[ROS] The perils of security tools

Ben Laurie ben at links.org
Wed May 14 05:34:22 EDT 2008

Jonathan S. Shapiro wrote:
> Ben: I'm idly curious. Was this exceptionally unusual case where use of
> uninitialized memory was valid properly commented in the code?

Well. Kinda. It didn't really explain why:

		if (i <= 0) break;
		/* even if n != i, use the full array */

There is in theory a second place where it might used an uninitialised 
buffer, but I think in practice that never happens.

I'd note that ISO/IEC 9899 says the result of doing this is undefined, 
so I am inclined to remove it from future releases.

http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list