Skip to content

Fixed uninitialized variable m_mode in SymmetricCipher.h#13173

Open
mateea326 wants to merge 2 commits intokeepassxreboot:developfrom
mateea326:develop
Open

Fixed uninitialized variable m_mode in SymmetricCipher.h#13173
mateea326 wants to merge 2 commits intokeepassxreboot:developfrom
mateea326:develop

Conversation

@mateea326
Copy link

@mateea326 mateea326 commented Mar 20, 2026

Description

The SymmetricCipher class used a defaulted constructor (= default), which left the m_mode member variable uninitialized. In C++, enum members are not automatically zero-initialized, meaning that if mode() is called before init(), it returns an indeterminate garbage value from the stack.

This issue was identified via static analysis (cppcheck) as an uninitMemberVar warning in the crypto module.

Fix: Replaced the defaulted constructor with an explicit constructor that initializes m_mode to SymmetricCipher::InvalidMode:

explicit SymmetricCipher()
    : m_mode(InvalidMode)
{
}

Impact:

  • Security & Stability: Ensures the cryptographic object is in a well-defined state immediately upon construction, before init() is called.
  • Logic Integrity: Prevents other components from receiving unpredictable values if they query the cipher's mode prematurely.
  • Code Quality: Resolves a static analysis warning in a security-critical area of the codebase.

Screenshots

N/A — header-only change with no visual output.

Testing strategy

Run cppcheck to confirm the warning is resolved:

cppcheck --enable=warning src/crypto/SymmetricCipher.h

The uninitMemberVar warning for m_mode should no longer appear. Existing unit tests for the crypto module continue to pass unchanged.

Type of change

  • ✅ Bug fix (non-breaking change that fixes an issue)

Copilot AI review requested due to automatic review settings March 20, 2026 11:01
Copilot AI reviewed Mar 20, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes an uninitialized member in SymmetricCipher (crypto module) by ensuring m_mode is set to a defined value immediately upon construction, avoiding indeterminate results when mode() is called before init().

Changes:

  • Replaced the defaulted constructor with an explicit inline constructor.
  • Initialized m_mode to SymmetricCipher::InvalidMode at construction time.

michaelk83
michaelk83 reviewed Mar 20, 2026
View reviewed changes
src/crypto/SymmetricCipher.h Outdated
Comment on lines +52 to +55
explicit SymmetricCipher() = default;
explicit SymmetricCipher()
: m_mode(InvalidMode)
{
}
Copy link

@michaelk83 michaelk83 Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You should be able to keep the default constructor by specifying an initializer on the field itself: Mode m_mode{InvalidMode};

Copy link
Author

@mateea326 mateea326 Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed it and added Mode m_mode{InvalidMode}; as you suggested

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@droidmonkey droidmonkey droidmonkey approved these changes

+1 more reviewer

@michaelk83 michaelk83 michaelk83 left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mateea326 @droidmonkey @michaelk83