Description of problem: I just tried to compile Core2 Test1 package system-config-securitylevel-1.3.1-1 The compiler said 1. lokkit.c(254): remark #592: variable "ret" is used before its value is set The source code is char *ret; struct servent *service; memset(tmp,'\0', 256); service = getservbyport(htons(port->port), port->proto); if (service) { snprintf(tmp, 255, "%s:%s", service->s_name, port->proto); } else { snprintf(tmp, 255, "%d:%s", port->port, port->proto); } ret = calloc((orig ? strlen(orig) : 0) + strlen(ret) + 2, sizeof(char)); Doing strlen() on uninit memory is deeply unwise. I'm not sure what the fix is for this. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
> ret = calloc((orig ? strlen(orig) : 0) + strlen(ret) + 2, sizeof(char)); > Doing strlen() on uninit memory is deeply unwise. You're right. > I'm not sure what the fix is for this. It's just a mistake ... Brent, please, change the strlen(ret) to the strlen(tmp) on line 254 in the lokkit.c file.
Created attachment 98182 [details] strlen() patch Very simple patch fixing this bug.
Should be fixed in system-config-securitylevel-1.3.4-1. Thanks for the patch.
*** Bug 122069 has been marked as a duplicate of this bug. ***