[Pkg-gnupg-commit] [gnupg2] 84/159: gpg: Comment on false positives by static analyzers.

[Daniel Kahn Gillmor]

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch master
in repository gnupg2.

commit 7990586828a252e78d2ecacbaaa152431d7e08c8
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Jan 6 08:42:07 2016 +0100

    gpg: Comment on false positives by static analyzers.
    
    --
---
 g10/encrypt.c      |  1 +
 g10/keyedit.c      | 16 +++++++++++++++-
 g10/parse-packet.c |  1 +
 g10/sign.c         |  1 +
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/g10/encrypt.c b/g10/encrypt.c
index bca1123..eca1c27 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -326,6 +326,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 
   if (!opt.no_literal)
     {
+      /* Note that PT has been initialized above in no_literal mode.  */
       pt->timestamp = make_timestamp();
       pt->mode = opt.textmode? 't' : 'b';
       pt->len = filesize;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index a303058..1c302b7 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -363,7 +363,13 @@ check_all_keysigs (KBNODE keyblock, int only_selected, int only_selfsigs)
 
           if (only_selfsigs
               && !(keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]))
-            ;  /* Not a selfsig but we want only selfsigs - skip.  */
+            {
+              /* Not a selfsig but we want only selfsigs - skip.  */
+              /* Static analyzer note: A claim that KEYID above has
+                 garbage is not correct because KEYID is set from the
+                 public key packet which is always the first packet in
+                 a keyblock and thus parsed before this signature.  */
+            }
 	  else if (print_and_check_one_sig (keyblock, node, &inv_sigs,
                                             &no_key, &oth_err, &selfsig,
                                             0, only_selfsigs))
@@ -856,6 +862,14 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 
       if (primary_pk->expiredate && !selfsig)
 	{
+          /* Static analyzer note: A claim that PRIMARY_PK might be
+             NULL is not correct because it set from the public key
+             packet which is always the first packet in a keyblock and
+             parsed in the above loop over the keyblock.  In case the
+             keyblock has no packets at all and thus the loop was not
+             entered the above count_uids_with_flag would have
+             detected this case.  */
+
 	  u32 now = make_timestamp ();
 
 	  if (primary_pk->expiredate <= now)
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 53b75a6..d552fa6 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2517,6 +2517,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
     }
 
+  /* Note that KEYID below has been initialized above in list_mode.  */
   if (list_mode)
     es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
                 (ulong) keyid[0], (ulong) keyid[1]);
diff --git a/g10/sign.c b/g10/sign.c
index 79a5f3b..081bd99 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -601,6 +601,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
     if (!opt.no_literal) {
         PACKET pkt;
 
+        /* Note that PT has been initialized above in no_literal mode.  */
         pt->timestamp = make_timestamp ();
         pt->mode = ptmode;
         pt->len = filesize;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git