Re: valgrind and openssl

Lutz Jaenicke Fri, 16 May 2008 01:13:29 -0700

Bodo Moeller wrote:
> However, another intentional use of potentially unitialized data is
> still left as of
> http://cvs.openssl.org/getfile/openssl/crypto/rand/randfile.c?v=1.47.2.2
> :
>
>               i=fread(buf,1,n,in);
>               if (i <= 0) break;
>               /* even if n != i, use the full array */
>               RAND_add(buf,n,(double)i);
>
> Changing this into RAND_add(buf,i,(double)i) should make verification
> tools happier.  Or it could be
>
> #ifdef PURIFY
>               RAND_add(buf,i,(double)i);
> #else
>               RAND_add(buf,n,(double)i);
> #endif
>
> (abusing the "PURIFY" macro with a more general meaning).
>   
Good catch, patch applied :-)


Best regards,
    Lutz
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: valgrind and openssl

Reply via email to