Potential security issue in lib/sendf.c: Unchecked return from initialization function

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

1 instance of this defect were found in the following locations:

Instance 1 File : lib/sendf.c Function: curl_mvsnprintf https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/lib/sendf.c#L270 Code extract:

    size_t len;
    char error[CURL_ERROR_SIZE + 2];
    va_start(ap, fmt);
    mvsnprintf(error, CURL_ERROR_SIZE, fmt, ap); <------ HERE
    len = strlen(error);

How can I fix it? Correct reference usage found in lib/sendf.c at line 241. https://github.com/siva-msft/curl/blob/91176082b1cf013b3510b7544b589973e541e8b4/lib/sendf.c#L241 Code extract:

    size_t len;
    char print_buffer[2048 + 1];
    va_start(ap, fmt);
    len = mvsnprintf(print_buffer, sizeof(print_buffer), fmt, ap); <------ HERE
    /*
     * Indicate truncation of the input by replacing the last 3 characters

siva-msft / curl

Potential security issue in lib/sendf.c: Unchecked return from initialization function #55

What is a Conditionally Uninitialized Variable? The return value of a function that is potentially used to initialize a local variable is not checked. Therefore, reading the local variable may result in undefined behavior.

1 instance of this defect were found in the following locations: