[openssl-dev] [openssl.org #3905] Followup information
bug-reporting0000@cneufeld.ca via RT
rt at openssl.org
Mon Jun 15 02:31:05 UTC 2015
In case it's not obvious from the valgrind output, it appears that what is
happening is that OpenSSL's crypto/mem.c is calling the ISC bind's private
allocator (isc___mem_allocate) instead of malloc(3). This ISC function
seems to be a system that mallocs a large block of memory and then hands
out pieces of it without while maintaining its own bookkeeping. However,
crypto/mem.c still uses the original free(3), it doesn't see isc___mem_free
to release memory by the same rules. The result is a rogue free() call
partway into the block that ISC bind allocated, and a segfault.
I haven't figured out yet why the ISC bind allocator is getting caught up
in libcrypto, or what changed between 1.0.2a and 1.0.2b to cause this to
become visible.
--
Christopher Neufeld
Home page: http://www.cneufeld.ca/neufeld
"Don't edit reality for the sake of simplicity"
More information about the openssl-dev
mailing list