The attached archive contains a collection of patches for undefined behaviors that happen while the tests in directory tests/ are executed, with a recent (as of June 2015) OpenSSL git version.
Each undefined behavior really happens for at least one execution, the execution of the test. In other terms, none of these is a “false positive”. The issues broadly fall in the following categories: - accessing uninitialized data, sometimes as a result of not testing the error code of a function (the patch fixes the caller to check for success of the function that's supposed to allocate or initialize); - dereferencing NULL (often for the same reason of failing to check for success of called functions); - using dangling pointers in comparisons as a result of the order in which they are freed and compared. A README file discusses the changes for which discussion seems necessary. The undefined behaviors were found using a Valgrind-like, ASan-like tool to be released as Open-Source soon: http://trust-in-soft.com/tis-interpreter/
openssl_git_patches.tgz
Description: Binary data
_______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev