In case it's not obvious from the valgrind output, it appears that what is happening is that OpenSSL's crypto/mem.c is calling the ISC bind's private allocator (isc___mem_allocate) instead of malloc(3). This ISC function seems to be a system that mallocs a large block of memory and then hands out pieces of it without while maintaining its own bookkeeping. However, crypto/mem.c still uses the original free(3), it doesn't see isc___mem_free to release memory by the same rules. The result is a rogue free() call partway into the block that ISC bind allocated, and a segfault.
I haven't figured out yet why the ISC bind allocator is getting caught up in libcrypto, or what changed between 1.0.2a and 1.0.2b to cause this to become visible. -- Christopher Neufeld Home page: http://www.cneufeld.ca/neufeld "Don't edit reality for the sake of simplicity" _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
