[gnutls-devel] libtasn1 | Reading CHOICE name confuses valgrind (#9)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jul 18 16:34:19 CEST 2019 



Daiki Ueno commented on a discussion: https://gitlab.com/gnutls/libtasn1/issues/9#note_193341717

Looks like so and if I replace `strcmp` with a length check + `memcmp` the error is gone.

Here is the disassembly gathered by Mark Wielaard:
```
$ ASN1CHOICE=choice.asn libtool --mode=execute valgrind --vgdb-error=0 ./Test_choice
==18694== Memcheck, a memory error detector
==18694== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==18694== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==18694== Command: ./Test_choice
==18694== 
==18694== (action at startup) vgdb me ... 
==18694== 
==18694== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==18694==   /path/to/gdb ./Test_choice
==18694== and then give GDB the following command
==18694==   target remote | /usr/libexec/valgrind/../../bin/vgdb --pid=18694
==18694== --pid is optional if only one valgrind process is running
==18694== 
==18694== Conditional jump or move depends on uninitialised value(s)
==18694==    at 0x40128D: main (Test_choice.c:122)
==18694== 
==18694== (action on error) vgdb me ... 

...

$ ASN1CHOICE=choice.asn libtool --mode=execute gdb ./Test_choice
[...]
Reading symbols from ./Test_choice...
(gdb) target remote | vgdb
Remote debugging using | vgdb
relaying data between gdb and process 18694
warning: remote target does not support file transfer, attempting to access files from local filesystem.
(gdb) c
Continuing.

Program received signal SIGTRAP, Trace/breakpoint trap.
0x000000000040128d in main (argc=<optimized out>, argv=<optimized out>)
    at Test_choice.c:122
122	  if (strcmp (data, "012345678901234") == 0)
(gdb) disassemble 
Dump of assembler code for function main:
[...]
   0x0000000000401216 <+326>:	mov    0x4(%rsp),%edx
   0x000000000040121a <+330>:	lea    0x20(%rsp),%rcx
   0x000000000040121f <+335>:	lea    0x18(%rsp),%rdi
   0x0000000000401224 <+340>:	lea    0xa0(%rsp),%rsi
   0x000000000040122c <+348>:	callq  0x401080 <asn1_der_decoding at plt>
   0x0000000000401231 <+353>:	test   %eax,%eax
   0x0000000000401233 <+355>:	jne    0x4012ca <main+506>
   0x0000000000401239 <+361>:	mov    0x18(%rsp),%rdi
   0x000000000040123e <+366>:	lea    0x4(%rsp),%rcx
   0x0000000000401243 <+371>:	lea    0xa0(%rsp),%rdx
   0x000000000040124b <+379>:	mov    $0x402030,%esi
   0x0000000000401250 <+384>:	movl   $0x400,0x4(%rsp)
   0x0000000000401258 <+392>:	callq  0x401040 <asn1_read_value at plt>
   0x000000000040125d <+397>:	test   %eax,%eax
   0x000000000040125f <+399>:	jne    0x4012c3 <main+499>
   0x0000000000401261 <+401>:	movabs $0x34333231303938,%rdx
   0x000000000040126b <+411>:	xor    0xa8(%rsp),%rdx
   0x0000000000401273 <+419>:	mov    $0x7c,%esi
   0x0000000000401278 <+424>:	movabs $0x3736353433323130,%rax
   0x0000000000401282 <+434>:	xor    0xa0(%rsp),%rax
   0x000000000040128a <+442>:	or     %rax,%rdx
=> 0x000000000040128d <+445>:	jne    0x4012a5 <main+469>
   0x000000000040128f <+447>:	mov    $0x402024,%edi
   0x0000000000401294 <+452>:	xor    %eax,%eax
   0x0000000000401296 <+454>:	callq  0x401060 <printf at plt>
   0x000000000040129b <+459>:	mov    $0x1,%edi
   0x00000000004012a0 <+464>:	callq  0x4010a0 <exit at plt>

```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/issues/9#note_193341717
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190718/66407b29/attachment-0001.html>

More information about the Gnutls-devel mailing list