Bug 1040886

Summary: valgrind complaints: 'Conditional jump or move depends on uninitialised value(s)'
Product: Red Hat Enterprise Linux 7 Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: gnutlsAssignee: Tomas Mraz <tmraz>
Status: CLOSED CURRENTRELEASE QA Contact: Jiri Jaburek <jjaburek>
Severity: high Docs Contact:
Priority: high    
Version: 7.0CC: jjaburek, nmavrogi, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: gnutls-3.1.18-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1129241 (view as bug list) Environment:
Last Closed: 2014-06-13 12:58:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1129241    

Description Nikos Mavrogiannopoulos 2013-12-12 09:32:38 UTC
This is a clone of https://bugzilla.redhat.com/show_bug.cgi?id=973210

Version-Release number of selected component (if applicable): 3.1.16


How reproducible:
When trying to connect to a RHEV instance using gnutls-cli, I'm getting the warnings below from valgrind. The RHEV instance is unfortunately only available on an internal network. I'm using gnutls-3.1.11-1.fc19

==27357== Memcheck, a memory error detector
==27357== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==27357== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==27357== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.red
==27357== Parent PID: 20980
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x4A0B131: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64
==27357==    by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785)
==27357==    by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182)
==27357==    by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166)
==27357==    by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348)
==27357==    by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511)
==27357==    by 0x40AB59: socket_recv (socket.c:56)
==27357==    by 0x407662: main (cli.c:985)
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x4A0B152: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64
==27357==    by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785)
==27357==    by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182)
==27357==    by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166)
==27357==    by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348)
==27357==    by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511)
==27357==    by 0x40AB59: socket_recv (socket.c:56)
==27357==    by 0x407662: main (cli.c:985)
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x3097678311: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:859)
==27357==    by 0x3097673EB1: fputc (fputc.c:38)
==27357==    by 0x4076C2: main (cli.c:1005)
==27357==-
==27357== Syscall param write(buf) points to uninitialised byte(s)
==27357==    at 0x30976E6760: __write_nocancel (syscall-template.S:81)
==27357==    by 0x3097676B92: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1254)
==27357==    by 0x3097677FFB: _IO_do_write@@GLIBC_2.2.5 (fileops.c:530)
==27357==    by 0x30976783D2: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:868)
==27357==    by 0x3097673EB1: fputc (fputc.c:38)
==27357==    by 0x4076C2: main (cli.c:1005)
==27357==  Address 0x30979ba4a3 is 131 bytes inside data symbol "_IO_2_1_stdout_
==27357==-
==27357==-
==27357== HEAP SUMMARY:
==27357==     in use at exit: 649 bytes in 6 blocks
==27357==   total heap usage: 35,466 allocs, 35,460 frees, 5,834,300 bytes alloc
==27357==-
==27357== LEAK SUMMARY:
==27357==    definitely lost: 117 bytes in 4 blocks
==27357==    indirectly lost: 0 bytes in 0 blocks
==27357==      possibly lost: 0 bytes in 0 blocks
==27357==    still reachable: 532 bytes in 2 blocks
==27357==         suppressed: 0 bytes in 0 blocks
==27357== Rerun with --leak-check=full to see details of leaked memory
==27357==-
==27357== For counts of detected and suppressed errors, rerun with: -v
==27357== Use --track-origins=yes to see where uninitialised values come from
==27357== ERROR SUMMARY: 360 errors from 4 contexts (suppressed: 2 from 2)

Comment 8 Tomas Mraz 2014-01-09 14:35:49 UTC
I'm forwarding the question from the previous comment to Nikos.

Comment 16 Ludek Smid 2014-06-13 12:58:06 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.