Error: UNINIT (CWE-457): [#def41] [important]
bluez-5.75/src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
bluez-5.75/src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero".
883|
884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
885|-> } while (ecc_point_is_zero(&pk));
886|
887| ecc_native2bytes(priv, private_key);
Error: UNINIT (CWE-457): [#def42] [important]
bluez-5.75/src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
bluez-5.75/src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.x" when calling "ecc_point_is_zero".
bluez-5.75/src/shared/ecc.c:885:34: uninit_use_in_call: Using uninitialized element of array "pk.y" when calling "ecc_point_is_zero".
883|
884| ecc_point_mult(&pk, &curve_g, priv, NULL, vli_num_bits(priv));
885|-> } while (ecc_point_is_zero(&pk));
886|
887| ecc_native2bytes(priv, private_key);
Error: UNINIT (CWE-457): [#def43] [important]
bluez-5.75/src/shared/ecc.c:869:2: var_decl: Declaring variable "pk" without initializer.
bluez-5.75/src/shared/ecc.c:889:2: uninit_use_in_call: Using uninitialized value "*pk.y" when calling "ecc_native2bytes".
887| ecc_native2bytes(priv, private_key);
888| ecc_native2bytes(pk.x, public_key);
889|-> ecc_native2bytes(pk.y, &public_key[32]);
890|
891| return true;
---
src/shared/ecc.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/shared/ecc.c b/src/shared/ecc.c
index adaae2082e1f..02bccbd430f6 100644
--- a/src/shared/ecc.c
+++ b/src/shared/ecc.c
@@ -870,6 +870,8 @@ bool ecc_make_key(uint8_t public_key[64], uint8_t private_key[32])
uint64_t priv[NUM_ECC_DIGITS];
unsigned int tries = 0;
+ memset(&pk, 0, sizeof(pk));
+
do {
if (!get_random_number(priv) || (tries++ >= MAX_TRIES))
return false;
--
2.44.0
