這是valgrind在crypto ++ real還是一個紅鯡魚中使用大小爲8的單位化值？

Question

我有Use of uninitialised value of size 8在庫調用 CryptoPP::HuffmanEncoder::GenerateCodeLengths上Ubuntu 12.10libcrypto ++ 9_5.6.1-6_amd64.deb的Valgrind的報告。

我需要一個完整性檢查：應用程序代碼有問題嗎？ （這是一個真正的可能性，因爲我剛開始使用crypto ++。）或者我應該將valgrind警告抑制置於忽略過濾器中？

儘管有錯誤，代碼看起來像是在工作。

make: `test3' is up to date. 
==5420== Memcheck, a memory error detector 
==5420== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. 
==5420== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info 
==5420== Command: ./test3 
==5420== 
Plain text = 13312 bytes 
==5420== Use of uninitialised value of size 8 
==5420== at 0x520D9A9: CryptoPP::HuffmanEncoder::GenerateCodeLengths(unsigned int*, unsigned int, unsigned int const*, unsigned long) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520E0A5: CryptoPP::Deflator::EncodeBlock(bool, unsigned int) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520EA2E: CryptoPP::Deflator::EndBlock(bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520F221: CryptoPP::Deflator::Put2(unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F16DB: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F1F76: CryptoPP::BufferedTransformation::TransferMessagesTo2(CryptoPP::BufferedTransformation&, unsigned int&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F2185: CryptoPP::BufferedTransformation::TransferAllTo2(CryptoPP::BufferedTransformation&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x4106A4: CryptoPP::StringSource::StringSource(std::string const&, bool, CryptoPP::BufferedTransformation*) (filters.h:767) 
==5420== by 0x40C7D5: main (test3.cpp:75) 
==5420== 
==5420== Use of uninitialised value of size 8 
==5420== at 0x520D9A9: CryptoPP::HuffmanEncoder::GenerateCodeLengths(unsigned int*, unsigned int, unsigned int const*, unsigned long) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520E0A5: CryptoPP::Deflator::EncodeBlock(bool, unsigned int) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520EA4F: CryptoPP::Deflator::EndBlock(bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x520F221: CryptoPP::Deflator::Put2(unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F16DB: CryptoPP::BufferedTransformation::ChannelPut2(std::string const&, unsigned char const*, unsigned long, int, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F1F76: CryptoPP::BufferedTransformation::TransferMessagesTo2(CryptoPP::BufferedTransformation&, unsigned int&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x50F2185: CryptoPP::BufferedTransformation::TransferAllTo2(CryptoPP::BufferedTransformation&, std::string const&, bool) (in /usr/lib/libcrypto++.so.9.0.0) 
==5420== by 0x4106A4: CryptoPP::StringSource::StringSource(std::string const&, bool, CryptoPP::BufferedTransformation*) (filters.h:767) 
==5420== by 0x40C7D5: main (test3.cpp:75) 
==5420== 
Encrypted text = 110 bytes : JFuk7LvDTujLm3D8SdFZCwSXMQsslb0+AUf8sp53Z+oRDIp9aQY1azUF2PZZje/SV1q+IPz5 
jGWYkJXlZv2ttADPUdMbg7ib+B4LGlb+7/k= 
KEY[16]: ABD86728BB78D5722D07F247D8279CD9 
IV [8]: BEBD442990B11C58 
==5420== 
==5420== HEAP SUMMARY: 
==5420==  in use at exit: 0 bytes in 0 blocks 
==5420== total heap usage: 118 allocs, 118 frees, 313,921 bytes allocated 
==5420== 
==5420== All heap blocks were freed -- no leaks are possible 
==5420== 
==5420== For counts of detected and suppressed errors, rerun with: -v 
==5420== Use --track-origins=yes to see where uninitialised values come from 
==5420== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 2 from 2) 

編譯

g++ -std=c++11 -g3 -O2 -Wall -Wextra -Wno-unused -o test3 test3.cpp -lrt -lcryptopp

test3.cpp代碼

#include <cryptopp/blowfish.h> 
#include <cryptopp/base64.h> 
#include <cryptopp/files.h> 
#include <cryptopp/filters.h> 
#include <cryptopp/modes.h> 
#include <cryptopp/gzip.h> 
#include <cryptopp/osrng.h> 
#include <cryptopp/hex.h> 

#include <ctime> 
#include <iostream> 
#include <exception> 

int main() 
{ 
    std::string plainText; 
    timespec ts1, ts2; 

    plainText = "Hello, world!"; 
    for (int i = 0; i < 10; i++) 
     plainText = plainText + plainText; 

    byte iv [ CryptoPP::Blowfish::BLOCKSIZE   ]; 
    byte key[ CryptoPP::Blowfish::DEFAULT_KEYLENGTH ]; 

    const bool generate_fast = true; 
    CryptoPP::AutoSeededRandomPool rng(!generate_fast); 
    rng.GenerateBlock(iv, sizeof(iv )); 
    rng.GenerateBlock(key, sizeof(key)); 

    std::cout << "Plain text = " << plainText.size() << " bytes\n"; 

    std::string cipher, decipher; 
    CryptoPP::StringSink* sink  = new CryptoPP::StringSink(cipher ); 
    CryptoPP::Base64Encoder* base64_enc = new CryptoPP::Base64Encoder(sink); 
    CryptoPP::CBC_Mode<CryptoPP::Blowfish>::Encryption 
     twofish(key, CryptoPP::Blowfish::DEFAULT_KEYLENGTH, iv); 
    CryptoPP::StreamTransformationFilter* 
     enc = new CryptoPP::StreamTransformationFilter(twofish, base64_enc); 
    CryptoPP::Gzip *zip = new CryptoPP::Gzip(enc); 
    CryptoPP::StringSource source(plainText, true, zip); 
    std::cout << "Encrypted text = " << cipher.size() << " bytes : " << cipher; 
} 

Answer 1

根據this Valgrind的，當你使用還沒有一個值將報告unitialised值已初始化（相當明顯）。

就您的代碼而言，不同的C++編譯器根據傳遞的標誌處理已聲明但未初始化的值。這可以將它們設置爲零，但不應該假定它。

valgrind輸出中的8個字節可能是一個指針，使用這些指針的未初始化值特別危險。

爲了完全確定，您需要訪問此代碼的源代碼，否則您總會冒着未定義行爲的風險。