|
From: Konstantin S. <kon...@gm...> - 2009-02-06 12:09:04
|
On Fri, Feb 6, 2009 at 2:27 PM, Tom Hughes <to...@co...> wrote:
> Konstantin Serebryany wrote:
>
>> That's a challenge. :)
>> Right now I have only one reproducer somewhere inside the openssl's
>> assembly file:
>>
>> ==11896== Use of uninitialised value of size 8
>> ==11896== at 0xC32B140: bn_mul_mont (x86_64-mont.s:151)
>> ==11896== by 0xEFD8ADCFE9793F71: ???
>> ==11896== by 0x4DC04AA2FB5DAAB0: ???
>> ==11896== by 0xB18F5B34F8340518: ???
>> ==11896== by 0x9629706EA81DAD54: ???
>> ...
>
> That's a hand crafted assembler routine, so unless the author has either
> taken the trouble to setup a traditional x86 stack frame by pushing the
> frame pointer, or has added DWARF declarations to describe how to unwind the
> stack, then valgrind won't be able to unwind out of it.
>
> Can gdb unwind out of that function if you set a break point inside it?
If I run the program under gdb and set a break point in that function,
gdb can unwind..
Breakpoint 1, bn_mul_mont () at x86_64-mont.s:7
7 x86_64-mont.s: No such file or directory.
in x86_64-mont.s
Current language: auto; currently asm
(gdb) bt
#0 bn_mul_mont () at x86_64-mont.s:7
#1 0x00002aaab23cabe5 in BN_mod_mul_montgomery (r=0x2aaab692f220,
a=0x2aaab737a718, b=0x2aaab7374770, mont=0x2aaab7374768,
ctx=0x2aaab698fcc8) at bn_mont.c:159
#2 0x00002aaab23c089d in BN_mod_exp_mont (rr=0x2aaab737a718,
a=0x2aaab737a718, p=0x2aaab737a698, m=<value optimized out>,
ctx=0x2aaab698fcc8, in_mont=0x0) at bn_exp.c:434
#3 0x00002aaab23c6431 in BN_BLINDING_create_param (b=0x0, e=<value
optimized out>, m=<value optimized out>, ctx=0x2aaab698fcc8,
bn_mod_exp=0x2aaab23c0630 <BN_mod_exp_mont>, m_ctx=0x0) at
bn_blind.c:352
#4 0x00002aaab23dd66f in RSA_setup_blinding (rsa=0x2aaab69604f8,
in_ctx=0x0) at rsa_lib.c:424
#5 0x00002aaab23dd89e in RSA_blinding_on (rsa=0x2aaab69604f8,
ctx=0x0) at rsa_lib.c:337
....
If I run valgrind with --db-attach=yes, gdb can't unwind.
(gdb) bt
#0 bn_mul_mont () at x86_64-mont.s:151
#1 0xc798652805958912 in ?? ()
#2 0x45729487728cd440 in ?? ()
#3 0x9d5b9d6a21ce321c in ?? ()
#4 0xbc472223dd03bce1 in ?? ()
#5 0xf832d2e8fb669bc2 in ?? ()
#6 0xdcfeae38f9da1b0d in ?? ()
#7 0x87511babdc7fa779 in ?? ()
So, I'll let you know if I find cases w/o hand written assembly.
Thanks for explanation!
--kcc
>
> Tom
>
> --
> Tom Hughes (to...@co...)
> http://www.compton.nu/
>
|