]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9b4e224)
build: pacify GCC analyzer false-positive in src/ocsptool.c
authorDaiki Ueno <ueno@gnu.org>
Fri, 31 Oct 2025 04:08:20 +0000 (13:08 +0900)
committerDaiki Ueno <ueno@gnu.org>
Fri, 31 Oct 2025 06:17:23 +0000 (15:17 +0900)
Without the guard (chain_size - 1), GCC analyzer spews the warning
below, which should be a false-positive:

ocsptool.c:532:32: warning: use of uninitialized value 'chain[1]' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
  532 |                         signer = chain[1];
      |                         ~~~~~~~^~~~~~~~~~

Signed-off-by: Daiki Ueno <ueno@gnu.org>
src/ocsptool.c patch | blob | blame | history

diff --git a/src/ocsptool.c b/src/ocsptool.c
index ded0555c22e6fb6bcdfbdbf389af2fd8555ea522..c4c3cc20ac8a8358d9363b5043b81256471721f2 100644 (file)
--- a/src/ocsptool.c
+++ b/src/ocsptool.c
@@ -526,10 +526,7 @@ static void verify_response(gnutls_datum_t *nonce)
                        app_exit(1);
                }
 
-               if (chain_size == 1)
-                       signer = chain[0];
-               else
-                       signer = chain[1];
+               signer = chain[MIN(1, chain_size - 1)];
 
                v = _verify_response(&dat, nonce, signer, 1);
 
Mirror of https://gitlab.com/gnutls/gnutls.git