From ded66fbb62cdad37d577dc048e37f7cea7f7a4da Mon Sep 17 00:00:00 2001
From: Dan McGee <dan@archlinux.org>
Date: Mon, 9 Apr 2012 00:42:04 -0500
Subject: Fix issues with unintialized variable value usage

Detected by clang scan-build static code analyzer.

* Don't attempt to free an uninitialized gpgme key variable
* Initialize answer variable before asking frontend a question
* Pass by reference instead of value if uninitialized fields are
  possible in download signal handler code
* Ensure we never call strlen() on NULL payload->remote_name value

Signed-off-by: Dan McGee <dan@archlinux.org>
---
 lib/libalpm/signing.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib/libalpm/signing.c')

diff --git a/lib/libalpm/signing.c b/lib/libalpm/signing.c
index fc8dd5bb..7177d655 100644
--- a/lib/libalpm/signing.c
+++ b/lib/libalpm/signing.c
@@ -210,9 +210,9 @@ static int key_in_keychain(alpm_handle_t *handle, const char *fpr)
 	} else {
 		_alpm_log(handle, ALPM_LOG_DEBUG, "gpg error: %s\n", gpgme_strerror(err));
 	}
+	gpgme_key_unref(key);
 
 error:
-	gpgme_key_unref(key);
 	gpgme_release(ctx);
 	return ret;
 }
@@ -797,7 +797,7 @@ int _alpm_process_siglist(alpm_handle_t *handle, const char *identifier,
 						_("%s: key \"%s\" is unknown\n"), identifier, name);
 #ifdef HAVE_LIBGPGME
 				{
-					int answer;
+					int answer = 0;
 					alpm_pgpkey_t fetch_key;
 					memset(&fetch_key, 0, sizeof(fetch_key));
 
-- 
cgit v1.2.3-24-g4f1b