NetBSD Problem Report #57895
From www@netbsd.org Wed Jan 31 10:56:47 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id F2A951A9238
for <gnats-bugs@gnats.NetBSD.org>; Wed, 31 Jan 2024 10:56:46 +0000 (UTC)
Message-Id: <20240131105645.A55261A9239@mollari.NetBSD.org>
Date: Wed, 31 Jan 2024 10:56:45 +0000 (UTC)
From: hashikaw@mail.ru
Reply-To: hashikaw@mail.ru
To: gnats-bugs@NetBSD.org
Subject: crypt-argon2.c: gcc says using uninitialized delta.tv_sec
X-Send-Pr-Version: www-1.0
>Number: 57895
>Category: lib
>Synopsis: crypt-argon2.c: gcc says using uninitialized delta.tv_sec
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 31 11:00:00 +0000 2024
>Last-Modified: Sun Mar 10 04:20:01 +0000 2024
>Originator: Kouichi Hashikawa
>Release: current, 10.0-RC3
>Organization:
>Environment:
>Description:
in compile current, gcc -Os says
/usr/src/lib/libcrypt/crypt-argon2.c: In function '__libcrypt_internal_estimate_argon2_params':
/usr/src/lib/libcrypt/crypt-argon2.c:210:3: error: 'delta.tv_sec' may be used uninitialized in this function [-Werror=maybe-uninitialized]
210 | for (; delta.tv_sec < 1 && time < ARGON2_MAX_TIME; ++time) {
| ^~~
cc1: all warnings being treated as errors
I think that delta is not initialized and used in for.
crypt_private int
estimate_argon2_params(argon2_type atype, uint32_t *etime,
uint32_t *ememory, uint32_t *ethreads)
{
...
struct timespec tp1, tp2, delta;
...
for (; delta.tv_sec < 1 && time < ARGON2_MAX_TIME; ++time) {
if (argon2_hash(time, memory, threads,
(... also, this file don't have $NetBSD: $ .)
>How-To-Repeat:
always.
>Fix:
>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: lib/57895: crypt-argon2.c: gcc says using uninitialized delta.tv_sec
Date: Wed, 31 Jan 2024 16:51:12 -0000 (UTC)
hashikaw@mail.ru writes:
>>Description:
>in compile current, gcc -Os says
>/usr/src/lib/libcrypt/crypt-argon2.c: In function '__libcrypt_internal_estimate_argon2_params':
>/usr/src/lib/libcrypt/crypt-argon2.c:210:3: error: 'delta.tv_sec' may be used uninitialized in this function [-Werror=maybe-uninitialized]
> 210 | for (; delta.tv_sec < 1 && time < ARGON2_MAX_TIME; ++time) {
> | ^~~
>cc1: all warnings being treated as errors
Interesting that -Os detects this, but other -O levels do not.
Maybe:
Index: crypt-argon2.c
===================================================================
RCS file: /cvsroot/src/lib/libcrypt/crypt-argon2.c,v
retrieving revision 1.19
diff -p -u -r1.19 crypt-argon2.c
--- crypt-argon2.c 29 May 2022 12:15:00 -0000 1.19
+++ crypt-argon2.c 31 Jan 2024 16:48:36 -0000
@@ -207,7 +207,7 @@ estimate_argon2_params(argon2_type atype
if (clock_gettime(CLOCK_MONOTONIC, &tp1) == -1)
goto error;
- for (; delta.tv_sec < 1 && time < ARGON2_MAX_TIME; ++time) {
+ for (; time < ARGON2_MAX_TIME; ++time) {
if (argon2_hash(time, memory, threads,
tmp_pwd, sizeof(tmp_pwd),
tmp_salt, sizeof(tmp_salt),
@@ -221,6 +221,8 @@ estimate_argon2_params(argon2_type atype
if (timespeccmp(&tp1, &tp2, >))
break; /* broken system... */
timespecsub(&tp2, &tp1, &delta);
+ if (delta.tv_sec >= 1)
+ break;
}
} else {
time = *etime;
From: Kouichi Hashikawa <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: lib/57895: crypt-argon2.c: gcc says using uninitialized delta.tv_sec
Date: Sat, 3 Feb 2024 00:09:44 +0900
> Interesting that -Os detects this, but other
> O levels do not.
>=20
> Maybe:=20
Thanks for looking into the issue.
I can compile this program with the patch.
(but I don=E2=80=98t know how to test this program..., sorry...)
--=20
Kouichi Hashikawa=
From: "Michael van Elst" <mlelstv@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/57895 CVS commit: src/lib/libcrypt
Date: Sat, 9 Mar 2024 13:48:51 +0000
Module Name: src
Committed By: mlelstv
Date: Sat Mar 9 13:48:50 UTC 2024
Modified Files:
src/lib/libcrypt: crypt-argon2.c
Log Message:
Don't use uninitialized variable.
Fixes PR 57895.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/lib/libcrypt/crypt-argon2.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Kouichi Hashikawa <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: PR/57895 CVS commit: src/lib/libcrypt
Date: Sun, 10 Mar 2024 10:26:24 +0900
=EF=BB=BF
>=20
> Modified Files:
> src/lib/libcrypt: crypt-argon2.c
>=20
> Log Message:
> Don't use uninitialized variable.
> Fixes PR 57895.
Thank you for applying the patch.
And, this file does not have __RCSID() line.
Please pull-up to -10 branch.
--=20
Kouichi Hashikawa
From: Kouichi Hashikawa <hashikaw@mail.ru>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: PR/57895 CVS commit: src/lib/libcrypt
Date: Sun, 10 Mar 2024 12:08:53 +0900
Thank you for applying the patch.
And, this file does not have __RCSID() line.
Please pull-up to -10 branch.
--
Kouichi Hashikawa
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.