RFR JDK-8003245

John Zavgren john.zavgren at oracle.com
Tue Jun 25 07:28:52 PDT 2013


I made a change to 
src/share/native/sun/security/pkcs11/wrapper/p11_convert.c... I replaced 
all the code that looks like this:

struct fubar bar;
memset(&bar, 0, sizeof(struct fubar));

with code that looks like this:

struct fubar bar = {0};

Also, I looked for similar usage patterns in neighbouring security code 
that would cause references to uninitialized data structure memory, and 
found none. The basic issue that I discovered was that certain 
procedures were returning structures (not pointers to structures) that 
were allocated on the stack as uninitialized memory. (I found the bug by 
running the native code through doxygen and then I looked at every data 
structure instance.)

The latest webrev image is at:

John Zavgren

On 06/18/2013 10:27 PM, John Zavgren wrote:
> Greetings:
> Please consider the following changes that eliminate the use of 
> uninitialized memory.
> http://cr.openjdk.java.net/~jzavgren/8003245/webrev.01/
> Thanks!
> John

John Zavgren
john.zavgren at oracle.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/security-dev/attachments/20130625/12234439/attachment.html 

More information about the security-dev mailing list