[botan-devel] SEGV in RNG after updating to 1.10.7

William K. Foster wkf at alum.mit.edu
Wed Feb 5 22:43:57 EST 2014


Here is the same crash now built debug:

#1  0x00000000005c7cfe in GlobalSignalTermHandler (sig=11) at Param.cpp:1422
#2  <signal handler called>
#3  0x00000000006e32a7 in reverse_bytes (val=<optimized out>) at
build/include/botan/bswap.h:89
#4  load_be<unsigned long long> (off=<optimized out>, in=<optimized out>)
at build/include/botan/loadstor.h:203
#5  Botan::(anonymous namespace)::SHA2_64::compress (digest=...,
input=0x1c673fc0 "", blocks=144115188075855871) at
src/hash/sha2_64/sha2_64.cpp:69
#6  0x00000000006e75cb in Botan::SHA_512::compress_n (this=<optimized out>,
input=0xb150ecc3f2126af9 <Address 0xb150ecc3f2126af9 out of bounds>,
blocks=4962443879754064639) at src/hash/sha2_64/sha2_64.cpp:214
#7  0x00000000006de46c in Botan::MDx_HashFunction::add_data
(this=0x1c37c070, input=0x1c407f40
"\214er\245\022{\265\321\006=\230\250X\235\r\377\256\331C\001\227\224\272\256\035\321\\b\031z\204\252\a\202^;*\335n",
length=<optimized out>) at src/hash/mdx_hash/mdx_hash.cpp:62
#8  0x000000000078023e in update (length=<optimized out>, in=<optimized
out>, this=0xbabe7fe4e2e11c96) at build/include/botan/buf_comp.h:33
#9  Botan::HMAC::add_data (this=<optimized out>, input=0xb150ecc3f2126af9
<Address 0xb150ecc3f2126af9 out of bounds>, length=4962443879754064639) at
src/mac/hmac/hmac.cpp:19
#10 0x00000000007d742e in update (length=<optimized out>, in=<optimized
out>, this=0xbabe7fe4e2e11c96) at build/include/botan/buf_comp.h:33
#11 Botan::Entropy_Accumulator_BufferedComputation::add_bytes
(this=<optimized out>, bytes=0xb150ecc3f2126af9 <Address 0xb150ecc3f2126af9
out of bounds>, length=4962443879754064639) at
build/include/botan/entropy_src.h:113
#12 0x000000000080a53d in add (entropy_bits_per_byte=<optimized out>,
length=18446744073709551615, bytes=<optimized out>, this=<optimized out>)
at build/include/botan/entropy_src.h:72
#13 Botan::Device_EntropySource::poll (this=<optimized out>, accum=...) at
src/entropy/dev_random/dev_random.cpp:96
#14 0x00000000007d611f in Botan::HMAC_RNG::reseed (this=0x1c3a45a0,
poll_bits=256) at src/rng/hmac_rng/hmac_rng.cpp:86
#15 0x00000000007d8a86 in Botan::ANSI_X931_RNG::reseed (this=0x1c3b4600,
poll_bits=12776972469174168313) at src/rng/x931_rng/x931_rng.cpp:79
#16 0x000000000077c3b4 in Botan::Library_State::make_global_rng (af=...,
mutex=0x1c3aaf40) at src/libstate/global_rng.cpp:199
#17 0x00000000006e9335 in Botan::Library_State::global_rng
(this=0x1c3b8000) at src/libstate/libstate.cpp:189
#18 0x00000000005cd6ab in Botan::AutoSeeded_RNG::AutoSeeded_RNG
(this=0x7fff4b9bcfc0) at ../../src/Botan/build/include/botan/auto_rng.h:40

Any thoughts on why a switch to v1.10.7 would bring about this new SEGV?

Thanks.

-William



On Mon, Feb 3, 2014 at 3:57 PM, William K. Foster <wkf at alum.mit.edu> wrote:

> Hello,
>
> I recently updated from Botan v1.10.5 to v1.10.7 and I've seen a SEGV that
> is not easily reproducible in the RNG constructor:
>
> #1  0x00000000005c794e in GlobalSignalTermHandler (sig=11) at
> Param.cpp:1422
> #2  <signal handler called>
> #3  0x00000000006e4bdc in Botan::(anonymous
> namespace)::SHA2_64::compress(Botan::MemoryRegion<unsigned long long>&,
> unsigned char const*, unsigned long) ()
> #4  0x00000000006dfd3f in Botan::MDx_HashFunction::add_data(unsigned char
> const*, unsigned long) ()
> #5  0x000000000080da34 in
> Botan::Device_EntropySource::poll(Botan::Entropy_Accumulator&) ()
> #6  0x00000000007d168e in Botan::HMAC_RNG::reseed(unsigned long) ()
> #7  0x00000000007d4c9e in Botan::ANSI_X931_RNG::reseed(unsigned long) ()
> #8  0x000000000077ade4 in
> Botan::Library_State::make_global_rng(Botan::Algorithm_Factory&,
> Botan::Mutex*) ()
> #9  0x00000000006eac6b in Botan::Library_State::global_rng() ()
> #10 0x00000000005cd2fb in Botan::AutoSeeded_RNG::AutoSeeded_RNG
> (this=0x7fff204511d0) at ../../src/Botan/build/include/botan/auto_rng.h:40
>
> The calling code is doing a default constructor of an RNG:
>
>     Botan::AutoSeeded_RNG rng;
>
> This usually works, but on occasion I get a SEGV.
>
> Could this be related to changes between v1.10.5 and v1.10.7?
>
> Thanks.
>
> -William
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20140205/d869540b/attachment.html>


More information about the botan-devel mailing list