Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Video presentations Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: Valgrind Reports Many Memory Errors on curl binary on Gentoo

From: Kamil Dudka via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 19 Feb 2019 10:17:49 +0100

On Tuesday, February 19, 2019 3:53:50 AM CET John Helmert III via curl-library
wrote:
> Valgrind reports an immense number of errors for me. Running valgrind like
> `valgrind curl https://example.com`. Tail end of that output:
>
> ==30282== Conditional jump or move depends on uninitialised value(s)
> ==30282== at 0x4E47689: Curl_pgrsUpdate (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E47DD8: Curl_pgrsDone (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6AA57: multi_done (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6B016: multi_runsingle (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6C590: curl_multi_perform (in
> /usr/lib64/libcurl.so.4.5.0) ==30282== by 0x4E64B51: curl_easy_perform
> (in /usr/lib64/libcurl.so.4.5.0) ==30282== by 0x11D9EF: operate_do (in
> /usr/local/bin/curl)
> ==30282== by 0x11EEF9: operate (in /usr/local/bin/curl)
> ==30282== by 0x111343: main (in /usr/local/bin/curl)
> ==30282==
> ==30282== Conditional jump or move depends on uninitialised value(s)
> ==30282== at 0x4E477D8: Curl_pgrsUpdate (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E47DD8: Curl_pgrsDone (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6AA57: multi_done (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6B016: multi_runsingle (in /usr/lib64/libcurl.so.4.5.0)
> ==30282== by 0x4E6C590: curl_multi_perform (in
> /usr/lib64/libcurl.so.4.5.0) ==30282== by 0x4E64B51: curl_easy_perform
> (in /usr/lib64/libcurl.so.4.5.0) ==30282== by 0x11D9EF: operate_do (in
> /usr/local/bin/curl)
> ==30282== by 0x11EEF9: operate (in /usr/local/bin/curl)
> ==30282== by 0x111343: main (in /usr/local/bin/curl)
> ==30282==
> ==30282==
> ==30282== HEAP SUMMARY:
> ==30282== in use at exit: 1,696 bytes in 50 blocks
> ==30282== total heap usage: 32,159 allocs, 32,109 frees, 2,818,764 bytes
> allocated ==30282==
> ==30282== LEAK SUMMARY:
> ==30282== definitely lost: 0 bytes in 0 blocks
> ==30282== indirectly lost: 0 bytes in 0 blocks
> ==30282== possibly lost: 0 bytes in 0 blocks
> ==30282== still reachable: 1,696 bytes in 50 blocks
> ==30282== suppressed: 0 bytes in 0 blocks
> ==30282== Rerun with --leak-check=full to see details of leaked memory
> ==30282==
> ==30282== Use --track-origins=yes to see where uninitialised values come
> from ==30282== For lists of detected and suppressed errors, rerun with: -s
> ==30282== ERROR SUMMARY: 4944 errors from 386 contexts (suppressed: 0 from
> 0)
>
> Running Gentoo x86-64, curl cloned from Github at commit 21b33b9 (latest at
> the time of writing this). Using gentoo-sources kernel 4.20.8 and
> glibc-2.28-r5
>
> Built/installed with:
>
> `./buildconf`
> `./configure`
> `make -j8`
> `sudo make install`
>
> Configure script output about configured environment:
>
> Host setup: x86_64-pc-linux-gnu
> Install prefix: /usr/local
> Compiler: gcc
> CFLAGS: -Werror-implicit-function-declaration -O2
> -Wno-system-headers -pthread CPPFLAGS:
> LDFLAGS:
> LIBS: -lnghttp2 -lidn2 -lssl -lcrypto -lssl -lcrypto -lldap
> -llber -lz
>
> curl version: 7.64.1-DEV
> SSL support: enabled (OpenSSL)
> SSH support: no (--with-libssh2)
> zlib support: enabled
> brotli support: no (--with-brotli)
> GSS-API support: no (--with-gssapi)
> TLS-SRP support: enabled
> resolver: POSIX threaded
> IPv6 support: enabled
> Unix sockets support: enabled
> IDN support: enabled (libidn2)
> Build libcurl: Shared=yes, Static=yes
> Built-in manual: enabled
> --libcurl option: enabled (--disable-libcurl-option)
> Verbose errors: enabled (--disable-verbose)
> Code coverage: disabled
> SSPI support: no (--enable-sspi)
> ca cert bundle: /etc/ssl/certs/ca-certificates.crt
> ca cert path: no
> ca fallback: no
> LDAP support: enabled (OpenLDAP)
> LDAPS support: enabled
> RTSP support: enabled
> RTMP support: no (--with-librtmp)
> metalink support: no (--with-libmetalink)
> PSL support: no (libpsl not found)
> HTTP2 support: enabled (nghttp2)
> Protocols: DICT FILE FTP FTPS GOPHER HTTP HTTPS IMAP IMAPS LDAP
> LDAPS POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP Features: SSL
> IPv6 UnixSockets libz AsynchDNS IDN NTLM NTLM_WB TLS-SRP HTTP2 HTTPS-proxy
>
> How can this be fixed?

I bet they are coming out of OpenSSL. If I run the same command under
valgrind on my Gentoo system, I see much more noise about uninitialized
memory. You have only two _unsuppressed_ reports in the valgrind output.

So I guess you have valgrind suppressions installed for OpenSSL but it
does not cover the indirectly used uninitialized memory that comes out
from OpenSSL but that is actually read by libcurl.

Are you able to trigger those valgrind reports without linking OpenSSL
at all?

Kamil

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2019-02-19