Valgrind suppression with using frame-level wildcard (ellipses)

StackOverflow https://stackoverflow.com/questions/21586868

  •  07-10-2022
  •  | 
  •  

문제

I'm catching quite a few uninitialized value(s) under Valgrind. The finding is expected because its related to to OpenSSL's PRNG:

==5787== Use of uninitialised value of size 8
==5787==    at 0x533B449: _x86_64_AES_encrypt_compact (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x533B6DA: fips_aes_encrypt (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x56FBC47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x56FBD27: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x56FBE47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0xFFEFFFE17: ???
==5787==  Uninitialised value was created by a heap allocation
==5787==    at 0x4C28D84: malloc (vg_replace_malloc.c:291)
==5787==    by 0x53575AF: CRYPTO_malloc (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x53FB52B: drbg_get_entropy (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x534C312: fips_get_entropy (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x534CABE: FIPS_drbg_instantiate (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x53FB94E: RAND_init_fips (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x5403F5D: EVP_add_cipher (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==5787==    by 0x507B7C0: SSL_library_init (in /usr/local/ssl/lib/libssl.so.1.0.0)
==5787==    by 0x4103E7: DoStartupOpenSSL() (ac-openssl-1.cpp:494)
==5787==    by 0x419504: main (main.cpp:69)
==5787==

But I'm having trouble suppressing it (and that's not expected). I'm trying to use the following three rules, which use frame-level wildcards.

{
   RAND_init_fips (1)
   Memcheck:Cond
   ...
   fun:RAND_init_fips
   ...
}

{
   RAND_init_fips (2)
   Memcheck:Value8
   ...
   fun:RAND_init_fips
   ...
}

{
   RAND_init_fips (3)
   Memcheck:Value4
   ...
   fun:RAND_init_fips
   ...
}

I don't want to do things like initialize the memory because of the Debian PRNG fiasco a few years ago. Plus, its the OpenSSL FIPS Object Module, so I can't modify it because the source code and resulting object file are sequestered.

I'm not sure what the issue is because it appears RAND_init_fips surrounded by frame level-wildcards should match the finding. Any ideas what might be going wrong here?

도움이 되었습니까?

해결책

According to Tom Hughes on the Valgrind User's mailing list, its not possible to write the suppression rule:

The answer I did not want to hear...

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top