'make check' and Use of uninitialised value in Curl_rand

Discussion:

'make check' and Use of uninitialised value in Curl_rand_hex

Jeffrey Walton

2018-07-24 16:02:02 UTC

Hi Everyone,

My apologies if this has been asked previously. Google is not what it
used to be and showed one relevant hit at
https://fossies.org/diffs/curl/7.57.0_vs_7.58.0/CHANGES-diff.html.

I'm running a 'make check' on the latest release tarball. I'm catching
a lot of Valgrind findings for use of uninitialised value in
Curl_rand_hex.

My question is, how should I interpret the result?

If the results are expected, then maybe a suppression file with an
entry for Curl_rand_hex would be a good idea?

Thanks in adavnce

=================

$ make check
...

test 0007...OK (7 out of 1192, remaining: 24:18)
test 0008...OK (8 out of 1192, remaining: 23:34)
test 0009... valgrind ERROR ==24850== Use of uninitialised value of size 8
==24850== at 0x4E7E2CA: Curl_rand_hex (in
/home/build/curl-7.61.0/lib/.libs/libcurl.so.4.5.0)
==24850== by 0x4E82393: curl_mime_init (in
/home/build/curl-7.61.0/lib/.libs/libcurl.so.4.5.0)
==24850== by 0x40601B: formparse (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x407804: getparameter (in
/home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x40AA5A: parse_args (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x40FD97: operate (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x402857: main (in /home/build/curl-7.61.0/src/.libs/curl)
==24850==
==24850== Use of uninitialised value of size 8
==24850== at 0x4E7E2D7: Curl_rand_hex (in
/home/build/curl-7.61.0/lib/.libs/libcurl.so.4.5.0)
==24850== by 0x4E82393: curl_mime_init (in
/home/build/curl-7.61.0/lib/.libs/libcurl.so.4.5.0)
==24850== by 0x40601B: formparse (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x407804: getparameter (in
/home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x40AA5A: parse_args (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x40FD97: operate (in /home/build/curl-7.61.0/src/.libs/curl)
==24850== by 0x402857: main (in /home/build/curl-7.61.0/src/.libs/curl)
==24850==
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-user

Daniel Stenberg

2018-07-25 16:32:16 UTC

Permalink

My apologies if this has been asked previously. Google is not what it used
to be and showed one relevant hit at
https://fossies.org/diffs/curl/7.57.0_vs_7.58.0/CHANGES-diff.html.
I'm running a 'make check' on the latest release tarball. I'm catching a lot
of Valgrind findings for use of uninitialised value in Curl_rand_hex.
My question is, how should I interpret the result?

That sounds like a bug. What curl version is this and what TLS library do you
build with?

--
/ daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquett

Jeffrey Walton

2018-07-26 00:34:21 UTC

Permalink

Post by Daniel Stenberg

My apologies if this has been asked previously. Google is not what it used
to be and showed one relevant hit at
https://fossies.org/diffs/curl/7.57.0_vs_7.58.0/CHANGES-diff.html.
I'm running a 'make check' on the latest release tarball. I'm catching a
lot of Valgrind findings for use of uninitialised value in Curl_rand_hex.
My question is, how should I interpret the result?

That sounds like a bug. What curl version is this and what TLS library do
you build with?

I used 7.61.0.tar.gz and openssl-1.0.2.o.tar.gz.

After thinking about this a bit, this may be due to -march=native on a
Core i5 6th gen. It is also a 64-bit machine so -m64 is present, too.
(When I am not building for distribution I build for the native
machine.)

Jeff
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: http

Daniel Stenberg

2018-07-26 13:54:03 UTC

Permalink

Post by Jeffrey Walton
I used 7.61.0.tar.gz and openssl-1.0.2.o.tar.gz.
After thinking about this a bit, this may be due to -march=native on a Core
i5 6th gen. It is also a 64-bit machine so -m64 is present, too. (When I am
not building for distribution I build for the native machine.)

Seems like a common enough build that it shouldn't trigger any unusual code
paths...

curl_mime_init() calls Curl_rand_hex() to ask for 16 random hex character (by
providing a 17 byte length so that it also has room for the zero trailer).

(Unfortunately, curl_mime_init() doesn't check the return code from
Curl_rand_hex(), which we should consider a bug and I intend to fix it.)

Curl_rand_hex() in turn calls Curl_rand() to get a 16/2 == 8 bytes of random
bytes. Since your valgrind complaint is for 8 unitialized bytes, it could be
an indication that this particular call fails and you don't get any random
bytes returned at all. Any chance you can figure out if that's true?

--
/ daniel.haxx.se
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquet