Skip to content

/ zcash

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NCC-2016-008 - Potential uninitialized reads #1464

Closed
daira opened this issue Sep 30, 2016 · 1 comment
Closed

NCC-2016-008 - Potential uninitialized reads #1464

daira opened this issue Sep 30, 2016 · 1 comment
Assignees
@daira
Labels
C-audit I-SECURITY M-has-pr
Milestone
1.0.0-rc2

Comments

@daira
Copy link
Contributor

@daira daira commented Sep 30, 2016
edited

Various reads of uninitialized data (listed in the NCC report). Some and possibly all of them are false positives because the data does get initialized in actual usage of the relevant classes; just not in a way that Coverity can determine to be statically guaranteed. We're changing them so that Coverity can tell they are initialized.
@daira daira changed the title NCC-2016-014 NCC-2016-008 Sep 30, 2016
@nathan-at-least nathan-at-least added this to the 1.0.0-rc1 milestone Oct 3, 2016
@nathan-at-least
Copy link
Contributor

@nathan-at-least nathan-at-least commented Oct 3, 2016

Let's narrow the scope of this for only code we've altered from Bitcoin + the portions of libsnark we use, and exclude dependencies, and ensure we do that for rc1.
@nathan-at-least nathan-at-least modified the milestones: 1.0.0-rc1, 1.0.0-rc2 Oct 17, 2016
@bitcartel bitcartel mentioned this issue Oct 20, 2016
Merged
@bitcartel bitcartel added the M-has-pr label Oct 20, 2016
zkbot pushed a commit that referenced this issue Oct 21, 2016
zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
f05045a 
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot pushed a commit that referenced this issue Oct 21, 2016
zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
cc11d01 
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot pushed a commit that referenced this issue Oct 22, 2016
zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=daira
1f8ad0e 
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot pushed a commit that referenced this issue Oct 22, 2016
zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
a12eaa2 
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)
@zkbot zkbot closed this in #1581 Oct 22, 2016
@daira daira reopened this Oct 23, 2016
@daira daira changed the title NCC-2016-008 NCC-2016-008 - Potential uninitialized reads Oct 23, 2016
@daira daira closed this Oct 23, 2016
@daira daira added this to Complete in Security and Stability Nov 11, 2017
@str4d str4d added the C-audit label Aug 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@daira daira

Labels
C-audit I-SECURITY M-has-pr
Projects
None yet
Milestone
1.0.0-rc2
Linked pull requests

Successfully merging a pull request may close this issue.

Fixes for NCC-2016-008
4 participants
@bitcartel @daira @nathan-at-least @str4d