...
VU#925211 in the OpenSSL package for Debian Linux, and other distributions derived from Debian, is said to reference unitialized uninitialized memory. One might say that unitialized uninitialized memory caused the vulnerability, but not directly. The original OpenSSL code utilized uninitialized memory as an additional source of randomness to an already-randomly-generated key. This generated good keys, but caused the code-auditing tools Valgrind and Purify to issue warnings. Debian tried to fix the warnings with two changes. One actually eliminated the unitialized uninitialized memory access, but the other weakened the randomness of the keys.
...
Fortify SCA Version 5.0 is able to detect violations of this rule, but will return false positives if the initialization was done in another function.
The tool Compass/Rose automatically detects simple violations of this rule, but will although it may return some false positives. It may not catch more complex violations, such as initialization within functions taking arguments to uninitialized variables, and returns some false positives. Rose does tach 2nd . It does catch the second non-compliant code example, and could be extended to catch first, but this would be difficultthe first as well.
The Coverity Prevent UNINIT checker can find cases of an uninitialized variable being used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.
...