gpg: Comment on false positives by static analyzers.

--

4 files changed, 18 insertions, 1 deletions

diff --git a/g10/encrypt.c b/g10/encrypt.c
index bca1123a4..eca1c2786 100644
--- a/g10/encrypt.c
+++ b/g10/encrypt.c
@@ -326,6 +326,7 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
 
   if (!opt.no_literal)
     {
+      /* Note that PT has been initialized above in no_literal mode.  */
       pt->timestamp = make_timestamp();
       pt->mode = opt.textmode? 't' : 'b';
       pt->len = filesize;
diff --git a/g10/keyedit.c b/g10/keyedit.c
index a30305870..1c302b7ab 100644
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@@ -363,7 +363,13 @@ check_all_keysigs (KBNODE keyblock, int only_selected, int only_selfsigs)
 
           if (only_selfsigs
               && !(keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]))
-            ;  /* Not a selfsig but we want only selfsigs - skip.  */
+            {
+              /* Not a selfsig but we want only selfsigs - skip.  */
+              /* Static analyzer note: A claim that KEYID above has
+                 garbage is not correct because KEYID is set from the
+                 public key packet which is always the first packet in
+                 a keyblock and thus parsed before this signature.  */
+            }
 	  else if (print_and_check_one_sig (keyblock, node, &inv_sigs,
                                             &no_key, &oth_err, &selfsig,
                                             0, only_selfsigs))
@@ -856,6 +862,14 @@ sign_uids (ctrl_t ctrl, estream_t fp,
 
       if (primary_pk->expiredate && !selfsig)
 	{
+          /* Static analyzer note: A claim that PRIMARY_PK might be
+             NULL is not correct because it set from the public key
+             packet which is always the first packet in a keyblock and
+             parsed in the above loop over the keyblock.  In case the
+             keyblock has no packets at all and thus the loop was not
+             entered the above count_uids_with_flag would have
+             detected this case.  */
+
 	  u32 now = make_timestamp ();
 
 	  if (primary_pk->expiredate <= now)
diff --git a/g10/parse-packet.c b/g10/parse-packet.c
index 53b75a68c..d552fa6ba 100644
--- a/g10/parse-packet.c
+++ b/g10/parse-packet.c
@@ -2517,6 +2517,7 @@ parse_key (IOBUF inp, int pkttype, unsigned long pktlen,
 	}
     }
 
+  /* Note that KEYID below has been initialized above in list_mode.  */
   if (list_mode)
     es_fprintf (listfp, "\tkeyid: %08lX%08lX\n",
                 (ulong) keyid[0], (ulong) keyid[1]);
diff --git a/g10/sign.c b/g10/sign.c
index 79a5f3b8a..081bd99b0 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -601,6 +601,7 @@ write_plaintext_packet (IOBUF out, IOBUF inp, const char *fname, int ptmode)
     if (!opt.no_literal) {
         PACKET pkt;
 
+        /* Note that PT has been initialized above in no_literal mode.  */
         pt->timestamp = make_timestamp ();
         pt->mode = ptmode;
         pt->len = filesize;