[2/4] package/libnss: fix build warning

Add patch to fix build warning due to uninitialized variable.

Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
---
https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
---
 ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch

On 23/10/2019 12:23, Giulio Benetti wrote:
> Add patch to fix build warning due to uninitialized variable.
> 
> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
> ---
> https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
> ---
>  ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
>  1 file changed, 27 insertions(+)
>  create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
> 
> diff --git a/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
> new file mode 100644
> index 0000000000..956abeb4a5
> --- /dev/null
> +++ b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
> @@ -0,0 +1,27 @@
> +From 24bcc8860310149da1524dbf25f3bc77f6476b11 Mon Sep 17 00:00:00 2001
> +From: Giulio Benetti <giulio.benetti@benettiengineering.com>
> +Date: Wed, 23 Oct 2019 11:58:12 +0200
> +Subject: [PATCH] Bug 1590678 - Remove -Wmaybe-uninitialized warning in
> + tls13esni.c
> +
> +Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
> +---
> + nss/lib/ssl/tls13esni.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/nss/lib/ssl/tls13esni.c b/nss/lib/ssl/tls13esni.c
> +index 4d2e12d62..a7ce6f568 100644
> +--- a/nss/lib/ssl/tls13esni.c
> ++++ b/nss/lib/ssl/tls13esni.c
> +@@ -728,7 +728,7 @@ tls13_ServerDecryptEsniXtn(const sslSocket *ss, const PRUint8 *in, unsigned int
> + {
> +     sslReader rdr = SSL_READER(in, inLen);
> +     PRUint64 suite;
> +-    const ssl3CipherSuiteDef *suiteDef;
> ++    const ssl3CipherSuiteDef *suiteDef = NULL;

 Although this looks OK at first sight, it's something that might be dangerous
(i.e. the wrong fix). Since this is a security package, I don't want to apply it
until upstream gives feedback.

 Regards,
 Arnout

> +     SSLAEADCipher aead = NULL;
> +     TLSExtension *keyShareExtension;
> +     TLS13KeyShareEntry *entry = NULL;
> +-- 
> +2.20.1
> +
>

On 24/10/2019 10:47, Arnout Vandecappelle wrote:
> 
> 
> On 23/10/2019 12:23, Giulio Benetti wrote:
>> Add patch to fix build warning due to uninitialized variable.
>>
>> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>> ---
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
>> ---
>>  ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
>>  1 file changed, 27 insertions(+)
>>  create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>
>> diff --git a/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>> new file mode 100644
>> index 0000000000..956abeb4a5
>> --- /dev/null
>> +++ b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>> @@ -0,0 +1,27 @@
>> +From 24bcc8860310149da1524dbf25f3bc77f6476b11 Mon Sep 17 00:00:00 2001
>> +From: Giulio Benetti <giulio.benetti@benettiengineering.com>
>> +Date: Wed, 23 Oct 2019 11:58:12 +0200
>> +Subject: [PATCH] Bug 1590678 - Remove -Wmaybe-uninitialized warning in
>> + tls13esni.c
>> +
>> +Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>> +---
>> + nss/lib/ssl/tls13esni.c | 2 +-
>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>> +
>> +diff --git a/nss/lib/ssl/tls13esni.c b/nss/lib/ssl/tls13esni.c
>> +index 4d2e12d62..a7ce6f568 100644
>> +--- a/nss/lib/ssl/tls13esni.c
>> ++++ b/nss/lib/ssl/tls13esni.c
>> +@@ -728,7 +728,7 @@ tls13_ServerDecryptEsniXtn(const sslSocket *ss, const PRUint8 *in, unsigned int
>> + {
>> +     sslReader rdr = SSL_READER(in, inLen);
>> +     PRUint64 suite;
>> +-    const ssl3CipherSuiteDef *suiteDef;
>> ++    const ssl3CipherSuiteDef *suiteDef = NULL;
> 
>  Although this looks OK at first sight, it's something that might be dangerous
> (i.e. the wrong fix). Since this is a security package, I don't want to apply it
> until upstream gives feedback.

 On second thought, since we don't enable -Werror in Buildroot, we don't need
this patch AFAICS. So it's good that you reported it upstream, but we're not
going to apply this patch. I've marked it as Rejected.

 Regards,
 Arnout

One more :-)

On 24/10/2019 10:50, Arnout Vandecappelle wrote:
> 
> 
> On 24/10/2019 10:47, Arnout Vandecappelle wrote:
>>
>>
>> On 23/10/2019 12:23, Giulio Benetti wrote:
>>> Add patch to fix build warning due to uninitialized variable.
>>>
>>> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>> ---
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
>>> ---
>>>  ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
>>>  1 file changed, 27 insertions(+)
>>>  create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>
>>> diff --git a/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>> new file mode 100644
>>> index 0000000000..956abeb4a5
>>> --- /dev/null
>>> +++ b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>> @@ -0,0 +1,27 @@
>>> +From 24bcc8860310149da1524dbf25f3bc77f6476b11 Mon Sep 17 00:00:00 2001
>>> +From: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>> +Date: Wed, 23 Oct 2019 11:58:12 +0200
>>> +Subject: [PATCH] Bug 1590678 - Remove -Wmaybe-uninitialized warning in
>>> + tls13esni.c
>>> +
>>> +Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>> +---
>>> + nss/lib/ssl/tls13esni.c | 2 +-
>>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>>> +
>>> +diff --git a/nss/lib/ssl/tls13esni.c b/nss/lib/ssl/tls13esni.c
>>> +index 4d2e12d62..a7ce6f568 100644
>>> +--- a/nss/lib/ssl/tls13esni.c
>>> ++++ b/nss/lib/ssl/tls13esni.c
>>> +@@ -728,7 +728,7 @@ tls13_ServerDecryptEsniXtn(const sslSocket *ss, const PRUint8 *in, unsigned int
>>> + {
>>> +     sslReader rdr = SSL_READER(in, inLen);
>>> +     PRUint64 suite;
>>> +-    const ssl3CipherSuiteDef *suiteDef;
>>> ++    const ssl3CipherSuiteDef *suiteDef = NULL;
>>
>>  Although this looks OK at first sight, it's something that might be dangerous
>> (i.e. the wrong fix). Since this is a security package, I don't want to apply it
>> until upstream gives feedback.
> 
>  On second thought, since we don't enable -Werror in Buildroot, we don't need
> this patch AFAICS. So it's good that you reported it upstream, but we're not
> going to apply this patch. I've marked it as Rejected.

 If upstream decides that this really *is* an uninitialized variable reference
and not just a limitation of the compiler's analysis, it's a potential security
issue, so in that case please resubmit.

 Regards,
 Arnout

Hi Arnout,

On 10/24/19 10:51 AM, Arnout Vandecappelle wrote:
>   One more :-)
> 
> On 24/10/2019 10:50, Arnout Vandecappelle wrote:
>>
>>
>> On 24/10/2019 10:47, Arnout Vandecappelle wrote:
>>>
>>>
>>> On 23/10/2019 12:23, Giulio Benetti wrote:
>>>> Add patch to fix build warning due to uninitialized variable.
>>>>
>>>> Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>>> ---
>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1590678
>>>> ---
>>>>   ...ve-Wmaybe-uninitialized-warning-in-t.patch | 27 +++++++++++++++++++
>>>>   1 file changed, 27 insertions(+)
>>>>   create mode 100644 package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>>
>>>> diff --git a/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>> new file mode 100644
>>>> index 0000000000..956abeb4a5
>>>> --- /dev/null
>>>> +++ b/package/libnss/0004-Bug-1590678-Remove-Wmaybe-uninitialized-warning-in-t.patch
>>>> @@ -0,0 +1,27 @@
>>>> +From 24bcc8860310149da1524dbf25f3bc77f6476b11 Mon Sep 17 00:00:00 2001
>>>> +From: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>>> +Date: Wed, 23 Oct 2019 11:58:12 +0200
>>>> +Subject: [PATCH] Bug 1590678 - Remove -Wmaybe-uninitialized warning in
>>>> + tls13esni.c
>>>> +
>>>> +Signed-off-by: Giulio Benetti <giulio.benetti@benettiengineering.com>
>>>> +---
>>>> + nss/lib/ssl/tls13esni.c | 2 +-
>>>> + 1 file changed, 1 insertion(+), 1 deletion(-)
>>>> +
>>>> +diff --git a/nss/lib/ssl/tls13esni.c b/nss/lib/ssl/tls13esni.c
>>>> +index 4d2e12d62..a7ce6f568 100644
>>>> +--- a/nss/lib/ssl/tls13esni.c
>>>> ++++ b/nss/lib/ssl/tls13esni.c
>>>> +@@ -728,7 +728,7 @@ tls13_ServerDecryptEsniXtn(const sslSocket *ss, const PRUint8 *in, unsigned int
>>>> + {
>>>> +     sslReader rdr = SSL_READER(in, inLen);
>>>> +     PRUint64 suite;
>>>> +-    const ssl3CipherSuiteDef *suiteDef;
>>>> ++    const ssl3CipherSuiteDef *suiteDef = NULL;
>>>
>>>   Although this looks OK at first sight, it's something that might be dangerous
>>> (i.e. the wrong fix). Since this is a security package, I don't want to apply it
>>> until upstream gives feedback.
>>
>>   On second thought, since we don't enable -Werror in Buildroot, we don't need
>> this patch AFAICS. So it's good that you reported it upstream, but we're not
>> going to apply this patch. I've marked it as Rejected.
> 
>   If upstream decides that this really *is* an uninitialized variable reference
> and not just a limitation of the compiler's analysis, it's a potential security
> issue, so in that case please resubmit.

Ok then,

thanks for reviewing!
Best regards