Bug 521342
Summary: | perl-Crypt-SSLeay / openssl 1.0 has memory corruption issue | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jonathan Kamens <jik> | ||||
Component: | perl-Crypt-SSLeay | Assignee: | Stepan Kasal <kasal> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | rawhide | CC: | kasal, mmaslano, tmraz | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://rt.cpan.org/Ticket/Display.html?id=50557 | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2009-10-16 12:02:45 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Jonathan Kamens
2009-09-04 21:34:53 UTC
Forgot to mention that running the same script with MALLOC_CHECK=1 makes the crash go away. Could you please attach the script preferably in as minimal version as possible that still causes the crash? Created attachment 365004 [details]
perl script to demonstrate this issue
Save the attached file as /tmp/test.pl. All it does is fetch the login page of Red Hat bugzilla and log in. Run "valgrind perl /tmp/test.pl [redhat-bugzilla-username] [redhat-bugzilla-password] >| /tmp/valgrind.out 2>&1". Load /tmp/valgrind.out into an editor and search for "Invalid write of size". You will find it near the end, and this is what is causing the core dump.
I'm doing this on a 32-bit system. Since memory profiles are obviously very different on 64-bit systems, you may or may not see the issue there.
It is reproduced also on 64b. I filed an upstream ticket with proposed solution. It is fixed in openssl-1.0.0-0.10.beta3.fc12. I'll make tag request to F12 as well. The fix in perl-Crypt-SSLeay should not break anything although it is not necessary with fixed openssl. Upstream ticket at cpan: https://rt.cpan.org/Ticket/Display.html?id=50557 |