On Mon, 2013-02-18 at 08:12 -0500, Jeffrey Walton wrote: > It looks like the GCC tool chain has let you down: "C/C++ Option to > Initialize Variables?", > http://gcc.gnu.org/ml/gcc/2013-02/msg00207.html. > > Visual Studio has a similar feature for debug builds, and I don't ever > recall being burned by using an uninitalized value since the value > will be distinguished garbage - 0xCDCDCDCD and the like. As soon as I > see it, I know something is not initialized. > Fair point.
Yes, I'm using GCC, and frankly, I have no real complaints compared to VC. In this case, based on the seg fault and the resulting corrupted stack trace, it was obvious that the issue was related to referencing bad memory. Regardless if a toolchain might help with issues like this, the error is more fundamental: I did not fully understand aspects of the API. So the time spent was less on "what is happening?" and more on "what am I doing wrong?". > Were you compiling with full warnings? If so, you should have been > warned of use of an initialized value. If not, you might want to > investigate how the tool chain can help you with reliability and > security (there are lots of opportunities). Yes, I build w/ many warnings. Here's the relevant section of my build command--do you suggest other warnings to be enabled? g++-4.7.2 -g -Wall -Wextra -Weffc++ -Wno-missing-field-initializers -Wctor-dtor-privacy -Wnon-virtual-dtor -Wreorder -Wold-style-cast -Woverloaded-virtual -Werror -std=c++11 GCC did in fact warn me early-on about using the X509 struct uninitialized, but it did not warn about the RSA struct. Still, my lack of fully understanding the API led me to default initialize it (I come from more C++ than C) which silenced the warning and that part of the code worked anyway. So it still boils down to the developer knowing what he/she is doing and not relying on tooling to point out problems. Nick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
