Bug #1716: libsqlfs: uninitialized warnings when building with ndk - IOCipher - Guardian Project Dev (ARCHIVED SITE)

Copy

Bug #1716

libsqlfs: uninitialized warnings when building with ndk

Added by abeluck over 4 years ago. Updated over 3 years ago.

Status:

Resolved

Start date:

08/13/2013

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

Component:

Description

Compile thumb  : iocipher <= sqlite3.c
Compile thumb  : sqlfs <= sqlfs.c
/home/user/src/guardian/iocipher/jni/../external/libsqlfs/sqlfs.c: In function 'sqlfs_proc_access':
/home/user/src/guardian/iocipher/jni/../external/libsqlfs/sqlfs.c:1922:36: warning: 'fmode' may be used uninitialized in this function [-Wmaybe-uninitialized]
/home/user/src/guardian/iocipher/jni/../external/libsqlfs/sqlfs.c:1819:16: warning: 'fgid' may be used uninitialized in this function [-Wmaybe-uninitialized]
/home/user/src/guardian/iocipher/jni/../external/libsqlfs/sqlfs.c:1843:11: note: 'fgid' was declared here
/home/user/src/guardian/iocipher/jni/../external/libsqlfs/sqlfs.c:1899:12: warning: 'fuid' may be used uninitialized in this function [-Wmaybe-uninitialized]
StaticLibrary  : libsqlfs.a

Associated revisions

Revision 93e24293
Added by Hans-Christoph Steiner over 3 years ago

init internal vars in sqlfs_proc_access based on least permission

The tricky part here is what to initialize these values to.
get_permission_data() could fail to get the values from SQLite, so then the
initialized values would be used. sqlfs_proc_access() does include checks
for whether SQLite succeeded, i.e. if (r == SQLITE_OK), but a slip in the
internal logic of this function could cause the initialized values to be
used. Then again, sqlfs_proc_access() does not grant access, it only
checks access, so the security risk is pretty low.

fixes #1716 https://dev.guardianproject.info/issues/1716
closes #4 https://github.com/guardianproject/libsqlfs/pull/4

History

#1 Updated by hans almost 4 years ago

Target version deleted (61)

#2 Updated by hans over 3 years ago

Target version set to 0.2 - reliability and cacheword interop

#3 Updated by hans over 3 years ago

Target version deleted (~~0.2 - reliability and cacheword interop~~)

#4 Updated by hans over 3 years ago

one proposed fix:
https://github.com/guardianproject/libsqlfs/pull/4

#5 Updated by hans over 3 years ago

Subject changed from libsqlfs: compile warnings when building with ndk to libsqlfs: uninitialized warnings when building with ndk

The tricky part here is what to initialize these values to. get_permission_data() could fail to get the values from SQLite, so then the initialized values would be used. sqlfs_proc_access() does include checks for whether SQLite succeeded, i.e. if (r == SQLITE_OK), but a slip in the internal logic of this function could cause the initialized values to be used.

Then again, sqlfs_proc_access() does not grant access, it only checks access, so the security risk is pretty low.

#6 Updated by Anonymous over 3 years ago

Status changed from New to Resolved

Applied in changeset libsqlfs|commit:93e2429391b3709fb9a3bf35015f4dcccfa40cce.