libmicrohttpd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] PATCH: Avoid unitialized variable compiler warning i

From: Christian Grothoff
Subject: Re: [libmicrohttpd] PATCH: Avoid unitialized variable compiler warning in digestauth.c
Date: Fri, 3 Sep 2021 17:01:59 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 
Thanks for reporting, fixed in Git master as suggested. -Christian

On 9/3/21 10:22 AM, Thorsten Brehm wrote:
> Hi,
> 
> gcc10 complains with two warnings when compiling libmicrohttpd using
> 
>     #define NDEBUG 1
>     #define DAUTH_SUPPORT 1
> 
> so, "release build" with enabled "digest authentication":
> 
> ../digestauth.c: In function 'MHD_digest_auth_check_digest2':
> ../digestauth.c:1287:9: warning: 'da.digest_size' may be used uninitialized 
> in this function [-Wmaybe-uninitialized]
>  1287 |   if (da.digest_size != digest_size)
>       |       ~~^~~~~~~~~~~~
> ../digestauth.c: In function 'MHD_queue_auth_fail_response2':
> ../digestauth.c:1361:55: warning: 'da.digest_size' may be used uninitialized 
> in this function [-Wmaybe-uninitialized]
>  1361 |     char nonce[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (da.digest_size)) 
> + 1];
>       | 
>       
> This is a minor issue, without any practical effect, unless when calling the 
> MHD API with an invalid value for the MHD_DigestAuthAlgorithm enum.
> However, gcc is still right that there is a potential code path with 
> undefined behaviour: the default-case in the switch statement in SETUP_DA 
> does not set "da.digest_size".
> Two functions later still always read this value. And the "mhd_assert" has no 
> effect, since it's disabled when NDEBUG is set.
> 
> Trivial patch attached to silence the compiler warnings by also initializing 
> "da.digest_size" in the default case of the switch statement:
> 
> diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
> index 04c9f22a..aaed170e 100644
> --- a/src/microhttpd/digestauth.c
> +++ b/src/microhttpd/digestauth.c
> @@ -1215,6 +1215,7 @@ MHD_digest_auth_check (struct MHD_Connection 
> *connection,
>        da.digest = &MHD_SHA256_finish;                         \
>        break;                                              \
>      default:                                              \
> +      da.digest_size = 0;                                 \
>        mhd_assert (false);                                 \
>        break;                                              \
>      }                                                     \
> 
> Best Regards,
> Thorsten
>

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]