[Buildroot] [PATCH 2/4] package/libnss: fix build warning

Giulio Benetti giulio.benetti at benettiengineering.com
Thu Oct 24 10:49:39 UTC 2019 

Hi Arnout,

On 10/24/19 10:51 AM, Arnout Vandecappelle wrote:
>   One more :-)
> 
> On 24/10/2019 10:50, Arnout Vandecappelle wrote:
>>
>>
>> On 24/10/2019 10:47, Arnout Vandecappelle wrote:
>>>
>>>
>>> On 23/10/2019 12:23, Giulio Benetti wrote:
>>>> Add patch to fix build warning due to uninitialized variable.
>>>>
>>>> Signed-off-by: Giulio Benetti <giulio.benetti at benettiengineering.com>
>>>> ---
>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
>>>> ---
>>>>   ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
>>>>   1 file changed, 27 insertions(+)
>>>>   create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>>
>>>> diff --git a/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>> new file mode 100644
>>>> index 0000000000..956abeb4a5
>>>> --- /dev/null
>>>> +++ b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>> @@ -0,0 +1,27 @@
>>>> +From 24bcc8860310149da1524dbf25f3bc77f6476b11 Mon Sep 17 00:00:00 2001
>>>> +From: Giulio Benetti <giulio.benetti at benettiengineering.com>
>>>> +Date: Wed, 23 Oct 2019 11:58:12 +0200
>>>> +Subject: [PATCH] Bug 1590678 - Remove -Wmaybe-uninitialized warning in
>>>> + tls13esni.c
>>>> +
>>>> +Signed-off-by: Giulio Benetti <giulio.benetti at benettiengineering.com>
>>>> +---
>>>> + nss/lib/ssl/tls13esni.c | 2 +-
>>>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>>>> +
>>>> +diff --git a/nss/lib/ssl/tls13esni.c b/nss/lib/ssl/tls13esni.c
>>>> +index 4d2e12d62..a7ce6f568 100644
>>>> +--- a/nss/lib/ssl/tls13esni.c
>>>> ++++ b/nss/lib/ssl/tls13esni.c
>>>> +@@ -728,7 +728,7 @@ tls13_ServerDecryptEsniXtn(const sslSocket *ss, const PRUint8 *in, unsigned int
>>>> + {
>>>> +     sslReader rdr = SSL_READER(in, inLen);
>>>> +     PRUint64 suite;
>>>> +-    const ssl3CipherSuiteDef *suiteDef;
>>>> ++    const ssl3CipherSuiteDef *suiteDef = NULL;
>>>
>>>   Although this looks OK at first sight, it's something that might be dangerous
>>> (i.e. the wrong fix). Since this is a security package, I don't want to apply it
>>> until upstream gives feedback.
>>
>>   On second thought, since we don't enable -Werror in Buildroot, we don't need
>> this patch AFAICS. So it's good that you reported it upstream, but we're not
>> going to apply this patch. I've marked it as Rejected.
> 
>   If upstream decides that this really *is* an uninitialized variable reference
> and not just a limitation of the compiler's analysis, it's a potential security
> issue, so in that case please resubmit.

Ok then,

thanks for reviewing!
Best regards
-- 
Giulio Benetti
Benetti Engineering sas

More information about the buildroot mailing list