>> *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
>> *((c)++)=(unsigned char)(((l)>>24L)&0xff))
>>
>> It reads v0 and v1 and writes to d (dp). d being uninitialized
>> shouldn't be an issue. Or am I missing something?
>
> It writes to *d, surely? Which means d uninitialised is very much an issue,
> no?
>
> However, now I've read the code (it'd help if people posted enough
> snippet to make that unnecessary!) I see d is DES_cblock, i.e. an
> array, so the diagnosis is basically incorrect. And therefore I agree
> with you, not a problem.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
