CID 348330, 348331, 348332, 348333: Using uninitialized value
These were reported for v9.16, 5 cases of the same issue.
*** CID 348330: Uninitialized variables (UNINIT)
/lib/dns/keymgr.c: 2329 in keytime_status()
2323 } else {
2324 isc_buffer_printf(buf, "no\n");
2325 return;
2326 }
2327 if (ret == ISC_R_SUCCESS) {
2328 isc_stdtime_tostring(when, timestr, sizeof(timestr));
>>> CID 348330: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*timestr" as argument to "%s" when calling "isc_buffer_printf".
2329 isc_buffer_printf(buf, "%s\n", timestr);
2330 }
2331 }
2332
2333 static void
2334 rollover_status(dns_dnsseckey_t *dkey, dns_kasp_t *kasp, isc_stdtime_t now,
*** CID 348331: (UNINIT)
/lib/dns/keymgr.c: 2405 in rollover_status()
2399 } else {
2400 isc_buffer_printf(buf,
2401 " Rollover is due since ");
2402 }
2403 isc_stdtime_tostring(retire_time, timestr,
2404 sizeof(timestr));
>>> CID 348331: (UNINIT)
>>> Using uninitialized value "*timestr" as argument to "%s" when calling "isc_buffer_printf".
2405 isc_buffer_printf(buf, "%s", timestr);
2406 } else {
2407 isc_buffer_printf(buf, " No rollover scheduled");
2408 }
2409 }
2410 isc_buffer_printf(buf, "\n");
/lib/dns/keymgr.c: 2376 in rollover_status()
2370 &remove_time);
2371 if (ret == ISC_R_SUCCESS) {
2372 isc_buffer_printf(buf, " Key is retired, will "
2373 "be removed on ");
2374 isc_stdtime_tostring(remove_time, timestr,
2375 sizeof(timestr));
>>> CID 348331: (UNINIT)
>>> Using uninitialized value "*timestr" as argument to "%s" when calling "isc_buffer_printf".
2376 isc_buffer_printf(buf, "%s", timestr);
2377 }
2378 } else {
2379 isc_buffer_printf(
2380 buf, " Key has been removed from the zone");
2381 }
*** CID 348332: Uninitialized variables (UNINIT)
/lib/dns/keymgr.c: 2454 in dns_keymgr_status()
2448 isc_buffer_init(&buf, out, out_len);
2449
2450 // policy name
2451 isc_buffer_printf(&buf, "dnssec-policy: %s\n", dns_kasp_getname(kasp));
2452 isc_buffer_printf(&buf, "current time: ");
2453 isc_stdtime_tostring(now, timestr, sizeof(timestr));
>>> CID 348332: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*timestr" as argument to "%s" when calling "isc_buffer_printf".
2454 isc_buffer_printf(&buf, "%s\n", timestr);
2455
2456 for (dns_dnsseckey_t *dkey = ISC_LIST_HEAD(*keyring); dkey != NULL;
2457 dkey = ISC_LIST_NEXT(dkey, link))
2458 {
2459 char algstr[DNS_NAME_FORMATSIZE];
*** CID 348333: Uninitialized variables (UNINIT)
/lib/dns/dst_api.c: 1999 in printtime()
1993 result = dns_time32_totext(when, &b);
1994 if (result != ISC_R_SUCCESS) {
1995 goto error;
1996 }
1997
1998 isc_buffer_usedregion(&b, &r);
>>> CID 348333: Uninitialized variables (UNINIT)
>>> Using uninitialized value "*output" as argument to "%s" when calling "fprintf".
1999 fprintf(stream, "%s: %.*s (%s)\n", tag, (int)r.length, r.base, output);
2000 return;
2001
2002 error:
2003 fprintf(stream, "%s: (set, unable to display)\n", tag);
2004 }
Here is void isc_stdtime_tostring(isc_stdtime_t t, char *out, size_t outlen)
for UNIX and for win32.
// lib/isc/unix/stdtime.c:isc_stdtime_tostring()
void
isc_stdtime_tostring(isc_stdtime_t t, char *out, size_t outlen) {
time_t when;
REQUIRE(out != NULL);
REQUIRE(outlen >= 26);
UNUSED(outlen);
/* time_t and isc_stdtime_t might be different sizes */
when = t;
INSIST((ctime_r(&when, out) != NULL));
*(out + strlen(out) - 1) = '\0';
}
// lib/isc/win32/stdtime.c:isc_stdtime_tostring()
void
isc_stdtime_tostring(isc_stdtime_t t, char *out, size_t outlen) {
time_t when;
REQUIRE(out != NULL);
/* Minimum buffer as per ctime_r() specification. */
REQUIRE(outlen >= 26);
/* time_t and isc_stdtime_t might be different sizes */
when = t;
INSIST((ctime_s(out, outlen, &when) == 0));
*(out + strlen(out) - 1) = '\0';
}
IIUC, the only way that *out
could be left uninitialized is the theoretical case when strlen(out)
is 0
. I think we could add an INSIST
which checks that strlen(out) > 0
, and maybe do *out = '\0';
before calling ctime_r()
/ctime_s()
.
I am currently only setting the Affects v9.16 and v9.16 labels as I am still not sure why v9_18
and main
are not reported. Could it be that Coverity sees a problem only in the win32 version?