Bug 973210 - valgrind complaints: 'Conditional jump or move depends on uninitialised value(s)'
valgrind complaints: 'Conditional jump or move depends on uninitialised value...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: gnutls (Show other bugs)
19
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nikos Mavrogiannopoulos
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-11 09:12 EDT by Christophe Fergeau
Modified: 2013-12-18 07:46 EST (History)
3 users (show)

See Also:
Fixed In Version: gnutls-3.1.17-3.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-17 14:13:13 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christophe Fergeau 2013-06-11 09:12:05 EDT
When trying to connect to a RHEV instance using gnutls-cli, I'm getting the warnings below from valgrind. The RHEV instance is unfortunately only available on an internal network. I'm using gnutls-3.1.11-1.fc19

==27357== Memcheck, a memory error detector
==27357== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.
==27357== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info
==27357== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.red
==27357== Parent PID: 20980
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x4A0B131: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64
==27357==    by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785)
==27357==    by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182)
==27357==    by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166)
==27357==    by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348)
==27357==    by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511)
==27357==    by 0x40AB59: socket_recv (socket.c:56)
==27357==    by 0x407662: main (cli.c:985)
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x4A0B152: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64
==27357==    by 0x4C6817E: ciphertext_to_compressed (gnutls_cipher.c:785)
==27357==    by 0x4C69531: _gnutls_decrypt (gnutls_cipher.c:182)
==27357==    by 0x4C658B1: _gnutls_recv_in_buffers (gnutls_record.c:1166)
==27357==    by 0x4C66995: _gnutls_recv_int (gnutls_record.c:1348)
==27357==    by 0x4C66E74: gnutls_record_recv (gnutls_record.c:1511)
==27357==    by 0x40AB59: socket_recv (socket.c:56)
==27357==    by 0x407662: main (cli.c:985)
==27357==-
==27357== Conditional jump or move depends on uninitialised value(s)
==27357==    at 0x3097678311: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:859)
==27357==    by 0x3097673EB1: fputc (fputc.c:38)
==27357==    by 0x4076C2: main (cli.c:1005)
==27357==-
==27357== Syscall param write(buf) points to uninitialised byte(s)
==27357==    at 0x30976E6760: __write_nocancel (syscall-template.S:81)
==27357==    by 0x3097676B92: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1254)
==27357==    by 0x3097677FFB: _IO_do_write@@GLIBC_2.2.5 (fileops.c:530)
==27357==    by 0x30976783D2: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:868)
==27357==    by 0x3097673EB1: fputc (fputc.c:38)
==27357==    by 0x4076C2: main (cli.c:1005)
==27357==  Address 0x30979ba4a3 is 131 bytes inside data symbol "_IO_2_1_stdout_
==27357==-
==27357==-
==27357== HEAP SUMMARY:
==27357==     in use at exit: 649 bytes in 6 blocks
==27357==   total heap usage: 35,466 allocs, 35,460 frees, 5,834,300 bytes alloc
==27357==-
==27357== LEAK SUMMARY:
==27357==    definitely lost: 117 bytes in 4 blocks
==27357==    indirectly lost: 0 bytes in 0 blocks
==27357==      possibly lost: 0 bytes in 0 blocks
==27357==    still reachable: 532 bytes in 2 blocks
==27357==         suppressed: 0 bytes in 0 blocks
==27357== Rerun with --leak-check=full to see details of leaked memory
==27357==-
==27357== For counts of detected and suppressed errors, rerun with: -v
==27357== Use --track-origins=yes to see where uninitialised values come from
==27357== ERROR SUMMARY: 360 errors from 4 contexts (suppressed: 2 from 2)


