On Tue, 22 Jul 2025 13:33:05 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> Seems the used j*ToCKByteArray helper functions have a potential code path > where ckpObject is not written/initialized . > (we see this when using the gcc flag -fanalyzer) > > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1239 | return ckpObject; > | ^~~~~~~~~ > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1246 | return ckpObject; > > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1290 | return ckpObject; > | ^~~~~~~~~ > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1297 | return ckpObject; Looks good and trivial. ------------- Marked as reviewed by lucy (Reviewer). PR Review: https://git.openjdk.org/jdk/pull/26427#pullrequestreview-3052390912
