perl script that uses Crypt::SSLeay is crashing since upgrade to openssl 1.0. Backtrace head with various debuginfo installed: #0 freelist_insert (ctx=0xa18c140, for_read=1, sz=34120, mem=0xa0d6a80) at s3_both.c:645 #1 0x0072f305 in ssl3_release_read_buffer (s=0xa0c4780) at s3_both.c:762 #2 0x0072b60c in ssl3_free (s=0xa0c4780) at s3_lib.c:2151 #3 0x00733d75 in tls1_free (s=0xa0c4780) at t1_lib.c:163 #4 0x00742041 in SSL_free (s=0xa0c4780) at ssl_lib.c:581 #5 0x00a6a7c5 in XS_Crypt__SSLeay__Conn_free (my_perl=0x9242008, cv=0xa002d54) at SSLeay.c:521
Forgot to mention that running the same script with MALLOC_CHECK=1 makes the crash go away.
Could you please attach the script preferably in as minimal version as possible that still causes the crash?
Created attachment 365004 [details] perl script to demonstrate this issue Save the attached file as /tmp/test.pl. All it does is fetch the login page of Red Hat bugzilla and log in. Run "valgrind perl /tmp/test.pl [redhat-bugzilla-username] [redhat-bugzilla-password] >| /tmp/valgrind.out 2>&1". Load /tmp/valgrind.out into an editor and search for "Invalid write of size". You will find it near the end, and this is what is causing the core dump. I'm doing this on a 32-bit system. Since memory profiles are obviously very different on 64-bit systems, you may or may not see the issue there.
It is reproduced also on 64b. I filed an upstream ticket with proposed solution.
It is fixed in openssl-1.0.0-0.10.beta3.fc12. I'll make tag request to F12 as well. The fix in perl-Crypt-SSLeay should not break anything although it is not necessary with fixed openssl.
Upstream ticket at cpan: https://rt.cpan.org/Ticket/Display.html?id=50557