$ valgrind --log-file=log  gnutls-cli --no-ca-verification  rhevm32.spice.lab.eng.brq.redhat.com 
Processed 144 CA certificate(s).
Resolving 'rhevm32.spice.lab.eng.brq.redhat.com'...
Connecting to '10.34.58.32:443'...
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `C=US,O=spice.lab.eng.brq.redhat.com,CN=rhevm32.spice.lab.eng.brq.redhat.com', issuer `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-04 11:57:26 UTC', expires `2018-03-10 11:57:27 UTC', SHA-1 fingerprint `baabc26bf1ee21ba81ad5d4ca447daf6df5dcd58'
	Public Key Id:
		bd8f9a91c826c40bbe17ee5e2b736c290c609e3a
	Public key's random art:
		+--[ RSA 2048]----+
		|                 |
		|                 |
		|                 |
		|.. .     .       |
		|o.o o   S .      |
		| +.o.o . . .     |
		|. .+oo=.o .      |
		|E  .B+=. o o     |
		| ..+o*. o.. .    |
		+-----------------+

- Certificate[1] info:
 - subject `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', issuer `C=US,O=spice.lab.eng.brq.redhat.com,CN=CA-rhevm32.spice.lab.eng.brq.redhat.com.10001', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-04-04 11:57:26 UTC', expires `2023-04-03 11:57:27 UTC', SHA-1 fingerprint `cbfbb519a00d1e661b689e1c34ae1fb1f7658609'
- Description: (TLS1.0-PKIX)-(RSA)-(AES-128-CBC)-(SHA1)
- Session ID: DD:D1:A8:AC:B7:A7:32:31:4D:A5:60:EF:5E:47:BD:00:24:98:69:C8:DF:62:23:6C:74:AF:E6:ED:44:55:0F:7F
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

GET /api/vms HTTP/1.1
Host: rhevm32.spice.lab.eng.brq.redhat.com
Content-Type: application/xml

HTTP/1.1 401 Unauthorized
Date: Tue, 11 Jun 2013 13:06:10 GMT
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Basic realm="ENGINE"
Content-Type: text/html;charset=utf-8
Content-Length: 978
Vary: Accept-Encoding
Connection: close

<html><head><title>JBoss Web/7.0.17..Final-redhat-1 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.17..Final-redhat-1</h3></body></html>- Peer has closed the GnuTLS connection
Comment 1 Nikos Mavrogiannopoulos 2013-11-26 10:42:32 EST
I have just submitted 3.1.17-1 for testing, and I couldn't reproduce the issue you mention with it. Could you verify that it solves the issue for you?
Comment 2 Christophe Fergeau 2013-11-26 12:45:48 EST
Still getting this with 3.1.17-2 (I scratch built it from dist-git as I could not find the official build for it)

==12255== Memcheck, a memory error detector
==12255== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==12255== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==12255== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.redhat.com
==12255== Parent PID: 3706
==12255==-
==12255== Conditional jump or move depends on uninitialised value(s)
==12255==    at 0x4A0B1F1: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12255==    by 0x4C69F6E: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C6B341: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C67689: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C68765: _gnutls_recv_int (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C68C44: gnutls_record_recv (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x40A3C9: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x406D82: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x3134221D64: (below main) (libc-start.c:285)
==12255==-
==12255== Conditional jump or move depends on uninitialised value(s)
==12255==    at 0x4A0B212: bcmp (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==12255==    by 0x4C69F6E: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C6B341: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C67689: ??? (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C68765: _gnutls_recv_int (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x4C68C44: gnutls_record_recv (in /usr/lib64/libgnutls.so.28.20.3)
==12255==    by 0x40A3C9: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x406D82: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x3134221D64: (below main) (libc-start.c:285)
==12255==-
==12255== Conditional jump or move depends on uninitialised value(s)
==12255==    at 0x31342784A1: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:859)
==12255==    by 0x31342741B1: fputc (fputc.c:38)
==12255==    by 0x406DE2: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x3134221D64: (below main) (libc-start.c:285)
==12255==-
==12255== Syscall param write(buf) points to uninitialised byte(s)
==12255==    at 0x31342E6890: __write_nocancel (syscall-template.S:81)
==12255==    by 0x3134276D22: _IO_file_write@@GLIBC_2.2.5 (fileops.c:1254)
==12255==    by 0x313427818B: _IO_do_write@@GLIBC_2.2.5 (fileops.c:530)
==12255==    by 0x3134278562: _IO_file_overflow@@GLIBC_2.2.5 (fileops.c:868)
==12255==    by 0x31342741B1: fputc (fputc.c:38)
==12255==    by 0x406DE2: ??? (in /usr/bin/gnutls-cli)
==12255==    by 0x3134221D64: (below main) (libc-start.c:285)
==12255==  Address 0x31345b9483 is 131 bytes inside data symbol "_IO_2_1_stdout_"
==12255==-
==12255==-
=
Comment 3 Fedora Update System 2013-12-05 07:01:25 EST
gnutls-3.1.17-3.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/gnutls-3.1.17-3.fc20
Comment 4 Fedora Update System 2013-12-05 16:26:21 EST
Package gnutls-3.1.17-3.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing gnutls-3.1.17-3.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-22805/gnutls-3.1.17-3.fc20
then log in and leave karma (feedback).
Comment 5 Fedora Update System 2013-12-17 14:13:13 EST
gnutls-3.1.17-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Christophe Fergeau 2013-12-18 07:46:25 EST
Yup, much better with this update, only a few apparently minor leaks are reported now

==31418== Memcheck, a memory error detector
==31418== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==31418== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==31418== Command: gnutls-cli --no-ca-verification rhevm32.spice.lab.eng.brq.redhat.com
==31418== Parent PID: 12006
==31418==-
==31418==-
==31418== HEAP SUMMARY:
==31418==     in use at exit: 169 bytes in 6 blocks
==31418==   total heap usage: 39,583 allocs, 39,577 frees, 6,342,169 bytes allocated
==31418==-
==31418== 4 bytes in 1 blocks are definitely lost in loss record 1 of 6
==31418==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31418==    by 0x3134286409: strdup (strdup.c:42)
==31418==    by 0x40A79D: socket_open (socket.c:213)
==31418==    by 0x4068A1: main (cli.c:865)
==31418==-
==31418== 12 bytes in 1 blocks are definitely lost in loss record 2 of 6
==31418==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31418==    by 0x3134286409: strdup (strdup.c:42)
==31418==    by 0x40A790: socket_open (socket.c:212)
==31418==    by 0x4068A1: main (cli.c:865)
==31418==-
==31418== 37 bytes in 1 blocks are definitely lost in loss record 5 of 6
==31418==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31418==    by 0x3134286409: strdup (strdup.c:42)
==31418==    by 0x40A783: socket_open (socket.c:211)
==31418==    by 0x4068A1: main (cli.c:865)
==31418==-
==31418== 64 bytes in 1 blocks are definitely lost in loss record 6 of 6
==31418==    at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31418==    by 0x31342DAD0C: gaih_inet (getaddrinfo.c:1203)
==31418==    by 0x31342DE6FC: getaddrinfo (getaddrinfo.c:2405)
==31418==    by 0x40A655: socket_open (socket.c:150)
==31418==    by 0x4068A1: main (cli.c:865)
==31418==-
==31418== LEAK SUMMARY:
==31418==    definitely lost: 117 bytes in 4 blocks
==31418==    indirectly lost: 0 bytes in 0 blocks
==31418==      possibly lost: 0 bytes in 0 blocks
==31418==    still reachable: 52 bytes in 2 blocks
==31418==         suppressed: 0 bytes in 0 blocks
==31418== Reachable blocks (those to which a pointer was found) are not shown.
==31418== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==31418==-
==31418== For counts of detected and suppressed errors, rerun with: -v
==31418== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 2 from 2)

Note You need to log in before you can comment on or make changes to this bug.