I'm having trouble writing a suppression rule.
Here's the finding:
==6516== Use of uninitialised value of size 8
==6516== at 0x533B449: _x86_64_AES_encrypt_compact (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x533B6DA: fips_aes_encrypt (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x56FBC47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x56FBD27: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x56FBE47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0xFFEFFFE17: ???
==6516== Uninitialised value was created by a heap allocation
==6516== at 0x4C28D84: malloc (vg_replace_malloc.c:291)
==6516== by 0x53575AF: CRYPTO_malloc (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x53FB52B: drbg_get_entropy (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x534C312: fips_get_entropy (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x534CABE: FIPS_drbg_instantiate (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x53FB94E: RAND_init_fips (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x5403F5D: EVP_add_cipher (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516== by 0x507B7C0: SSL_library_init (in
/usr/local/ssl/lib/libssl.so.1.0.0)
==6516== by 0x4103E7: DoStartupOpenSSL() (ac-openssl-1.cpp:494)
==6516== by 0x419504: main (main.cpp:69)
==6516==
Here are the rules I'm trying to use to suppress the finding:
{
RAND_init_fips_1
Memcheck:Cond
...
fun:RAND_init_fips
...
}
{
RAND_init_fips_2
Memcheck:Value8
...
fun:RAND_init_fips
...
}
{
RAND_init_fips_3
Memcheck:Value4
...
fun:RAND_init_fips
...
}
I believe I'm using the frame-level wildcard according to the manual
(under Section 2.5, http://valgrind.org/docs/manual/manual-core.html):
A location line may also be simply "..." (three dots). This is a
frame-level wildcard, which matches zero or more frames.
Frame level wildcards are useful because they make it easy
to ignore varying numbers of uninteresting frames in between
frames of interest. That is often important when writing
suppressions which are intended to be robust against
variations in the amount of function inlining done by compilers.
Any ideas what I'm doing wrong?
Thanks in advance.
**********
My version of Valgrind (built from sources):
$ which valgrind
/usr/local/bin/valgrind
$ valgrind --version
valgrind-3.9.0
And the OS (Debian 7.3, x64, fully patched):
$ uname -a
Linux debian-q500 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Valgrind-users mailing list
Valgrind-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/valgrind-users
