Message 154742 - Python tracker

➜

This issue tracker has been migrated to GitHub , and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

In-reply-to
Author	zooko
Recipients	zooko
Date	2012年03月02日.06:48:18
SpamBayes Score	2.924308e-08
Marked as misclassified	No
Message-id	<1330670900.9.0.919434132567.issue14171@psf.upfronthosting.co.za>

Content
The buildbot for the Tahoe-LAFS and pycryptopp projects runs CPython under valgrind on Fedora, and valgrind emits warnings like this: ==30127== Conditional jump or move depends on uninitialised value(s) ==30127== at 0x4C2AD01: bcmp (mc_replace_strmem.c:889) ==30127== by 0xC1D1646: fips_get_entropy (fips_drbg_lib.c:166) ==30127== by 0xC1D1D6E: FIPS_drbg_instantiate (fips_drbg_lib.c:234) ==30127== by 0xC15F590: RAND_init_fips (rand_lib.c:286) ==30127== by 0xC0F54D3: OPENSSL_init_library (o_init.c:106) ==30127== by 0xBE76AF8: SSL_library_init (ssl_algs.c:68) ==30127== by 0xBC2B39D: init_hashlib (in /usr/lib64/python2.7/lib-dynload/_hashlib.so) ==30127== by 0x4F1DB00: _PyImport_LoadDynamicModule (in /usr/lib64/libpython2.7.so.1.0) You can see the full output from such a buildbot run here: https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/test%20valgrind/logs/valgrind Here is information about the versions of software involved: https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/show-tool-versions/logs/stdio The owner of the buildslave machine says that the openssl package was "openssl-1.0.1-0.1.beta2.fc17.x86_64". Not having looked closer, I assume this is just a case of openssl using uninitialized memory as part of the initialization of the PRNG. Accordingly, I wrote suppressions stanzas for our valgrind suppressions file, which made the warnings go away. Here are the suppression expressions: # generated on buildbot.rubenkerkhof.com, which had, according to Ruben # Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64" { buildbot.rubenkerkhof.com cond fips openssl 1 Memcheck:Cond fun:bcmp fun:fips_get_entropy fun:FIPS_drbg_instantiate fun:RAND_init_fips fun:OPENSSL_init_library fun:SSL_library_init fun:init_hashlib } { buildbot.rubenkerkhof.com cond fips openssl 2 Memcheck:Cond fun:fips_get_entropy fun:FIPS_drbg_instantiate fun:RAND_init_fips fun:OPENSSL_init_library fun:SSL_library_init fun:init_hashlib } { buildbot.rubenkerkhof.com val _x86_64_AES_encrypt_compact Memcheck:Value8 fun:_x86_64_AES_encrypt_compact fun:AES_encrypt } I opened this ticket on launchpad.net to track the handling of this issue in various projects such as openssl, pycryptopp, CPython, valgrind, and Fedora: https://bugs.launchpad.net/pycryptopp/+bug/944585

Content

The buildbot for the Tahoe-LAFS and pycryptopp projects runs CPython under valgrind on Fedora, and valgrind emits warnings like this:
==30127== Conditional jump or move depends on uninitialised value(s)
==30127== at 0x4C2AD01: bcmp (mc_replace_strmem.c:889)
==30127== by 0xC1D1646: fips_get_entropy (fips_drbg_lib.c:166)
==30127== by 0xC1D1D6E: FIPS_drbg_instantiate (fips_drbg_lib.c:234)
==30127== by 0xC15F590: RAND_init_fips (rand_lib.c:286)
==30127== by 0xC0F54D3: OPENSSL_init_library (o_init.c:106)
==30127== by 0xBE76AF8: SSL_library_init (ssl_algs.c:68)
==30127== by 0xBC2B39D: init_hashlib (in /usr/lib64/python2.7/lib-dynload/_hashlib.so)
==30127== by 0x4F1DB00: _PyImport_LoadDynamicModule (in /usr/lib64/libpython2.7.so.1.0)
You can see the full output from such a buildbot run here:
https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/test%20valgrind/logs/valgrind
Here is information about the versions of software involved:
https://tahoe-lafs.org/buildbot-pycryptopp/builders/Ruben%20Fedora%20syslib/builds/58/steps/show-tool-versions/logs/stdio
The owner of the buildslave machine says that the openssl package was "openssl-1.0.1-0.1.beta2.fc17.x86_64".
Not having looked closer, I assume this is just a case of openssl using uninitialized memory as part of the initialization of the PRNG. Accordingly, I wrote suppressions stanzas for our valgrind suppressions file, which made the warnings go away.
Here are the suppression expressions:
# generated on buildbot.rubenkerkhof.com, which had, according to Ruben
# Fedora's package "openssl-1.0.1-0.1.beta2.fc17.x86_64"
{
 buildbot.rubenkerkhof.com cond fips openssl 1
 Memcheck:Cond
 fun:bcmp
 fun:fips_get_entropy
 fun:FIPS_drbg_instantiate
 fun:RAND_init_fips
 fun:OPENSSL_init_library
 fun:SSL_library_init
 fun:init_hashlib
}
{
 buildbot.rubenkerkhof.com cond fips openssl 2
 Memcheck:Cond
 fun:fips_get_entropy
 fun:FIPS_drbg_instantiate
 fun:RAND_init_fips
 fun:OPENSSL_init_library
 fun:SSL_library_init
 fun:init_hashlib
}
{
 buildbot.rubenkerkhof.com val _x86_64_AES_encrypt_compact
 Memcheck:Value8
 fun:_x86_64_AES_encrypt_compact
 fun:AES_encrypt
}
I opened this ticket on launchpad.net to track the handling of this
issue in various projects such as openssl, pycryptopp, CPython,
valgrind, and Fedora:
https://bugs.launchpad.net/pycryptopp/+bug/944585

History
Date	User	Action	Args
2012年03月02日 06:48:21	zooko	set	recipients: + zooko
2012年03月02日 06:48:20	zooko	set	messageid: <1330670900.9.0.919434132567.issue14171@psf.upfronthosting.co.za>
2012年03月02日 06:48:20	zooko	link	issue14171 messages
2012年03月02日 06:48:19	zooko	create

homepage