5
所以我有一個非常基本的通過https與Facebook服務器交談的例子,但是valgrind抱怨地抱怨。所以我認爲我沒有設置錯誤的東西......有誰知道我做錯了什麼?當使用https時,valgrind會報告libcurl的問題
這裏是我的代碼:
#include <string>
#include <iostream>
#include <curl/curl.h>
size_t write_fn_impl(void* ptr, size_t size, size_t nmemb, void * data)
{
std::string * result = static_cast<std::string*>(data);
*result += std::string((char*)ptr, size*nmemb);
return size*nmemb;
}
int main()
{
std::string url_full="https://graph.facebook.com/me";
std::string useragent = "Facebook API C++ Client (curl)";
CURL * ch_ = curl_easy_init();
char error_buffer[CURL_ERROR_SIZE];
curl_easy_setopt(ch_, CURLOPT_ERRORBUFFER, error_buffer);
curl_easy_setopt(ch_, CURLOPT_WRITEFUNCTION, &write_fn_impl);
std::string result;
curl_easy_setopt(ch_, CURLOPT_WRITEDATA, &result);
int id = 1;
curl_easy_setopt(ch_, CURLOPT_VERBOSE, id);
curl_easy_setopt(ch_, CURLOPT_URL, url_full.c_str());
curl_easy_setopt(ch_, CURLOPT_USERAGENT, useragent.c_str());
curl_easy_setopt(ch_, CURLOPT_CONNECTTIMEOUT, 10);
curl_easy_setopt(ch_, CURLOPT_TIMEOUT, 30);
curl_easy_perform(ch_);
curl_easy_cleanup(ch_);
std::cout<< result<<std::endl;
}
什麼的valgrind說的是:
==14149== Memcheck, a memory error detector
==14149== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==14149== Using Valgrind-3.5.0-Debian and LibVEX; rerun with -h for copyright info
==14149== Command: ./a.out
==14149==
* About to connect() to graph.facebook.com port 443 (#0)
* Trying 66.220.146.47... * connected
* Connected to graph.facebook.com (66.220.146.47) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
==14149== Syscall param write(buf) points to uninitialised byte(s)
==14149== at 0x4268113: __write_nocancel (in /lib/tls/i686/cmov/libc-2.10.1.so)
==14149== by 0x44A5A8E: BIO_write (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x43E49B8: ssl23_write_bytes (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43E39AB: ssl23_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43F0D49: SSL_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x4050EB0: ossl_connect_common (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4052202: Curl_ossl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x406597F: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x403FF1B: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4046F6D: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x404C396: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4059B23: Curl_perform (in /usr/lib/libcurl.so.4.1.1)
==14149== Address 0x47e92df is 15 bytes inside a block of size 21,848 alloc'd
==14149== at 0x4024C1C: malloc (vg_replace_malloc.c:195)
==14149== by 0x4446EFD: ??? (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x444755B: CRYPTO_malloc (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x44A4EF7: BUF_MEM_grow (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x43E3BAB: ssl23_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43F0D49: SSL_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x4050EB0: ossl_connect_common (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4052202: Curl_ossl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x406597F: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x403FF1B: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4046F6D: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x404C396: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
和頁面更....
那篇文章很有趣,但它忽略了一個事實的valgrind *沒有發現其實OpenSSL中的一個bug *。 OpenSSL是(並且可能仍然是)依賴*未定義行爲*作爲熵源,而不是從合法來源獲得熵。 Debian添加的非常相同的「bug」可能很容易從編譯器或庫更改中出現,這些更改導致未初始化的數據OpenSSL讀取「不太隨意」。簡而言之,如果valgrind正在報告這樣的問題,那麼它幾乎肯定意味着代碼是*錯誤*,但是微小的修復可能會更糟。 :-) – 2011-02-02 05:15:31