NCC-2016-008 - Potential uninitialized reads #1464
Closed
Comments
Let's narrow the scope of this for only code we've altered from Bitcoin + the portions of libsnark we use, and exclude dependencies, and ensure we do that for rc1. |
Merged
zkbot
pushed a commit
that referenced
this issue
Oct 21, 2016
Fixes for NCC-2016-008 To close #1464 NCC-2016-088 - This PR - zcash/libsnark#8 Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR. Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot
pushed a commit
that referenced
this issue
Oct 21, 2016
Fixes for NCC-2016-008 To close #1464 NCC-2016-088 - This PR - zcash/libsnark#8 Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR. Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot
pushed a commit
that referenced
this issue
Oct 22, 2016
Fixes for NCC-2016-008 To close #1464 NCC-2016-088 - This PR - zcash/libsnark#8 Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR. Commit log message is: CID Type (Type is from scan.coverity Type column)
zkbot
pushed a commit
that referenced
this issue
Oct 22, 2016
Fixes for NCC-2016-008 To close #1464 NCC-2016-088 - This PR - zcash/libsnark#8 Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR. Commit log message is: CID Type (Type is from scan.coverity Type column)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Various reads of uninitialized data (listed in the NCC report). Some and possibly all of them are false positives because the data does get initialized in actual usage of the relevant classes; just not in a way that Coverity can determine to be statically guaranteed. We're changing them so that Coverity can tell they are initialized.
The text was updated successfully, but these errors were encountered: