[openssl-dev] [openssl.org #3879] [BUG] opennssl 1.0.1g cause the system crash (obj_xref.c)

[Joy Tu via RT]

So the solution is to initialize the variable by myself or
update the compiler to conformant with the C90 spec or
force those global variable in the bss segment to be all 0's on my private OS?
________________________________________
From: Kurt Roeckx [kurt at roeckx.be]
Sent: Saturday, May 30, 2015 12:57 AM
To: rt at openssl.org; openssl-dev at openssl.org
Cc: Joy Tu (凃清祺)
Subject: Re: [openssl-dev] [openssl.org #3879] [BUG] opennssl 1.0.1g cause the system crash (obj_xref.c)

On Fri, May 29, 2015 at 02:58:32PM +0200, Matt Caswell via RT wrote:
> On Fri May 29 07:06:02 2015, Joy.Tu at moxa.com wrote:
> > Hi,
> > I am porting openssl_1.0.1g to our private OS.
> > But we meet some
> > problem, could you please give me a favor.
> >
> > The issue is described
> > below.
> > Inside the file obj_xref.c, there is a variable sigx_app that
> > never be initialize,
> > so this variable sigx_app will be changed
> > anytime.
> > The uninitialized variable sigx_app will cause the system
> > crash at anytime.
> >
> > Could you please tell me the reason why the
> > variable didn't initialize?
>
> The variable sigx_app is a global variable. If your global variables are not
> being initialised then I would classify this as a compiler bug.
>
> OpenSSL assumes a compiler to be conformant with the C90 spec. All global
> variables have static storage duration. From section 6.5.7 of C90:
>
> "If an object that has static storage duration is not initialized explicitly,
> it is initialized implicitly as if every member that has arithmetic type were
> assigned 0 and every member that has pointer type were assigned a null pointer
> constant".

This is typically done by putting those variables in the bss
segment.  Your private OS probably didn't set the bss segment to
all 0's.


Kurt