View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001415libmicrohttpdHTTPS (TLS)public2008-08-24 15:202008-09-10 22:49
ReporterChristian Grothoff Assigned Tolv-426__  
PriorityurgentSeveritycrashReproducibilityalways
Status closedResolutionfixed 
Product VersionGit master 
Summary0001415: testcases crash, valgrind reports errors
DescriptionWhen I run the tls-daemon-options test with valgrind, I get reports of out-of-memory writes. Without valgrind, the code simply segfaults.

valgrind also warns (without trace) about close(-1) calls.

I've attached the valgrind output to this report.
Additional InformationI ran valgrind simply with --tool=memcheck.
TagsNo tags attached.
Attached Files
tls-daemon-vg-problems.txt (11,403 bytes)    
==31738== Thread 3:
==31738== Invalid write of size 1
==31738==    at 0x4024984: memcpy (mc_replace_strmem.c:402)
==31738==    by 0x409E5AF: mhd_gtls_string_append_data (gnutls_str.c:224)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738==  Address 0x49441b5 is 3 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738== 
==31738== Invalid write of size 1
==31738==    at 0x402498C: memcpy (mc_replace_strmem.c:402)
==31738==    by 0x409E5AF: mhd_gtls_string_append_data (gnutls_str.c:224)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738==  Address 0x49441b4 is 2 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738== 
==31738== Invalid write of size 1
==31738==    at 0x4024995: memcpy (mc_replace_strmem.c:402)
==31738==    by 0x409E5AF: mhd_gtls_string_append_data (gnutls_str.c:224)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738==  Address 0x49441b3 is 1 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738== 
==31738== Invalid write of size 1
==31738==    at 0x402499E: memcpy (mc_replace_strmem.c:402)
==31738==    by 0x409E5AF: mhd_gtls_string_append_data (gnutls_str.c:224)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738==  Address 0x49441b2 is 0 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738== 
==31738== Invalid read of size 1
==31738==    at 0x42BD95E: (within /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x428CFE6: (within /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x427B7FA: gcry_md_write (in /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x4046B9A: gc_hash_write (gc-libgcrypt.c:404)
==31738==    by 0x409155F: mhd_gnutls_hash (gnutls_hash_int.c:98)
==31738==    by 0x408BD25: ??? (gnutls_handshake.c:494)
==31738==    by 0x408CF23: ??? (gnutls_handshake.c:1116)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x408BD9A: ??? (gnutls_handshake.c:571)
==31738==    by 0x408FFAC: ??? (gnutls_handshake.c:2499)
==31738==    by 0x4090864: mhd_gtls_handshake_common (gnutls_handshake.c:2635)
==31738==    by 0x408F19C: MHD_gnutls_handshake (gnutls_handshake.c:2247)
==31738==  Address 0x49441b2 is 0 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)
==31738== 
==31738== Invalid read of size 1
==31738==    at 0x42B49C0: (within /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x428CFE6: (within /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x427B7FA: gcry_md_write (in /usr/lib/libgcrypt.so.11.4.4)
==31738==    by 0x4046B9A: gc_hash_write (gc-libgcrypt.c:404)
==31738==    by 0x409155F: mhd_gnutls_hash (gnutls_hash_int.c:98)
==31738==    by 0x408BD44: ??? (gnutls_handshake.c:496)
==31738==    by 0x408CF23: ??? (gnutls_handshake.c:1116)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x408BD9A: ??? (gnutls_handshake.c:571)
==31738==    by 0x408FFAC: ??? (gnutls_handshake.c:2499)
==31738==    by 0x4090864: mhd_gtls_handshake_common (gnutls_handshake.c:2635)
==31738==    by 0x408F19C: MHD_gnutls_handshake (gnutls_handshake.c:2247)
==31738==  Address 0x49441b2 is 0 bytes after a block of size 258 alloc'd
==31738==    at 0x4023E8C: realloc (vg_replace_malloc.c:429)
==31738==    by 0x409E528: mhd_gtls_string_append_data (gnutls_str.c:216)
==31738==    by 0x4084472: mhd_gtls_handshake_buffer_put (gnutls_buffers.c:1181)
==31738==    by 0x408D00F: ??? (gnutls_handshake.c:1135)
==31738==    by 0x408D2E1: mhd_gtls_recv_handshake (gnutls_handshake.c:1218)
==31738==    by 0x409300C: mhd_gtls_recv_client_kx_message (gnutls_kx.c:464)
==31738==    by 0x40906C1: mhd_gtls_handshake_server (gnutls_handshake.c:2603)
==31738==    by 0x408F15A: MHD_gnutls_handshake (gnutls_handshake.c:2234)
==31738==    by 0x404434D: ??? (connection_https.c:270)
==31738==    by 0x40405B8: ??? (daemon.c:271)
==31738==    by 0x40407B2: ??? (daemon.c:372)
==31738==    by 0x4125F3A: start_thread (pthread_create.c:297)


==31738== Warning: invalid file descriptor -1 in syscall close()
Error: Handshake has failed (-12)
==31738== Warning: invalid file descriptor -1 in syscall close()

==31738== Warning: invalid file descriptor -1 in syscall close()
running test: https_transfer [pass]
running test: file certificates [pass]
running test: protocol_version [pass]
running test: cipher DES-CBC3-SHA [pass]
running test: mac SH1 [pass]
running test: kx ANON_DH [pass]
running test: ADH-AES256-SHA [pass]
==31738== 
==31738== ERROR SUMMARY: 43330 errors from 397 contexts (suppressed: 22055 from 11)
==31738== malloc/free: in use at exit: 40,071 bytes in 170 blocks.
==31738== malloc/free: 103,223 allocs, 103,053 frees, 15,688,318 bytes allocated.
==31738== For counts of detected errors, rerun with: -v
==31738== searching for pointers to 170 not-freed blocks.
==31738== checked 382,832 bytes.
==31738== 
==31738== LEAK SUMMARY:
==31738==    definitely lost: 35,905 bytes in 41 blocks.
==31738==      possibly lost: 0 bytes in 0 blocks.
==31738==    still reachable: 4,166 bytes in 129 blocks.
==31738==         suppressed: 0 bytes in 0 blocks.
==31738== Rerun with --leak-check=full to see details of leaked memory.
tls-daemon-vg-problems.txt (11,403 bytes)   

Activities

Christian Grothoff

2008-09-07 01:47

manager   ~0003679

Fixed in SVN 7661.

Issue History

Date Modified Username Field Change
2008-08-24 15:20 Christian Grothoff New Issue
2008-08-24 15:20 Christian Grothoff File Added: tls-daemon-vg-problems.txt
2008-08-28 15:19 lv-426__ Assigned To => lv-426__
2008-08-28 15:19 lv-426__ Status new => acknowledged
2008-09-07 01:47 Christian Grothoff Note Added: 0003679
2008-09-07 01:47 Christian Grothoff Status acknowledged => resolved
2008-09-07 01:47 Christian Grothoff Resolution open => fixed
2008-09-10 22:49 Christian Grothoff Status resolved => closed
2013-05-06 12:52 Christian Grothoff Category SSL => HTTPS (SSL)
2024-01-21 13:25 Christian Grothoff Category HTTPS (SSL) => HTTPS (TLS)