我在图书馆电话中有Use of uninitialised value of size 8的valgrind报告
CryptoPP::HuffmanEncoder::GenerateCodeLengths上的Ubuntu 12.10 libcrypto ++ 9_5.6.1-6_amd64.deb 。
我需要进行健全性检查:应用程序代码有问题吗? (这是一个真正的可能性,因为我刚开始使用crypto ++。)或者我应该将valgrind警告抑制放入忽略过滤器?
尽管有错误,但代码看起来还是有效的。
make: `test3' is up to date.
==5420== Memcheck, a memory error detector
==5420== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==5420== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==5420== Command: ./test3
==5420==
Plain text = 13312 bytes
==5420== Use of uninitialised value of size 8
==5420== at 0x520D9A9: CryptoPP::HuffmanEncoder::GenerateCodeLengths(unsigned int*, unsigned int, unsigned int const*, unsigned long) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520E0A5: CryptoPP::Deflator::EncodeBlock(bool, unsigned int) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520EA2E: CryptoPP::Deflator::EndBlock(bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520F221: CryptoPP::Deflator::Put2(unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F16DB: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F1F76: CryptoPP::BufferedTransformation::TransferMessagesTo2(CryptoPP::BufferedTransformation&, unsigned int&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F2185: CryptoPP::BufferedTransformation::TransferAllTo2(CryptoPP::BufferedTransformation&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x4106A4: CryptoPP::StringSource::StringSource(std::string const&, bool, CryptoPP::BufferedTransformation*) (filters.h:767)
==5420== by 0x40C7D5: main (test3.cpp:75)
==5420==
==5420== Use of uninitialised value of size 8
==5420== at 0x520D9A9: CryptoPP::HuffmanEncoder::GenerateCodeLengths(unsigned int*, unsigned int, unsigned int const*, unsigned long) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520E0A5: CryptoPP::Deflator::EncodeBlock(bool, unsigned int) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520EA4F: CryptoPP::Deflator::EndBlock(bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x520F221: CryptoPP::Deflator::Put2(unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F16DB: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F1F76: CryptoPP::BufferedTransformation::TransferMessagesTo2(CryptoPP::BufferedTransformation&, unsigned int&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x50F2185: CryptoPP::BufferedTransformation::TransferAllTo2(CryptoPP::BufferedTransformation&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0)
==5420== by 0x4106A4: CryptoPP::StringSource::StringSource(std::string const&, bool, CryptoPP::BufferedTransformation*) (filters.h:767)
==5420== by 0x40C7D5: main (test3.cpp:75)
==5420==
Encrypted text = 110 bytes : JFuk7LvDTujLm3D8SdFZCwSXMQsslb0+AUf8sp53Z+oRDIp9aQY1azUF2PZZje/SV1q+IPz5
jGWYkJXlZv2ttADPUdMbg7ib+B4LGlb+7/k=
KEY[16]: ABD86728BB78D5722D07F247D8279CD9
IV [8]: BEBD442990B11C58
==5420==
==5420== HEAP SUMMARY:
==5420== in use at exit: 0 bytes in 0 blocks
==5420== total heap usage: 118 allocs, 118 frees, 313,921 bytes allocated
==5420==
==5420== All heap blocks were freed -- no leaks are possible
==5420==
==5420== For counts of detected and suppressed errors, rerun with: -v
==5420== Use --track-origins=yes to see where uninitialised values come from
==5420== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2)
编译
g++ -std=c++11 -g3 -O2 -Wall -Wextra -Wno-unused -o test3 test3.cpp -lrt -lcryptopp
test3.cpp代码
#include <cryptopp/blowfish.h>
#include <cryptopp/base64.h>
#include <cryptopp/files.h>
#include <cryptopp/filters.h>
#include <cryptopp/modes.h>
#include <cryptopp/gzip.h>
#include <cryptopp/osrng.h>
#include <cryptopp/hex.h>
#include <ctime>
#include <iostream>
#include <exception>
int main ()
{
std::string plainText;
timespec ts1, ts2;
plainText = "Hello, world!";
for (int i = 0; i < 10; i++)
plainText = plainText + plainText;
byte iv [ CryptoPP::Blowfish::BLOCKSIZE ];
byte key[ CryptoPP::Blowfish::DEFAULT_KEYLENGTH ];
const bool generate_fast = true;
CryptoPP::AutoSeededRandomPool rng( !generate_fast );
rng.GenerateBlock( iv, sizeof( iv ));
rng.GenerateBlock( key, sizeof( key ));
std::cout << "Plain text = " << plainText.size() << " bytes\n";
std::string cipher, decipher;
CryptoPP::StringSink* sink = new CryptoPP::StringSink( cipher );
CryptoPP::Base64Encoder* base64_enc = new CryptoPP::Base64Encoder( sink );
CryptoPP::CBC_Mode<CryptoPP::Blowfish>::Encryption
twofish( key, CryptoPP::Blowfish::DEFAULT_KEYLENGTH, iv );
CryptoPP::StreamTransformationFilter*
enc = new CryptoPP::StreamTransformationFilter( twofish, base64_enc );
CryptoPP::Gzip *zip = new CryptoPP::Gzip( enc );
CryptoPP::StringSource source( plainText, true, zip );
std::cout << "Encrypted text = " << cipher.size() << " bytes : " << cipher;
}
答案 0 :(得分:2)
根据this,当你使用一个尚未初始化的值时(相当明显),valgrind会报告一个单位化值。
就您的代码而言,不同的C ++编译器处理已声明但未初始化的值的方式不同,具体取决于传递的标志。这可以将它们设置为零,但不应该假设它。
valgrind输出中的8个字节可能是一个指针,对那些使用未初始化的值特别危险。
要完全确定,您需要访问源代码,否则您将始终面临未来行为的风险。