【标题描述】use-of-uninitialized-value
【环境信息】
硬件信息:
1) x86
软件信息:
1) openEuler 21.09
2) 软件信息
Name: strongswan
Version: 5.7.2
Release: 7
如果有特殊组网,请提供网络拓扑图
【问题复现步骤】
1、获取源码
rpmbuild -bp strongswan.spec
2、打补丁
3、编译
python3 infra/helper.py build_fuzzers --sanitizer memory strongswan
4、运行
python3 infra/helper.py run_fuzzer strongswan fuzz_certs
【预期结果】
运行30min无异常
【实际结果】
==8==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x6377a8 in rsaep /src/strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c:88:28
#1 0x637106 in rsavp1 /src/strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c:116:9
#2 0x634dc7 in verify_emsa_pkcs1_signature /src/strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c:147:7
#3 0x634874 in verify /src/strongswan/src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c
#4 0x7314cb in issued_by /src/strongswan/src/libstrongswan/plugins/x509/x509_cert.c:1742:10
#5 0x71c970 in parse_certificate /src/strongswan/src/libstrongswan/plugins/x509/x509_cert.c:1609:7
#6 0x719565 in x509_cert_load /src/strongswan/src/libstrongswan/plugins/x509/x509_cert.c:2650:7
#7 0x567894 in create /src/strongswan/src/libstrongswan/credentials/credential_factory.c:129:16
#8 0x791c9e in load_from_blob /src/strongswan/src/libstrongswan/plugins/pem/pem_builder.c:428:10
#9 0x790e0f in pem_load /src/strongswan/src/libstrongswan/plugins/pem/pem_builder.c:494:10
#10 0x791104 in pem_certificate_load /src/strongswan/src/libstrongswan/plugins/pem/pem_builder.c:524:9
#11 0x567894 in create /src/strongswan/src/libstrongswan/credentials/credential_factory.c:129:16
#12 0x51f7d8 in LLVMFuzzerTestOneInput /src/strongswan/fuzz/fuzz_certs.c:33:9
#13 0x459241 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:556:15
#14 0x4445a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:296:6
#15 0x44a637 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:776:9
#16 0x472c82 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19:10
#17 0x7f9ed576082f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#18 0x41ebb8 in _start (/out/fuzz_certs+0x41ebb8)
Uninitialized value was created by an allocation of 'm' in the stack frame of function 'rsaep'
【附件信息】
比如系统message日志/组件日志、dump信息、图片等
Hey yanglijin, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at
https://gitee.com/openeuler/community/blob/master/en/sig-infrastructure/command.md.
If you have any questions, please contact the SIG: Application, and any of the maintainers: @jimmy_hero, @朱春意, @Alex_Chao, @惊奇脆片饼干, @wx897463, @BigSkySea, @small_leek.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
报错为src/libstrongswan/plugins/gmp/gmp_rsa_public_key.c里第88行的变量m使用前未被初始化,代码如下:
static chunk_t rsaep(private_gmp_rsa_public_key_t *this, chunk_t data)
{
mpz_t m, c;
chunk_t encrypted;
mpz_init(m);
mpz_import(m, data.len, 1, 1, 1, 0, data.ptr);
if (mpz_cmp_ui(m, 0) <= 0 || mpz_cmp(m, this->n) >= 0)
从代码中可看出,先定义了mpz_t类型变量m, 紧接着调用函数mpz_init对m进行初始化,mpz_init函数的作用是初始化变量并设初值为0,
所以不存在变量m在使用前未初始化,所以为非问题
从代码逻辑可以看出,代码确实通过调用mpz_init进行了初始化,可认为是误报,可关闭该问题单。
登录 后才可以发表评论