[openssl-dev] [openssl.org #3879] [BUG] opennssl 1.0.1g cause the system crash (obj_xref.c)
Matt Caswell via RT
rt at openssl.org
Fri May 29 12:58:32 UTC 2015
On Fri May 29 07:06:02 2015, Joy.Tu at moxa.com wrote:
> Hi,
> I am porting openssl_1.0.1g to our private OS.
> But we meet some
> problem, could you please give me a favor.
>
> The issue is described
> below.
> Inside the file obj_xref.c, there is a variable sigx_app that
> never be initialize,
> so this variable sigx_app will be changed
> anytime.
> The uninitialized variable sigx_app will cause the system
> crash at anytime.
>
> Could you please tell me the reason why the
> variable didn’t initialize?
The variable sigx_app is a global variable. If your global variables are not
being initialised then I would classify this as a compiler bug.
OpenSSL assumes a compiler to be conformant with the C90 spec. All global
variables have static storage duration. From section 6.5.7 of C90:
"If an object that has static storage duration is not initialized explicitly,
it is initialized implicitly as if every member that has arithmetic type were
assigned 0 and every member that has pointer type were assigned a null pointer
constant".
Matt
More information about the openssl-dev
mailing list