On Fri, Jul 04, 2014 at 08:38:23AM +0200, Kurt Roeckx wrote: > On Fri, Jul 04, 2014 at 08:21:15AM +0200, Otto Moerbeek wrote: > > On Thu, Jul 03, 2014 at 11:35:15PM +0200, Kurt Roeckx wrote: > > > > > On Thu, Jul 03, 2014 at 09:28:47PM +0100, Ben Laurie wrote: > > > > On 3 July 2014 20:06, Kurt Roeckx via RT <r...@openssl.org> wrote: > > > > > On Thu, Jul 03, 2014 at 07:51:28PM +0200, Toralf F?rster via RT wrote: > > > > >> I think cppcheck is right here in void DES_ofb64_encrypt(), line 84, > > > > >> 85 > > > > >> and 96, or ?: > > > > >> > > > > > The line before that: > > > > > > > > > > dp=d; > > > > >> l2c(v0,dp);<--- Uninitialized variable: d > > > > >> l2c(v1,dp);<--- Uninitialized variable: d > > > > >> while (l--) > > > > >> { > > > > >> if (n == 0) > > > > >> { > > > > >> DES_encrypt1(ti,schedule,DES_ENCRYPT); > > > > >> dp=d; > > > > >> t=ti[0]; l2c(t,dp); > > > > >> t=ti[1]; l2c(t,dp); > > > > >> save++; > > > > >> } > > > > >> *(out++)= *(in++)^d[n];<--- Uninitialized variable: d > > > > >> n=(n+1)&0x07; > > > > >> } > > > > > > > > > > d is uninitialized, but it's being written to, not read from, > > > > > so I don't see a problem with this. > > > > > > > > What? > > > > > > So l2c is: > > > #define l2c(l,c) (*((c)++)=(unsigned char)(((l))&0xff), \ > > > *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ > > > *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ > > > *((c)++)=(unsigned char)(((l)>>24L)&0xff)) > > > > > > It reads v0 and v1 and writes to d (dp). d being uninitialized > > > shouldn't be an issue. Or am I missing something? > > > > Yes, c (which is d) is both incremented and dereferenced. > > So we have: > DES_cblock d; > which as far as I know really is: > unsigned char d[8]; > > and: > register unsigned char *dp=d; > *((dp)++) = foo; > > d is a valid pointer, but the content it points to is > uninitialized. We end up writing to d[0], d[1], ..., d[7]. I > don't see us reading it, nor do I see a problem with it. > > > Kurt
OK, but then d *is* initialized. It would cause less confusion if you'd make a difference between d and *d in your comments. -Otto ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org