Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + ho

On 25 April 2014 21:24, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:
> Separately, a code example of the following general form was discussed:
>
>         if (condition) variable = value1;
>         if (!condition) variable = value2;
>         use (variable);
>
> It was noted that code of this form can generate a "false positive"
> warning, from some or many code analyzers, to the effect that "variable"
> may be used while in an "uninitialized" state.  I agree entirely that,
> given code of the above form, the variable will never in fact be used
> while in an uninitialized state, and that thus, any such warning is
> rather unambiguously "false".  I don't believe that I suggested
> otherwise.  I did however note that the warning in such cases may be
> trivially quieted by the addition of an (unconditional) initialization
> of "variable" somewhere prior to the code in question.

But that would then hide the error condition of it being not set to a
new value after initialisation.

One better answer would be to have a way to annotate that after the
two conditionals you assert that |variable| is initialised. Then a
future, smarter static analyzer can attempt to prove you wrong.

>  I did that in
> response to an assertion that eliminating such a warning might be in
> some sense "too hard", even though the party or parties to which such
> an assertion might apply was not specified.
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"