Unpredictable segmentation fault

[Andrea]

I wrote this code:

void * xmalloc (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;
}

int _chooseTSK(char* message,int seed){
_hash hash,hash2;
char *strp,*prova,*res;
int result;
BIGNUM *mess,*cmp,*rem,*k;
BN_CTX *ctx;
mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
ctx = BN_CTX_new();
_evp_hash(&hash,message);
prova=xmalloc(2*strlen(hash.digest)+1);
strcpy(prova,hex2str(hash.digest,hash.digest_size));
BN_hex2bn(&mess,(const char*) prova);
BN_set_word(k,K);
BN_mod(rem,mess,k,ctx);
strp=xmalloc(BN_num_bytes(mess));
strp = BN_bn2dec(mess);
res = BN_bn2dec(rem);
result=atoi((const char *) res);
_evp_hash(&hash2,message);
BN_dec2bn(&cmp,(const char*) hash2.digest);
OPENSSL_free(strp);
OPENSSL_free(mess);
OPENSSL_free(rem);
OPENSSL_free(k);
OPENSSL_free(cmp);
BN_CTX_end(ctx);
return result;
}


int main(int argc,char** argv){
int i,j;
char* prova;
char* speriamo="spero";
prova=xmalloc(strlen(argv[1])+1+5);
for(i=0;i<10;i++){
printf("\n%d",_chooseTSK(argv[1],i));
}
printf("\n");
for(j=0;j<1;j++){
for(i=0;i<1000;i++){
sprintf( prova, "%s|%d",argv[1],i);
printf("\n%d: %d",i,_chooseTSK(prova,i));
*prova="\0";
}
}
free(prova);
return 0;
}


During the execution of this program i always obtain unpredictable
segmentation fault. After running it trough gdb debugger it tolds me
this:
Program received signal SIGSEGV, Segmentation fault.
0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
48 prova=xmalloc(strlen(argv[1])+1+5);

But i receive seg fault some time after 5 iteration sometime after 100
iteration,
any suggestion?

 

[Andrea]

I wrote this code:

void * xmalloc (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;

}

int _chooseTSK(char* message,int seed){
_hash hash,hash2;
char *strp,*prova,*res;
int result;
BIGNUM *mess,*cmp,*rem,*k;
BN_CTX *ctx;
mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
ctx = BN_CTX_new();
_evp_hash(&hash,message);
prova=xmalloc(2*strlen(hash.digest)+1);
strcpy(prova,hex2str(hash.digest,hash.digest_size));
BN_hex2bn(&mess,(const char*) prova);
BN_set_word(k,K);
BN_mod(rem,mess,k,ctx);
strp=xmalloc(BN_num_bytes(mess));
strp = BN_bn2dec(mess);
res = BN_bn2dec(rem);
result=atoi((const char *) res);
_evp_hash(&hash2,message);
BN_dec2bn(&cmp,(const char*) hash2.digest);
OPENSSL_free(strp);
OPENSSL_free(mess);
OPENSSL_free(rem);
OPENSSL_free(k);
OPENSSL_free(cmp);
BN_CTX_end(ctx);
return result;

}

int main(int argc,char** argv){
int i,j;
char* prova;
char* speriamo="spero";
prova=xmalloc(strlen(argv[1])+1+5);
for(i=0;i<10;i++){
printf("\n%d",_chooseTSK(argv[1],i));
}
printf("\n");
for(j=0;j<1;j++){
for(i=0;i<1000;i++){
sprintf( prova, "%s|%d",argv[1],i);
printf("\n%d: %d",i,_chooseTSK(prova,i));
*prova="\0";
}
}
free(prova);
return 0;

}

During the execution of this program i always obtain unpredictable
segmentation fault. After running it trough gdb debugger it tolds me
this:
Program received signal SIGSEGV, Segmentation fault.
0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
48 prova=xmalloc(strlen(argv[1])+1+5);

But i receive seg fault some time after 5 iteration sometime after 100
iteration,
any suggestion?

Other part of my code is listed below:

void * xmalloc2 (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;
}
int _evp_hash(_hash *hash,char *message){
const EVP_MD *md;
EVP_MD_CTX mdctx;
unsigned char *ret;
unsigned int md_len,i;
OpenSSL_add_all_digests();
md = EVP_get_digestbyname(HASH);
if(!md) {
printf("Unknown message digest %s\n",HASH);
exit(1);
}
if(!(ret=(unsigned char*) xmalloc2(EVP_MAX_MD_SIZE)))
return NULL;
EVP_DigestInit(&mdctx, md);
EVP_DigestUpdate(&mdctx, message, strlen(message));
EVP_DigestFinal(&mdctx, hash->digest , &md_len);
hash->digest_size=md_len;
hash->digest_size=md_len;
free(ret);
return 0;
}
void print_hex(unsigned char *bs, unsigned int n){
int i;
for (i=0;i<n;i++){
printf("%02x",bs);
}
}


char* hex2str(unsigned char *hex,unsigned int len){
int i;
char app[3];
char *buf;
//app=malloc(sizeof(char));
buf=xmalloc2(2*len+1);
strcpy(buf,"");
for (i=0;i<len;i++){
sprintf(app,"%02x",hex);
strcat(buf,app);
}
//free(app);
return buf;
}

I runned again gdb and this is the problem:

*** glibc detected *** malloc(): memory corruption (fast): 0x0804cc38
***
9: 3
Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()

Program received signal SIGSEGV, Segmentation fault.
0xb7e70be4 in lh_insert () from /usr/lib/i686/cmov/libcrypto.so.0.9.8

 

[Default User]

Andrea wrote:

During the execution of this program i always obtain unpredictable
segmentation fault. After running it trough gdb debugger it tolds me
this:
Program received signal SIGSEGV, Segmentation fault.
0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
48 prova=xmalloc(strlen(argv[1])+1+5);

But i receive seg fault some time after 5 iteration sometime after 100
iteration,
any suggestion?

If it seg faults during a malloc() or related call, then you've likely
corrupted memory by overrunning an array boundary or the like.

Start cutting down the code to isolate the problem.




Brian

 

[Richard Tobin]

If it seg faults during a malloc() or related call, then you've likely
corrupted memory by overrunning an array boundary or the like.

True. Or you have double-free()ed memory or, or free()ed non-malloc()ed
memory, or something similar.

Start cutting down the code to isolate the problem.

Most modern systems have tools to make solving this sort of problem
much more efficient. For example, if you are using a unix-like system
you may have a program called "valgrind" available, or your debugger
may have a built-in memory-checking mode. Don't waste time doing by
hand what a program can do for you.

-- Richard

 

[Barry Schwarz]

I wrote this code:

void * xmalloc (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;
}

int _chooseTSK(char* message,int seed){
_hash hash,hash2;
char *strp,*prova,*res;
int result;
BIGNUM *mess,*cmp,*rem,*k;
BN_CTX *ctx;
mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
ctx = BN_CTX_new();
_evp_hash(&hash,message);
prova=xmalloc(2*strlen(hash.digest)+1);
strcpy(prova,hex2str(hash.digest,hash.digest_size));
BN_hex2bn(&mess,(const char*) prova);
BN_set_word(k,K);
BN_mod(rem,mess,k,ctx);
strp=xmalloc(BN_num_bytes(mess));
strp = BN_bn2dec(mess);
res = BN_bn2dec(rem);
result=atoi((const char *) res);
_evp_hash(&hash2,message);
BN_dec2bn(&cmp,(const char*) hash2.digest);
OPENSSL_free(strp);
OPENSSL_free(mess);
OPENSSL_free(rem);
OPENSSL_free(k);
OPENSSL_free(cmp);
BN_CTX_end(ctx);
return result;
}


int main(int argc,char** argv){
int i,j;
char* prova;
char* speriamo="spero";
prova=xmalloc(strlen(argv[1])+1+5);

Is argc at least 2? Are you sure argv[1] exists and is not NULL?

