Skip to content

Comments

tpm2: Resolve a few issues detected with gcc -fanalyzer#552

Merged
stefanberger merged 7 commits intomasterfrom
master.next
Feb 11, 2026
Merged

tpm2: Resolve a few issues detected with gcc -fanalyzer#552
stefanberger merged 7 commits intomasterfrom
master.next

Conversation

@stefanberger
Copy link
Owner

@stefanberger stefanberger commented Feb 11, 2026
edited
Loading

TPM 2 code: gcc's -fanalyzer claims that strtoul() may be called with str == NULL. However, this cannot happen since in this case retVal would have been set from the call to RuntimeProfileGetFromJSON(). In case of error returned from RuntimeProfileGetFromJSON() we would not get to call strtoul(). So this is a false-positive.

TPM 1.2 code: simply initialize some variable or intercept NULL pointers where -fanalyzer complains.

@stefanberger
tpm2: Resolve a false-positive issue with detected by gcc -fanalyzer
b36fe93 
gcc's -fanalyzer claims that strtoul() may be called with str == NULL.
However, this cannot happen since in this case retVal would have been set
from the call to RuntimeProfileGetFromJSON(). In case of error returned
from RuntimeProfileGetFromJSON() we would not get to call strtoul(). So
this is a false-positive.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Cast sizeof result to uint32_t to match va_arg type (-fanalyzer)
9a49506 
Resolve the following gcc -fanalyzer issue by casting the result of
sizeof() to uint32_t.

tpm12/tpm_cryptoh.c:977:16: warning: 'va_arg' expected 'uint32_t' \
   {aka 'unsigned int'} but received 'long unsigned int' \
   for variadic argument 3 of 'ap' [CWE-686] [-Wanalyzer-va-arg-type-mismatch]

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Initialize continueAuthSession to avoid -fanalyzer error
19fa5af 
Resolve the following gcc -fanalyzer issue by initializing the variable.

tpm12/tpm_migration.c: In function 'TPM_Process_CMK_CreateBlob':
tpm12/tpm_migration.c:3389:10: warning: use of uninitialized value
    'continueAuthSession' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
 3389 |          !continueAuthSession) &&
      |          ^~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Resolve some issues detected by gcc -fanalyzer in tpm_session.c
29433b9 
Resolve the following issues detected by gcc's -fanalyzer:

tpm12/tpm_session.c: In function 'TPM_AuthSessionData_Store':
tpm12/tpm_session.c:187:65: warning: dereference of NULL 'tpm_auth_session_data' [CWE-476] [-Wanalyzer-null-dereference]
  187 |         rc = TPM_Sbuffer_Append32(sbuffer, tpm_auth_session_data->handle);

tpm12/tpm_session.c: In function 'TPM_Process_SaveContext':
tpm12/tpm_session.c:3197:41: warning: use of uninitialized value 'tpm_key_handle_entry' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
 3197 |                 if (tpm_key_handle_entry->keyControl & TPM_KEY_CONTROL_OWNER_EVICT) {

tpm12/tpm_session.c:3230:26: warning: use of uninitialized value 'tpm_key_handle_entry' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
 3230 |             returnCode = TPM_KeyHandleEntry_Store(&r1ContextSensitive, tpm_key_handle_entry);

tpm12/tpm_session.c:3236:26: warning: use of uninitialized value 'tpm_transport_internal' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
 3236 |             returnCode = TPM_TransportInternal_Store(&r1ContextSensitive, tpm_transport_internal);

tpm12/tpm_session.c:3239:26: warning: use of uninitialized value 'tpm_daa_session_data' [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
 3239 |             returnCode = TPM_DaaSessionData_Store(&r1ContextSensitive, tpm_daa_session_data);

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Resolve some issues detected by gcc -fanalyzer in tpm_counter.c
062a5f9 
Resolve the following issues detected by gcc's -fanalyzer:

tpm12/tpm_counter.c: In function 'TPM_CounterValue_StorePublic.part.0':
tpm12/tpm_counter.c:421:61: warning: dereference of NULL 'tpm_counter_value' [CWE-476] [-Wanalyzer-null-dereference]
  421 |         rc = TPM_Sbuffer_Append32(sbuffer, tpm_counter_value->counter);
      |                                            ~~~~~~~~~~~~~~~~~^~~~~~~~~

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger
tpm12: Resolve some issues detected by gcc -fanalyzer in tpm_nvram.c
3bdb4f0 
Resolve the following issues detected by gcc's -fanalyzer:

tpm12/tpm_nvram.c: In function 'TPM_Process_NVDefineSpace':
tpm12/tpm_nvram.c:2908:20: warning: dereference of NULL 'd1_new' [CWE-476] [-Wanalyzer-null-dereference]
 2908 |         newNVIndex = pubInfo->nvIndex;          /* save the possibly new index */
      |         ~~~~~~~~~~~^~~~~~~~~~~~~~~~~~

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger stefanberger changed the title tpm2: Resolve a false-positive issue with -fanalyzer tpm2: Resolve a few issues detected with gcc -fanalyzer Feb 11, 2026
@stefanberger
tpm2: Check for NULL pointer before dereferencing it (-fanalyzer)
c4916ee 
Check that the object returned from HandleToObject is not NULL before
dereferencing it. In practice, this cannot currently happen in the call
paths that GetHierachy() is called because the object described by the
handle is known to exist.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
@stefanberger stefanberger merged commit c12e737 into master Feb 11, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefanberger