#27 Either handle lu_invalid or assign name in files.c to NULL
Closed 2 years ago Opened 2 years ago by jhrozek.

There are some places where name is not initialized and if we miss both of if-conditions, we check the uninitialized value:

Error: UNINIT (CWE-457): [#def37]
libuser-0.62/modules/files.c:1504: var_decl: Declaring variable "name" without initializer.
libuser-0.62/modules/files.c:1513: uninit_use: Using uninitialized value "name".
# 1511|     if (ent->type == lu_group)
# 1512|         name = lu_ent_get_first_value_strdup_current(ent, LU_GROUPNAME);
# 1513|->   g_assert(name != NULL);
# 1514|   
# 1515|     g_assert(module != NULL);

Error: UNINIT (CWE-457): [#def38]
libuser-0.62/modules/files.c:1564: var_decl: Declaring variable "name" without initializer.
libuser-0.62/modules/files.c:1574: uninit_use: Using uninitialized value "name".
# 1572|     if (ent->type == lu_group)
# 1573|         name = lu_ent_get_first_value_strdup_current(ent, LU_GROUPNAME);
# 1574|->   g_assert(name != NULL);
# 1575|   
# 1576|     g_assert(module != NULL);

Error: CPPCHECK_WARNING (CWE-456): [#def39]
libuser-0.62/modules/files.c:1764: error[uninitvar]: Uninitialized variable: name
# 1762|     else if (ent->type == lu_group)
# 1763|         name = lu_ent_get_first_value_strdup_current(ent, LU_GROUPNAME);
# 1764|->   g_assert(name != NULL);
# 1765|   
# 1766|     g_assert(module != NULL);

Error: UNINIT (CWE-457): [#def40]
libuser-0.62/modules/files.c:1755: var_decl: Declaring variable "name" without initializer.
libuser-0.62/modules/files.c:1764: uninit_use: Using uninitialized value "name".
# 1762|     else if (ent->type == lu_group)
# 1763|         name = lu_ent_get_first_value_strdup_current(ent, LU_GROUPNAME);
# 1764|->   g_assert(name != NULL);
# 1765|   
# 1766|     g_assert(module != NULL);

Metadata Update from @jhrozek:
- Issue assigned to jhrozek

2 years ago

Metadata Update from @jhrozek:
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata