Hi,
It certainly would, but Valgrind isn't the only analysis tool people
might want to use. A runtime flag provides a means of obtaining accurate
results with any tool.
Unfortunately, for am attacker it also provides a means of (possibly)
weakening your program's randomness behind
On Thu, May 15, 2008 at 11:45:14PM +0200, Bodo Moeller wrote:
On Thu, May 15, 2008 at 11:41 PM, Erik de Castro Lopo
[EMAIL PROTECTED] wrote:
Goetz Babin-Ebell wrote:
But here the use of this uninitialized data is intentional
and the programmer are very well aware of what they did.
On Thu, May 15, 2008 at 06:17:03PM -0400, Geoff Thorpe wrote:
On Thursday 15 May 2008 17:31:45 Erik de Castro Lopo wrote:
Geoff Thorpe wrote:
Then tell your linux distribution to use -DPURIFY.
Hangon, I've got a better idea. How about the OpenSSL develoeprs
fix their library so that
Bodo Moeller wrote:
However, another intentional use of potentially unitialized data is
still left as of
http://cvs.openssl.org/getfile/openssl/crypto/rand/randfile.c?v=1.47.2.2
:
i=fread(buf,1,n,in);
if (i = 0) break;
/* even if n != i, use the
On Fri, May 16, 2008 at 6:47 AM, Thor Lancelot Simon [EMAIL PROTECTED] wrote:
On Thu, May 15, 2008 at 11:45:14PM +0200, Bodo Moeller wrote:
On Thu, May 15, 2008 at 11:41 PM, Erik de Castro Lopo
[EMAIL PROTECTED] wrote:
Goetz Babin-Ebell wrote:
But here the use of this uninitialized data is
On Thursday 15 May 2008 16:51:55 John Parker wrote:
I'm still seeing a lot of errors from valgrind, even with the latest
snapshot.
19 15:12 tar xvfz ../openssl-0.9.8-stable-SNAP-20080515.tar.gz
20 15:12 cd openssl-0.9.8-stable-SNAP-20080515/
21 15:12 ls
22 15:12
On Friday 16 May 2008 00:47:52 Thor Lancelot Simon wrote:
On Thu, May 15, 2008 at 11:45:14PM +0200, Bodo Moeller wrote:
It may be zero, but it may be more, depending on what happened earlier
in the program if the same memory locations have been in use before.
This may very well include data
