[clamav-users] [Clamav-devel] ClamAV® blog: ClamAV 0.101.1 Patch has been released

Micah Snyder (micasnyd) micasnyd at cisco.com
Thu Jan 10 12:34:31 EST 2019


Hi Alan,

I'm not sure which source files belong to that third party library.
The two non-bogus warnings I got were:

libclamunrar/arcread.cpp:32:3: warning: 'ReadSize' may be used uninitialized in this function
libclamunrar/rijndael.cpp:101:21: warning: 'uKeyLenInBytes' may be used uninitialized in this function

These seem to assume that an input variable takes on an allowed value;
I don't know if that assumption can always be guaranteed.

libclamunrar is in fact UnRAR 5.6.5 from RARLab with very, very limited changes from our team.  I just spoke with a developer from their team and he's happy to initialize those variables when they're defined, to appease the compiler, even though they do actually get initialized later.  The UnRAR developers are extremely responsive and helpful.

The warnings in our own code regarding integers of different
signedness are probably most concerning.  I very much want to take a
stab at cleaning those up as soon as I find time, but it will require
much care and heavy regression testing as it can be very easy to
break things when changing variable types.

Indeed.  On-the-spot typecasting is less invasive but more awkward.

Type casting to disable warnings sometimes only masks potential issues and should only be done with extreme care.

-Micah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20190110/52467ea4/attachment.html>


More information about the clamav-users mailing list