Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.5
Component/s: pcre
Labels:
- sast

Fixed in Build:
pcre-8.44-4.el9
Regression:
None
Severity:
None

Pool Team:

rhel-sst-cs-databases

Dev Target Milestone:
8
Internal Target Milestone:
12
Story Points:
7
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/130725
Test Coverage:

RegressionOnly

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Here is one of the SAST reports for this bug:

Error: UNINIT (CWE-457):
pcre-8.44/pcre_jit_test.c:1172: var_decl: Declaring variable "mark8_1" without initializer.
pcre-8.44/pcre_jit_test.c:1690: uninit_use: Using uninitialized value "mark8_1".
# 1688|                   if (is_successful) {
# 1689|   #ifdef SUPPORT_PCRE8
# 1690|->                         if (mark8_1 != mark8_2) {
# 1691|                                   printf("8 bit: Mark value mismatch: [%d] '%s' @ '%s'\n",
# 1692|                                           total, current->pattern, current->input);

There are five SAST findings similar to this one and each of them can be fixed by adding a check for the "re8", "re16" or "re32" variable as if this variable is true the "mark8_1" and "mark8_2" (16 and 32 variants as well) variables will are initialized.

links to

RHBA-2024:130725 pcre update

Assignee:: Lukas Javorsky

Reporter:: Lukas Javorsky

Developer:: Lukas Javorsky

QA Contact:: Martin Kyral

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/04/11 7:50 AM

Updated:: 2024/11/12 9:37 AM

Resolved:: 2024/11/12 9:37 AM

Dev Target end:: 2024/04/22

Target end:: 2024/05/20

Release Date:: 2024/11/12

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates