Topic: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

I get the following warning in Visual Studio when compiling WolfSSL to a .dll AND I have WOLFSSL_KEY_GEN set in my preprocessor directives.

c:\security\wolfssl-3.7.0\wolfcrypt\src\integer.c(4115): warning C4701: potentially uninitialized local variable 'q' used

I'm just guessing that this is because of the way that the mp_digit struct behaves - sort of taking things like validity of a number into its own hands.  But yet I have that nagging feeling that I don't like to have warnings in my build.

Any thoughts on this?

Share

2 (edited by Kaleb J. Himes 2015-11-18 14:09:31)

Re: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

(Non-helpful response removed by kaleb)

3 (edited by Kaleb J. Himes 2015-11-18 14:10:30)

Re: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

Hi gawiz,

I added the configure option WOLFSSL_KEY_GEN  and I was able to reproduce your warning. I will have a suggestion shortly.


Regards,

Kaleb

4 (edited by Kaleb J. Himes 2015-11-18 14:08:08)

Re: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

Hi gawiz,

Our mp_int structure is laid out as seen below. You can view this structure in <wolfssl_root>/wolfssl/wolfcrypt/integer.h

 /* the infamous mp_int structure */                                             
 typedef struct  {                                                               
     int used, alloc, sign;                                                      
     mp_digit *dp;                                                               
 } mp_int;

The Visual Studio compiler is complaining that the mp_digit pointer (dp) is potentially not initialized. By assigning 0x0 to this pointer at the time of declaration you can silence this warning. I would add a comment to note this is only to silence an MSVS static analysis warning.

I did the following in integer.c:

 static int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)          
 {                                                                               
   mp_int  q;
   q.dp = NULL;

... rest of the function here ...
 }

Evaluating this thoroughly we have proven it can never be "uninitialized" by the time the assignment takes place. This is a false positive from MSVS.

Proof follows:

if c IS NOT NULL the mp_init_size will initialize q and malloc q.dp
The first time q is used if c IS NULL (outside the first if block) is in the for loop.
The value of c can not change between if block and for loop.
the value of c can not change within the for loop
before q is used in the for loop (the line MSVS complains about) c is again evaluated
if c IS NULL q will not be used / cannot be used "uninitialized"
we can conclude the following:

q is used iff c != NULL.
if c != NULL q is initialized in the if block (line 4096 below)
c cannot become NULL between if block and for loop,
therefore q.dp can never be used uninitialized.

4096   if (c != NULL) {                                                             
4097       if ((res = mp_init_size(&q, a->used)) != MP_OKAY) {                       
4098         return res;                                                             
4099       }                                                                         
4100                                                                                 
4101       q.used = a->used;                                                         
4102       q.sign = a->sign;                                                         
4103   }                                                                             
4104                                                                                 
4105   w = 0;                                                                        
4106   for (ix = a->used - 1; ix >= 0; ix--) {                                       
4107      w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]);                    
4108                                                                                 
4109      if (w >= b) {                                                              
4110         t = (mp_digit)(w / b);                                                  
4111         w -= ((mp_word)t) * ((mp_word)b);                                       
4112       } else {                                                                  
4113         t = 0;                                                                  
4114       }                                                                         
4115       if (c != NULL)                                                            
4116         q.dp[ix] = (mp_digit)t;                                                 
4117   }

Best regards,

Kaleb

Re: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

Thanks Kaleb - I had assumed it was probably a false warning because management of mp_int is handled by the application.  I definitely appreciate your research and work on this!

Steve

Share

Re: [SOLVED] Warning when compiling wolfssl with WOLFSSL_KEY_GEN set

Hi Steve,

No problem. It was a good proof for us to work through on our end as well. Thank you for your question.


Best Regards,

Kaleb