New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NCC-2016-008 - Potential uninitialized reads #1464

Closed
daira opened this Issue Sep 30, 2016 · 1 comment

Comments

Projects
None yet
3 participants
@daira
Contributor

daira commented Sep 30, 2016

Various reads of uninitialized data (listed in the NCC report). Some and possibly all of them are false positives because the data does get initialized in actual usage of the relevant classes; just not in a way that Coverity can determine to be statically guaranteed. We're changing them so that Coverity can tell they are initialized.

@daira daira changed the title from NCC-2016-014 to NCC-2016-008 Sep 30, 2016

@nathan-at-least nathan-at-least added this to the 1.0.0-rc1 milestone Oct 3, 2016

@nathan-at-least

This comment has been minimized.

Show comment
Hide comment
@nathan-at-least

nathan-at-least Oct 3, 2016

Contributor

Let's narrow the scope of this for only code we've altered from Bitcoin + the portions of libsnark we use, and exclude dependencies, and ensure we do that for rc1.

Contributor

nathan-at-least commented Oct 3, 2016

Let's narrow the scope of this for only code we've altered from Bitcoin + the portions of libsnark we use, and exclude dependencies, and ensure we do that for rc1.

@nathan-at-least nathan-at-least modified the milestones: 1.0.0-rc1, 1.0.0-rc2 Oct 17, 2016

@bitcartel bitcartel added the has PR label Oct 20, 2016

zkbot pushed a commit that referenced this issue Oct 21, 2016

zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)

zkbot pushed a commit that referenced this issue Oct 21, 2016

zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)

zkbot pushed a commit that referenced this issue Oct 22, 2016

zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=daira
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)

zkbot pushed a commit that referenced this issue Oct 22, 2016

zkbot
Auto merge of #1581 - bitcartel:1464_ncc_2016_008, r=str4d
Fixes for NCC-2016-008

To close #1464 NCC-2016-088

- This PR
- zcash/libsnark#8

Of the 101 issues in NCC-2016-088, 62 are in dependencies, and many of the remainder are duplicates of the CIDs fixed in this PR.

Commit log message is: CID Type (Type is from scan.coverity Type column)

@zkbot zkbot closed this in #1581 Oct 22, 2016

@daira daira reopened this Oct 23, 2016

@daira daira changed the title from NCC-2016-008 to NCC-2016-008 - Potential uninitialized reads Oct 23, 2016

@daira daira closed this Oct 23, 2016

@daira daira added this to Complete in Security and Stability Nov 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment