Dan Kegel <[email protected]> writes: > Hi, > while valgrinding the wine conformance test suite (over and over and > over again, getting ready to do this on buildbot), > I saw the following warnings: > > Invalid read of size 4 > at 0x51966F3: asn1_der_coding (in > /usr/lib/i386-linux-gnu/libtasn1.so.3.1.11)
Can you get line numbers for the libtasn1 code? Your other post had debug symbols for GnuTLS, but not for Libtasn1. There is a 'libtasn1-3-dbg' package. > I've installed debugging symbols, so I can probably give a better backtrace > next time I hit these, if you like. > That first error has been noted before on the web: > http://www.mail-archive.com/[email protected]/msg935627.html > http://meego.gitorious.org/meego-middleware/syncevolution/commit/c890b7f6e45e4ef915c135544dd5dd198339d1ba/diffs > so it's not just me :-) It may be a problem with the compiler optimizing strlen calls, but without line numbers it is difficult to tell. > Is there a more secure way to report this kind of error? You can PGP/MIME sign your post, if that is what you meant. :-) Read-out-of-bound is generally not a security problem, unless the code uses the out of bound data for something. /Simon
