Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > On Thu, Apr 16, 2020 at 09:45:45AM -0600, Theo de Raadt wrote: > > I don't understand the point of any of this cleanup. The process > > is dying and none of these things maintain external state. > > > > I'm going to call it what it is: stylistically stupid and rigid. > > > > Why? Because it would mean every call to errx() in the program is > > wrong because they don't attempt this, and only this one exit() call > > needs this kind of cleanup. That is simply not plausible. > > Indeed, also I noticed that ERR_remove_thread_state() was deprecated in > OpenSSL 1.1 and so I'm kind of back to square 1 again regarding the use of > deprecated functions. > > All this cleanup before exit(3) is done mostly to please runtime memory > leak checkers.
Which suggests people aren't actually fuzzing the programs via the errx() paths? I don't believe it. I don't think this was done to please a runtime memory leak checker, I think it was done proactively as a "style choice" in the belief it will please a runtime memory leak checker. So it is waiting for the plane to drop the box in exactly the same place as last time.