Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dangling reference in HPKE #433

Open
braindigitalis opened this issue Oct 19, 2024 · 1 comment
Open

dangling reference in HPKE #433

braindigitalis opened this issue Oct 19, 2024 · 1 comment

Comments

@braindigitalis
Copy link

When compiling under g++14, there is a warning emitted about a dangling reference in HPKE:

/home/brain/D++/mlspp/lib/hpke/src/userinfo_vc.cpp: In static member function ‘static std::shared_ptr<mlspp::hpke::UserInfoVC::ParsedCredential> mlspp::hpke::UserInfoVC::ParsedCredential::parse(const std::string&)’:
/home/brain/D++/mlspp/lib/hpke/src/userinfo_vc.cpp:223:17: warning: possibly dangling reference to a temporary [-Wdangling-reference]
223 |     const auto& sig = signature_from_alg(hdr);
|                 ^~~
/home/brain/D++/mlspp/lib/hpke/src/userinfo_vc.cpp:223:41: note: the temporary was destroyed at the end of the full expression ‘mlspp::hpke::signature_from_alg(nlohmann::json_abi_v3_11_2::basic_json<ObjectType, ArrayType, StringType, BooleanType, NumberIntegerType, NumberUnsignedType, NumberFloatType, AllocatorType, JSONSerializer, BinaryType>::operator ValueType() const [with ValueType = std::__cxx11::basic_string<char>; typename std::enable_if<nlohmann::json_abi_v3_11_2::detail::conjunction<nlohmann::json_abi_v3_11_2::detail::negation<std::is_pointer<_Ptr> >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<_Up, std::nullptr_t> >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<ValueType, nlohmann::json_abi_v3_11_2::detail::json_ref<nlohmann::json_abi_v3_11_2::basic_json<ObjectType, ArrayType, StringType, BooleanType, NumberIntegerType, NumberUnsignedType, NumberFloatType, AllocatorType, JSONSerializer, BinaryType> > > >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<ValueType, typename StringType::value_type> >, nlohmann::json_abi_v3_11_2::detail::negation<nlohmann::json_abi_v3_11_2::detail::is_basic_json<BasicJsonType> >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<ValueType, std::initializer_list<typename StringType::value_type> > >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<ValueType, std::basic_string_view<char, std::char_traits<char> > > >, nlohmann::json_abi_v3_11_2::detail::negation<std::is_same<ValueType, std::any> >, nlohmann::json_abi_v3_11_2::detail::is_detected_lazy<nlohmann::json_abi_v3_11_2::detail::get_template_function, const nlohmann::json_abi_v3_11_2::basic_json<ObjectType, ArrayType, StringType, BooleanType, NumberIntegerType, NumberUnsignedType, NumberFloatType, AllocatorType, JSONSerializer, BinaryType>&, ValueType> >::value, int>::type <anonymous> = 0; ObjectType = std::map; ArrayType = std::vector; StringType = std::__cxx11::basic_string<char>; BooleanType = bool; NumberIntegerType = long int; NumberUnsignedType = long unsigned int; NumberFloatType = double; AllocatorType = std::allocator; JSONSerializer = nlohmann::json_abi_v3_11_2::adl_serializer; BinaryType = std::vector<unsigned char>]())’
223 |     const auto& sig = signature_from_alg(hdr);
|                       ~~~~~~~~~~~~~~~~~~^~~~~

MLS++ is working fine in our use case, so this warning does not have any obvious side effects but should probably be investigated.
@braindigitalis
Copy link
Author

braindigitalis commented Oct 21, 2024
edited
Loading

looking into this, it appears the reference the warning refers to is from a variable which is static, so this may be a false warning:

///
/// ParsedCredential
///
static const Signature&
signature_from_alg(const std::string& alg)
{
  static const auto alg_sig_map = std::map<std::string, const Signature&>
  {
    { "ES256", Signature::get<Signature::ID::P256_SHA256>() },
      { "ES384", Signature::get<Signature::ID::P384_SHA384>() },
      { "ES512", Signature::get<Signature::ID::P521_SHA512>() },
      { "Ed25519", Signature::get<Signature::ID::Ed25519>() },
#if !defined(WITH_BORINGSSL)
      { "Ed448", Signature::get<Signature::ID::Ed448>() },
#endif
      { "RS256", Signature::get<Signature::ID::RSA_SHA256>() },
      { "RS384", Signature::get<Signature::ID::RSA_SHA384>() },
      { "RS512", Signature::get<Signature::ID::RSA_SHA512>() },
  };

  return alg_sig_map.at(alg);
}

Moving the static const out of this function to the global scope within userinfo_vc.cpp does not resolve the issue, and the function must return a reference (or pointer) as it is returning a derived form of the abstract class Signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@braindigitalis