Closed LukaszKwidzinski closed 5 years ago
Hi, which tool do you use for static code analysis? Pavel.
We're using Klocwork. Lint is good enough too.
Hi,
We use Klockwork. Lint is also good and is open source.
Br, Lukasz
From: Pavel Berdnikov [mailto:notifications@github.com] Sent: Thursday, May 30, 2019 5:58 PM To: intel/ipp-crypto ipp-crypto@noreply.github.com Cc: Kwidzinski, Lukasz lukasz.kwidzinski@intel.com; Author author@noreply.github.com Subject: Re: [intel/ipp-crypto] Uninitialized variables are used (#3)
Hi, which tool do you use for static code analysis? Pavel.
Intel Technology Poland sp. z o.o. ul. Slowackiego 173 | 80-298 Gdansk | Sad Rejonowy Gdansk Polnoc | VII Wydzial Gospodarczy Krajowego Rejestru Sadowego - KRS 101882 | NIP 957-07-52-316 | Kapital zakladowy 200.000 PLN.
Ta wiadomosc wraz z zalacznikami jest przeznaczona dla okreslonego adresata i moze zawierac informacje poufne. W razie przypadkowego otrzymania tej wiadomosci, prosimy o powiadomienie nadawcy oraz trwale jej usuniecie; jakiekolwiek przegladanie lub rozpowszechnianie jest zabronione. This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). If you are not the intended recipient, please contact the sender and delete all copies; any review or distribution by others is strictly prohibited.
Hi, Lucasz, I think you meant the following piece of source: void TransformNative2Composite(Ipp8u out[16], const Ipp8u inp[16]) { Ipp8u blk_lo[16], blk_hi[16]; ((Ipp64u)blk_lo)[0] = ((Ipp64u)inp)[0] & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_lo)[1] = ((Ipp64u)inp)[1] & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_hi)[0] = (((Ipp64u)inp)[0]>>4) & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_hi)[1] = (((Ipp64u)inp)[1]>>4) & 0x0F0F0F0F0F0F0F0F; { int n; for(n=0; n<16; n++) { Ipp8u lo = Native2CompositeTransformationLO[blk_lo[n]]; Ipp8u hi = Native2CompositeTransformationHI[blk_hi[n]]; out[n] = lo^hi; } } } But I don't see any "uninitialized in this function with index range: [2,15]". Really, the lines ((Ipp64u)blk_lo)[0] = ((Ipp64u)inp)[0] & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_lo)[1] = ((Ipp64u)inp)[1] & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_hi)[0] = (((Ipp64u)inp)[0]>>4) & 0x0F0F0F0F0F0F0F0F; ((Ipp64u)blk_hi)[1] = (((Ipp64u)inp)[1]>>4) & 0x0F0F0F0F0F0F0F0F; assign both blk_lo[16] and blk_hi[16] to 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F, 0F. Believe the KW did not recognize casting statements. But this is KW issue, but not ipp crypto source code. Do you agree?
Static code analysis return Critical errors.
C:\ipp-crypto\sources\ippcp\pcprij128safe.c:177 UNINIT.STACK.ARRAY.PARTIAL.MUST (1:Critical) Analyze 'blk_lo' array elements are used uninitialized in this function with index range: [2,15].
C:\ipp-crypto\sources\ippcp\pcprij128safe.c:178 UNINIT.STACK.ARRAY.PARTIAL.MUST (1:Critical) Analyze 'blk_hi' array elements are used uninitialized in this function with index range: [2,15].
C:\ipp-crypto\sources\ippcp\pcprij128safe.c:232 UNINIT.STACK.ARRAY.PARTIAL.MUST (1:Critical) Analyze 'blk_lo' array elements are used uninitialized in this function with index range: [2,15].
C:\ipp-crypto\sources\ippcp\pcprij128safe.c:233 UNINIT.STACK.ARRAY.PARTIAL.MUST (1:Critical) Analyze 'blk_hi' array elements are used uninitialized in this function with index range: [2,15].