[PATCH 17/32] password: avoid static analyzer false positive
Ahmad Fatoum
a.fatoum at pengutronix.de
Mon Sep 5 02:55:42 PDT 2022
default_passwd is a compile-time constant. In case, where it's unset,
the function will early-return and the static analyzer will warn about
len being initialized, but never used, move the length calculation later
to avoid this false positive.
Signed-off-by: Ahmad Fatoum <a.fatoum at pengutronix.de>
---
common/password.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/common/password.c b/common/password.c
index aea7c7ff5d21..55b2d1093ab9 100644
--- a/common/password.c
+++ b/common/password.c
@@ -148,8 +148,7 @@ static unsigned char to_hexa(unsigned char c)
static int read_default_passwd(unsigned char *sum, size_t length)
{
- int i = 0;
- int len = strlen(default_passwd);
+ int len, i = 0;
unsigned char *buf = (unsigned char *)default_passwd;
unsigned char c;
@@ -159,6 +158,7 @@ static int read_default_passwd(unsigned char *sum, size_t length)
if (!sum || length < 1)
return -EINVAL;
+ len = strlen(default_passwd);
for (i = 0; i < len && length > 0; i++) {
c = buf[i];
i++;
--
2.30.2
More information about the barebox
mailing list