The attached archive contains a collection of patches for undefined behaviors
that happen while the tests in directory tests/ are executed, with a recent
(as of June 2015) OpenSSL git version.

Each undefined behavior really happens for at least one
execution, the execution of the test. In other terms, none of these is a
“false positive”. The issues broadly fall in the following categories:

- accessing uninitialized data, sometimes as a result of not testing
the error code of a function (the patch fixes the caller to check for success 
of the
function that's supposed to allocate or initialize);

- dereferencing NULL (often for the same reason of failing to check for success
of called functions);

- using dangling pointers in comparisons as a result of the order in which they
are freed and compared.

A README file discusses the changes for which discussion seems necessary.

The undefined behaviors were found using a Valgrind-like, ASan-like tool to be
released as Open-Source soon:

Attachment: openssl_git_patches.tgz
Description: Binary data

openssl-bugs-mod mailing list
openssl-dev mailing list
To unsubscribe:

Reply via email to