[Valgrind-users] Frame-level wildcard not matching in suppression rule?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I'm having trouble writing a suppression rule.

Here's the finding:

==6516== Use of uninitialised value of size 8
==6516==    at 0x533B449: _x86_64_AES_encrypt_compact (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x533B6DA: fips_aes_encrypt (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x56FBC47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x56FBD27: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x56FBE47: ??? (in /usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0xFFEFFFE17: ???
==6516==  Uninitialised value was created by a heap allocation
==6516==    at 0x4C28D84: malloc (vg_replace_malloc.c:291)
==6516==    by 0x53575AF: CRYPTO_malloc (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x53FB52B: drbg_get_entropy (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x534C312: fips_get_entropy (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x534CABE: FIPS_drbg_instantiate (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x53FB94E: RAND_init_fips (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x5403F5D: EVP_add_cipher (in
/usr/local/ssl/lib/libcrypto.so.1.0.0)
==6516==    by 0x507B7C0: SSL_library_init (in
/usr/local/ssl/lib/libssl.so.1.0.0)
==6516==    by 0x4103E7: DoStartupOpenSSL() (ac-openssl-1.cpp:494)
==6516==    by 0x419504: main (main.cpp:69)
==6516==

Here are the rules I'm trying to use to suppress the finding:

{
   RAND_init_fips_1
   Memcheck:Cond
   ...
   fun:RAND_init_fips
   ...
}

{
   RAND_init_fips_2
   Memcheck:Value8
   ...
   fun:RAND_init_fips
   ...
}

{
   RAND_init_fips_3
   Memcheck:Value4
   ...
   fun:RAND_init_fips
   ...
}

I believe I'm using the frame-level wildcard according to the manual
(under Section 2.5, http://valgrind.org/docs/manual/manual-core.html):

    A location line may also be simply "..." (three dots). This is a
    frame-level wildcard, which matches zero or more frames.
    Frame level wildcards are useful because they make it easy
    to ignore varying numbers of uninteresting frames in between
    frames of interest. That is often important when writing
    suppressions which are intended to be robust against
    variations in the amount of function inlining done by compilers.

Any ideas what I'm doing wrong?

Thanks in advance.

**********

My version of Valgrind (built from sources):

$ which valgrind
/usr/local/bin/valgrind
$ valgrind --version
valgrind-3.9.0

And the OS (Debian 7.3, x64, fully patched):

$ uname -a
Linux debian-q500 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux