Page MenuHome GnuPG
Create Task
Maniphest T5204

sign.c:864:11: warning: variable 'err' is used uninitialized whenever 'if' condition is false
Closed, ResolvedPublic
Actions

Description

Source code is

gpg_error_t err;

...

if (sig->version >= 4)
  {
    build_sig_subpkt_from_sig (sig, pk);
    mk_notation_policy_etc (sig, NULL, pk);
    if (opt.flags.include_key_block && IS_SIG (sig))
      err = mk_sig_subpkt_key_block (ctrl, sig, pk);
    else
      err = 0;
  }

...

if (!err)
  err = do_sign (ctrl, pk, sig, md, hash_for (pk), cache_nonce, 0);

So if version < 3, it is reading rubbish off the stack.

Side issue: "nonce" is British English for a paedophile. Perhaps you
don't want such terms in the source code.

Revisions and Commits

rG GnuPG
rG83e875a2d1e7 gpg: Initialize a variable even in a never used code path.

Event Timeline

dcb created this task.Dec 23 2020, 12:32 PM
werner added a project: gnupg (gpg22).Dec 23 2020, 4:03 PM
werner added a subscriber: werner.

Good catch. This is due to back porting a change from master. However the extra introduced conditional of

if (sig->version >=4)

will always evaluate to true. It is set a bit above and GnuPG does not handle public key packets with version 3 anymore. So this if can actually be removed. Thus no harm.

"none" is a standard term in cryptography for a number used only once. You will find that term in all crypto software.
Wordnet does carry that meaning and the WP talk page says that the prison slang is spelled "naunce".

werner added a commit: rG83e875a2d1e7: gpg: Initialize a variable even in a never used code path..Dec 23 2020, 4:06 PM
werner closed this task as Resolved.Dec 23 2020, 10:28 PM
werner claimed this task.

The patch will be in 2.2.27. Thanks.