On Tue, 22 Jul 2025 13:33:05 GMT, Matthias Baesken <mbaes...@openjdk.org> wrote:
> Seems the used j*ToCKByteArray helper functions have a potential code path > where ckpObject is not written/initialized . > (we see this when using the gcc flag -fanalyzer) > > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1239:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1239 | return ckpObject; > | ^~~~~~~~~ > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1246:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1246 | return ckpObject; > > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1290:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1290 | return ckpObject; > | ^~~~~~~~~ > > /jdk/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c:1297:16: > error: use of uninitialized value 'ckpObject' [CWE-457] > [-Werror=analyzer-use-of-uninitialized-value] > 1297 | return ckpObject; This pull request has now been integrated. Changeset: 518d5f4b Author: Matthias Baesken <mbaes...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/518d5f4bbb78ae35db793d7fd15b3cd35c881664 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod 8361871: [GCC static analyzer] complains about use of uninitialized value ckpObject in p11_util.c Reviewed-by: lucy ------------- PR: https://git.openjdk.org/jdk/pull/26427
