Thanks for reporting, fixed in Git master as suggested. -Christian On 9/3/21 10:22 AM, Thorsten Brehm wrote: > Hi, > > gcc10 complains with two warnings when compiling libmicrohttpd using > > #define NDEBUG 1 > #define DAUTH_SUPPORT 1 > > so, "release build" with enabled "digest authentication": > > ../digestauth.c: In function 'MHD_digest_auth_check_digest2': > ../digestauth.c:1287:9: warning: 'da.digest_size' may be used uninitialized > in this function [-Wmaybe-uninitialized] > 1287 | if (da.digest_size != digest_size) > | ~~^~~~~~~~~~~~ > ../digestauth.c: In function 'MHD_queue_auth_fail_response2': > ../digestauth.c:1361:55: warning: 'da.digest_size' may be used uninitialized > in this function [-Wmaybe-uninitialized] > 1361 | char nonce[NONCE_STD_LEN (VLA_ARRAY_LEN_DIGEST (da.digest_size)) > + 1]; > | > > This is a minor issue, without any practical effect, unless when calling the > MHD API with an invalid value for the MHD_DigestAuthAlgorithm enum. > However, gcc is still right that there is a potential code path with > undefined behaviour: the default-case in the switch statement in SETUP_DA > does not set "da.digest_size". > Two functions later still always read this value. And the "mhd_assert" has no > effect, since it's disabled when NDEBUG is set. > > Trivial patch attached to silence the compiler warnings by also initializing > "da.digest_size" in the default case of the switch statement: > > diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c > index 04c9f22a..aaed170e 100644 > --- a/src/microhttpd/digestauth.c > +++ b/src/microhttpd/digestauth.c > @@ -1215,6 +1215,7 @@ MHD_digest_auth_check (struct MHD_Connection > *connection, > da.digest = &MHD_SHA256_finish; \ > break; \ > default: \ > + da.digest_size = 0; \ > mhd_assert (false); \ > break; \ > } \ > > Best Regards, > Thorsten >
signature.asc
Description: OpenPGP digital signature
