[openssl-dev] [openssl.org #3879] [BUG] opennssl 1.0.1g cause the system crash (obj_xref.c)
Kurt Roeckx
kurt at roeckx.be
Fri May 29 16:57:15 UTC 2015
On Fri, May 29, 2015 at 02:58:32PM +0200, Matt Caswell via RT wrote:
> On Fri May 29 07:06:02 2015, Joy.Tu at moxa.com wrote:
> > Hi,
> > I am porting openssl_1.0.1g to our private OS.
> > But we meet some
> > problem, could you please give me a favor.
> >
> > The issue is described
> > below.
> > Inside the file obj_xref.c, there is a variable sigx_app that
> > never be initialize,
> > so this variable sigx_app will be changed
> > anytime.
> > The uninitialized variable sigx_app will cause the system
> > crash at anytime.
> >
> > Could you please tell me the reason why the
> > variable didn't initialize?
>
> The variable sigx_app is a global variable. If your global variables are not
> being initialised then I would classify this as a compiler bug.
>
> OpenSSL assumes a compiler to be conformant with the C90 spec. All global
> variables have static storage duration. From section 6.5.7 of C90:
>
> "If an object that has static storage duration is not initialized explicitly,
> it is initialized implicitly as if every member that has arithmetic type were
> assigned 0 and every member that has pointer type were assigned a null pointer
> constant".
This is typically done by putting those variables in the bss
segment. Your private OS probably didn't set the bss segment to
all 0's.
Kurt
More information about the openssl-dev
mailing list