Skip Menu |
 

Date: Sun, 22 Feb 2015 12:04:30 -0500
From: "W. Michael Petullo" <mike@flyn.org>
To: krb5-bugs@mit.edu
Subject: Build errors on OpenWrt/GCC 4.8
Download (untitled) / with headers
text/plain 3.9KiB
I am trying to build krb5-1.13.1 for OpenWrt using GCC 4.8. The build
process fails with a number of errors. For example:

cc_file.c:396:5: error: 'maxsize' may be used uninitialized in this function [-Werror=maybe-uninitialized]
return load_data(context, id, maxsize, buf);
^
cc_file.c:1091:12: note: 'maxsize' was declared here
size_t maxsize;
^
cc_file.c: In function 'read_principal':
cc_file.c:414:9: error: 'maxsize' may be used uninitialized in this function [-Werror=maybe-uninitialized]
ret = load_principal(context, id, maxsize, &buf);
^
cc1: some warnings being treated as errors
Makefile:779: recipe for target 'cc_file.so' failed
make[7]: *** [cc_file.so] Error 1
make[7]: Leaving directory '/home/mike/Source/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/krb5-1.13.1/src/lib/krb5/ccache'

and later:

pkinit_crypto_openssl.c: In function 'pkinit_open_session':
pkinit_crypto_openssl.c:3650:9: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
for (cp = tinfo.label + sizeof(tinfo.label); cp > tinfo.label; cp--) {
^
pkinit_crypto_openssl.c:3650:9: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
pkinit_crypto_openssl.c:3650:9: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
pkinit_crypto_openssl.c:3650:9: warning: assuming pointer wraparound does not occur when comparing P +- C1 with P +- C2 [-Wstrict-overflow]
pkinit_crypto_openssl.c:3684:29: error: 'label_len' may be used uninitialized in this function [-Werror=maybe-uninitialized]
if (asprintf(&p11name,
^
cc1: some warnings being treated as errors
Makefile:804: recipe for target 'pkinit_crypto_openssl.so' failed
make[5]: *** [pkinit_crypto_openssl.so] Error 1
make[5]: Leaving directory '/home/mike/Source/openwrt/openwrt/build_dir/target-mips_34kc_uClibc-0.9.33.2/krb5-1.13.1/src/plugins/preauth/pkinit'

I am not suggesting that the following is the proper fix, but it does
illustrate where the problem seems to lie. krb5-1.13.1 builds with the
following patch applied:

diff -u --recursive krb5-1.13.1-vanilla/src/lib/krad/packet.c krb5-1.13.1/src/lib/krad/packet.c
--- krb5-1.13.1-vanilla/src/lib/krad/packet.c 2015-02-22 10:08:38.213087138 -0500
+++ krb5-1.13.1/src/lib/krad/packet.c 2015-02-22 10:13:25.223709951 -0500
@@ -253,7 +253,7 @@
{
krb5_error_code retval;
krad_packet *pkt;
- uchar id;
+ uchar id = 0;
size_t attrset_len;

pkt = packet_new();
diff -u --recursive krb5-1.13.1-vanilla/src/lib/krb5/ccache/cc_file.c krb5-1.13.1/src/lib/krb5/ccache/cc_file.c
--- krb5-1.13.1-vanilla/src/lib/krb5/ccache/cc_file.c 2015-02-22 10:08:38.211087133 -0500
+++ krb5-1.13.1/src/lib/krb5/ccache/cc_file.c 2015-02-22 10:14:15.410819464 -0500
@@ -401,7 +401,7 @@
{
krb5_error_code ret;
struct k5buf buf;
- size_t maxsize;
+ size_t maxsize = 0;

*princ = NULL;
k5_cc_mutex_assert_locked(context, &((fcc_data *)id->data)->lock);
@@ -1088,7 +1088,7 @@
krb5_fcc_cursor *fcursor = *cursor;
fcc_data *data = id->data;
struct k5buf buf;
- size_t maxsize;
+ size_t maxsize = 0;

memset(creds, 0, sizeof(*creds));
k5_cc_mutex_lock(context, &data->lock);
diff -u --recursive krb5-1.13.1-vanilla/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c krb5-1.13.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
--- krb5-1.13.1-vanilla/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2015-02-22 10:08:38.190087088 -0500
+++ krb5-1.13.1/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c 2015-02-22 10:17:37.981263250 -0500
@@ -3593,7 +3593,7 @@
{
CK_ULONG i, r;
unsigned char *cp;
- size_t label_len;
+ size_t label_len = 0;
CK_ULONG count = 0;
CK_SLOT_ID_PTR slotlist;
CK_TOKEN_INFO tinfo;

--
Mike

:wq
All three of these warnings appear to be false positives.

The cc_file.c warning was worked around by #8026 after a previous
report. I apparently didn't mark that issue for pullup. I can't
reproduce this warning with gcc 4.8.2, but I don't know if I'm
triggering the inlining necessary to make the warning appear.

The pkinit_crypto_openssl.c is a false positive because the function
exits if the loop doesn't terminate at the break statement after
label_len is initialized. We haven't worked around this on master as
far as I can tell. Initializing label_len may be the only simple
workaround given the current design of the function.

The krad false positive is probably best fixed by initializing *id =
0 at the beginning of id_generate().