I've got some crashes happening in i2d_X509_CINF(). I've manged to generate the valgrind trace below indicating where it's happening, but it's not yet obvious to me why it should happen. It's in some code that's been stable for ages (hence 0.9.6b) but there seems to be a rare situation in which it crashes with a SIGSEGV.
Can anyone who is more familiar with openssl than me suggest what could cause this, or even where to look next? Or should I take this to the developers list? Note that I've cut out a number of "Conditional jump or move depends on uninitialised value(s)" messages that I don't believe are relevant. Neil Youngman ==1385== Invalid read of size 4 ==1385== at 0x41A3B23: CRYPTO_add_lock (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x406A328: ssl_cert_dup (in /lib/libssl.so.0.9.6b) ==1385== by 0x4067255: SSL_new (in /lib/libssl.so.0.9.6b) ==1385== by 0x80622E9: starttls_create_ssl (smtp-tls.c:358) ==1385== by 0x8062A7C: rsp_starttls (smtp-tls.c:721) ==1385== by 0x8064AA1: do_session (protocol.c:364) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== Address 0x49b14e8 is 16 bytes inside a block of size 84 free'd ==1385== at 0x40196BD: free (vg_replace_malloc.c:323) ==1385== by 0x41A3FF1: CRYPTO_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x41EFC9B: X509_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x406A4B2: ssl_cert_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x40677D5: SSL_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066352: sio_detach (siobuf.c:147) ==1385== by 0x8064B4D: do_session (protocol.c:385) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== ==1385== Invalid write of size 4 ==1385== at 0x41A3B27: CRYPTO_add_lock (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x406A328: ssl_cert_dup (in /lib/libssl.so.0.9.6b) ==1385== by 0x4067255: SSL_new (in /lib/libssl.so.0.9.6b) ==1385== by 0x80622E9: starttls_create_ssl (smtp-tls.c:358) ==1385== by 0x8062A7C: rsp_starttls (smtp-tls.c:721) ==1385== by 0x8064AA1: do_session (protocol.c:364) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== Address 0x49b14e8 is 16 bytes inside a block of size 84 free'd ==1385== at 0x40196BD: free (vg_replace_malloc.c:323) ==1385== by 0x41A3FF1: CRYPTO_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x41EFC9B: X509_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x406A4B2: ssl_cert_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x40677D5: SSL_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066352: sio_detach (siobuf.c:147) ==1385== by 0x8064B4D: do_session (protocol.c:385) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== ==1385== Invalid read of size 4 ==1385== at 0x41EF887: i2d_X509 (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x40638F0: ssl3_output_cert_chain (in /lib/libssl.so.0.9.6b) ==1385== by 0x405FC1D: ssl3_send_client_certificate (in /lib/libssl.so.0.9.6b) ==1385== by 0x405D96C: ssl3_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x406801F: SSL_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066426: sio_set_tlsclient_ssl (siobuf.c:203) ==1385== by 0x8062A87: rsp_starttls (smtp-tls.c:721) ==1385== by 0x8064AA1: do_session (protocol.c:364) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== Address 0x49b14d8 is 0 bytes inside a block of size 84 free'd ==1385== at 0x40196BD: free (vg_replace_malloc.c:323) ==1385== by 0x41A3FF1: CRYPTO_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x41EFC9B: X509_free (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x406A4B2: ssl_cert_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x40677D5: SSL_free (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066352: sio_detach (siobuf.c:147) ==1385== by 0x8064B4D: do_session (protocol.c:385) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== ==1385== Invalid read of size 4 ==1385== at 0x41EEE79: i2d_X509_CINF (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x41EF88E: i2d_X509 (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x40638F0: ssl3_output_cert_chain (in /lib/libssl.so.0.9.6b) ==1385== by 0x405FC1D: ssl3_send_client_certificate (in /lib/libssl.so.0.9.6b) ==1385== by 0x405D96C: ssl3_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x406801F: SSL_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066426: sio_set_tlsclient_ssl (siobuf.c:203) ==1385== by 0x8062A87: rsp_starttls (smtp-tls.c:721) ==1385== by 0x8064AA1: do_session (protocol.c:364) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== Address 0xefefefef is not stack'd, malloc'd or (recently) free'd ==1385== ==1385== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==1385== Access not within mapped region at address 0xEFEFEFEF ==1385== at 0x41EEE79: i2d_X509_CINF (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x41EF88E: i2d_X509 (in /lib/libcrypto.so.0.9.6b) ==1385== by 0x40638F0: ssl3_output_cert_chain (in /lib/libssl.so.0.9.6b) ==1385== by 0x405FC1D: ssl3_send_client_certificate (in /lib/libssl.so.0.9.6b) ==1385== by 0x405D96C: ssl3_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x406801F: SSL_connect (in /lib/libssl.so.0.9.6b) ==1385== by 0x8066426: sio_set_tlsclient_ssl (siobuf.c:203) ==1385== by 0x8062A87: rsp_starttls (smtp-tls.c:721) ==1385== by 0x8064AA1: do_session (protocol.c:364) ==1385== by 0x8059E7A: sendMessage(std::string const&, std::string const&, std::string const&, std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string const&, int, std::string const&, std::string&, std::string&, bool) (smtp.cpp:834) ==1385== by 0x805D090: sendFile(std::string const&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::multimap<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >&, std::string&, std::string&, std::string&, int&) (smtp.cpp:1314) ==1385== by 0x804DB02: main (main.cpp:228) ==1385== If you believe this happened as a result of a stack overflow in your ==1385== program's main thread (unlikely but possible), you can try to increase ==1385== the size of the main thread stack using the --main-stacksize= flag. ==1385== The main thread stack size used in this run was 8388608. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
