commit fdfd5dc80ffbe9468c92c41c35af6dbe2bf900af
parent 201444ffb1caf02ac1b8b03975bb476df1c2e729
Author: Christian Grothoff <christian@grothoff.org>
Date: Fri, 3 Sep 2021 13:31:05 +0200
tbrehm@dspace.de wrote:
Hi,
gcc10 complains with two warnings when compiling libmicrohttpd using
#define NDEBUG 1
#define DAUTH_SUPPORT 1
so, "release build" with enabled "digest authentication":
../digestauth.c: In function 'MHD_digest_auth_check_digest2':
../digestauth.c:1287:9: warning: 'da.digest_size' may be used uninitialized in this function [-Wmaybe-uninitialized]
1287 | if (da.digest_size != digest_size)
| ~~^~~~~~~~~~~~
../digestauth.c: In function 'MHD_queue_auth_fail_response2':
../digestauth.c:1361:55: warning: 'da.digest_size' may be used uninitialized in this function [-Wmaybe-uninitialized]
1361 | char nonce[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (da.digest_size)) + 1];
|
This is a minor issue, without any practical effect, unless when calling the MHD API with an invalid value for the MHD_DigestAuthAlgorithm enum.
However, gcc is still right that there is a potential code path with undefined behaviour: the default-case in the switch statement in SETUP_DA does not set "da.digest_size".
Two functions later still always read this value. And the "mhd_assert" has no effect, since it's disabled when NDEBUG is set.
Trivial patch attached to silence the compiler warnings by also initializing "da.digest_size" in the default case of the switch statement:
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
@@ -1215,6 +1215,7 @@ MHD_digest_auth_check (struct MHD_Connection *connection,
da.digest = &MHD_SHA256_finish; \
break; \
default: \
+ da.digest_size = 0; \
mhd_assert (false); \
break; \
} \
