-fanalyzer cipher/mldsa-poly.c: warning: use of uninitialized value ‘POLY_UNIFORM_ETA_NBLOCKS’

falko-strenzke commented 6 months ago

|| mldsa-poly.c: In function ‘_gcry_mldsa_poly_uniform_eta’:
cipher/mldsa-poly.c|460 col 10| warning: use of uninitialized value ‘POLY_UNIFORM_ETA_NBLOCKS’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
||   460 |   buflen = POLY_UNIFORM_ETA_NBLOCKS * GCRY_STREAM256_BLOCKBYTES;
||   ‘_gcry_mldsa_poly_uniform_eta’: events 1-5
||     |
||     |  450 |   unsigned int POLY_UNIFORM_ETA_NBLOCKS;
||     |      |                ^~~~~~~~~~~~~~~~~~~~~~~~
||     |      |                |
||     |      |                (1) region created on stack here
||     |      |                (2) capacity: 4 bytes
||     |  451 | 
||     |  452 |   if (params->eta == 2)
||     |      |      ~          
||     |      |      |
||     |      |      (3) following ‘false’ branch...
||     |......
||     |  456 |   else if (params->eta == 4)
||     |      |           ~~~~~~~~~~~~
||     |      |           |      |
||     |      |           |      (4) ...to here
||     |      |           (5) following ‘false’ branch...
||     |
||   ‘_gcry_mldsa_poly_uniform_eta’: event 6
||     |
||     |  460 |   buflen = POLY_UNIFORM_ETA_NBLOCKS * GCRY_STREAM256_BLOCKBYTES;
||     |
||   ‘_gcry_mldsa_poly_uniform_eta’: event 7
||     |
||     |  460 |   buflen = POLY_UNIFORM_ETA_NBLOCKS * GCRY_STREAM256_BLOCKBYTES;
||     |

falko-strenzke commented 6 months ago

Der Variablenname sollte mit Kleinbuchstaben geschrieben werden:

unsigned int POLY_UNIFORM_ETA_NBLOCKS;

Und eine Prüfung auf einen falschen Wert von params->eta wäre sinnvoll um den analyzer zufrieden zu stellen.

TJ-91 commented 6 months ago

Ich fixe es schnell

pqc-thunderbird / libgcrypt

-fanalyzer cipher/mldsa-poly.c: warning: use of uninitialized value ‘POLY_UNIFORM_ETA_NBLOCKS’ #64