Potential security issue in lib/connect.c: Unchecked return from initialization function

What is a Conditionally Uninitialized Variable? When an initialization function is used to initialize a local variable, but the returned status code is not checked, reading the variable may result in undefined behaviour.

1 instance of this defect were found in the following locations:

Instance 1 File : lib/connect.c Function: Curl_printable_address https://github.com/siva-msft/curl/blob/a051c0f0a9057a792ce7dfa22bf761d36fc56a72/lib/connect.c#L955 Code extract:

#ifndef CURL_DISABLE_VERBOSE_STRINGS
        char ipaddress[MAX_IPADR_LEN];
        char buffer[STRERROR_LEN];
        Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN); <------ HERE
#endif
        infof(data, "connect to %s port %ld failed: %s\n",

How can I fix it? Correct reference usage found in lib/socks.c at line 785. https://github.com/siva-msft/curl/blob/a051c0f0a9057a792ce7dfa22bf761d36fc56a72/lib/socks.c#L785 Code extract:

      return CURLE_COULDNT_RESOLVE_HOST;
    }

    if(Curl_printable_address(hp, dest, sizeof(dest))) { <------ HERE
      size_t destlen = strlen(dest);
      msnprintf(dest + destlen, sizeof(dest) - destlen, ":%d", remote_port);

siva-msft / curl

Potential security issue in lib/connect.c: Unchecked return from initialization function #2

What is a Conditionally Uninitialized Variable? When an initialization function is used to initialize a local variable, but the returned status code is not checked, reading the variable may result in undefined behaviour.

1 instance of this defect were found in the following locations: