[openssl-dev] [openssl.org #4437] invalid free() by ENGINE_cleanup()

Daniel Stenberg via RT rt at openssl.org
Thu Mar 17 10:49:16 UTC 2016 

Hey,

In curl we call ENGINE_cleanup() as part of our OpenSSL specific cleanup 
function. When I do this with OpenSSL from git master as of right now 
(OpenSSL_1_1_0-pre4-7-ga717738) valgrind catches an illegal free:

==20314== Invalid free() / delete / delete[] / realloc()
==20314==    at 0x4C2AE6B: free (vg_replace_malloc.c:530)
==20314==    by 0x53AC11: OPENSSL_cleanup (in /home/daniel/src/curl/src/curl)
==20314==    by 0x6D53E07: __run_exit_handlers (in 
/lib/x86_64-linux-gnu/libc-2.22.so)
==20314==    by 0x6D53E54: exit (in /lib/x86_64-linux-gnu/libc-2.22.so)
==20314==    by 0x6D3E616: (below main) (in 
/lib/x86_64-linux-gnu/libc-2.22.so)
==20314==  Address 0xb5bb990 is 0 bytes inside a block of size 56 free'd
==20314==    at 0x4C2AE6B: free (vg_replace_malloc.c:530)
==20314==    by 0x4861A2: Curl_ossl_cleanup (openssl.c:726)
==20314==    by 0x4381C4: Curl_ssl_cleanup (vtls.c:274)
==20314==    by 0x425D5D: curl_global_cleanup (easy.c:349)
==20314==    by 0x411C50: main_free (tool_main.c:210)
==20314==    by 0x411D05: main (tool_main.c:260)
==20314==  Block was alloc'd at
==20314==    at 0x4C29C0F: malloc (vg_replace_malloc.c:299)
==20314==    by 0x53D97D: CRYPTO_zalloc (in /home/daniel/src/curl/src/curl)
==20314==    by 0x5806E6: CRYPTO_THREAD_lock_new (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x51EC18: do_engine_lock_init (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x6B0F4E8: __pthread_once_slow (pthread_once.c:116)
==20314==    by 0x5807C8: CRYPTO_THREAD_run_once (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x51EC63: ENGINE_new (in /home/daniel/src/curl/src/curl)
==20314==    by 0x611DE5: engine_load_dynamic_internal (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x6B0F4E8: __pthread_once_slow (pthread_once.c:116)
==20314==    by 0x5807C8: CRYPTO_THREAD_run_once (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x53B0E2: OPENSSL_init_crypto (in 
/home/daniel/src/curl/src/curl)
==20314==    by 0x486141: Curl_ossl_init (openssl.c:687)

This is fully reproducable and it goes away if I remove the call to 
ENGINE_cleanup().

The corresponding curl bug to track this is at 
https://github.com/curl/curl/issues/717

-- 

  / daniel.haxx.se


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4437
Please log in as guest with password guest if prompted

More information about the openssl-dev mailing list