for(i=0;i<10;i++){
printf("\n%d",_chooseTSK(argv[1],i));
}
printf("\n");
for(j=0;j<1;j++){
for(i=0;i<1000;i++){
sprintf( prova, "%s|%d",argv[1],i);
printf("\n%d: %d",i,_chooseTSK(prova,i));
*prova="\0";
}
}
free(prova);
return 0;
}


During the execution of this program i always obtain unpredictable
segmentation fault. After running it trough gdb debugger it tolds me
this:
Program received signal SIGSEGV, Segmentation fault.
0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
48 prova=xmalloc(strlen(argv[1])+1+5);

But i receive seg fault some time after 5 iteration sometime after 100
iteration,
any suggestion?

Iterations of what? You do not call main recursively. You call
xmalloc with argv[1] as part of the argument only once in main and
that call is not inside a loop.

You call a dynamic allocation routine several times and make no effort
to determine if it succeeded before dereferencing the returned value.
Any allocation failure would result in undefined behavior at the point
of dereference.

Your code contains numerous non-standard functions and types and you
give us no information about any of them. In spite of appearances,
most of us are not clairvoyant.

If hash.digest is really an array of bytes containing hex data that
will be expanded 2 for 1 as your code suggests, then passing that
array to strlen will often not produce the correct value for the size
of the resulting string when passed to hex2str. This is the same
mistake you made in your other message (HEXADECIMAL to STRING) earlier
today. My response to that message explains the problem in detail.
Once your strcpy overflows the allocated space, you have invoked
undefined behavior. One of the common manifestations of this kind of
undefined behavior is for future calls to malloc or free to result in
a segfault because you have screwed up the internal data they use to
keep track of allocations.


Remove del for email

 

[Joachim Schmitz]

I wrote this code:

void * xmalloc (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;
}

int _chooseTSK(char* message,int seed){
_hash hash,hash2;
char *strp,*prova,*res;
int result;
BIGNUM *mess,*cmp,*rem,*k;
BN_CTX *ctx;
mess=BN_new();rem=BN_new();k=BN_new();cmp=BN_new();
ctx = BN_CTX_new();
_evp_hash(&hash,message);
prova=xmalloc(2*strlen(hash.digest)+1);

Sure prova isn't NULL?

strcpy(prova,hex2str(hash.digest,hash.digest_size));
BN_hex2bn(&mess,(const char*) prova);
BN_set_word(k,K);
BN_mod(rem,mess,k,ctx);
strp=xmalloc(BN_num_bytes(mess));

sure strp isn't NULL?

strp = BN_bn2dec(mess);

Writing to strp twice? Loosing the first value creates a memory leak!

res = BN_bn2dec(rem);
result=atoi((const char *) res);
_evp_hash(&hash2,message);
BN_dec2bn(&cmp,(const char*) hash2.digest);
OPENSSL_free(strp);

freeing something that hasn't been malloc-ed? (assuming OPENSSL_free() calls
free() and BN_bn2dec() did not use malloc() to obtain memory)

OPENSSL_free(mess);
OPENSSL_free(rem);
OPENSSL_free(k);
OPENSSL_free(cmp);
BN_CTX_end(ctx);
return result;
}


int main(int argc,char** argv){
int i,j;
char* prova;
char* speriamo="spero";
prova=xmalloc(strlen(argv[1])+1+5);

Sure argv[1] isn't NULL before the call? Sure prova isn't NULL after the
all? Better check

for(i=0;i<10;i++){
printf("\n%d",_chooseTSK(argv[1],i));
}
printf("\n");
for(j=0;j<1;j++){
for(i=0;i<1000;i++){
sprintf( prova, "%s|%d",argv[1],i);
printf("\n%d: %d",i,_chooseTSK(prova,i));
*prova="\0";
}
}
free(prova);
return 0;
}


During the execution of this program i always obtain unpredictable
segmentation fault. After running it trough gdb debugger it tolds me
this:
Program received signal SIGSEGV, Segmentation fault.
0x08048b84 in main (argc=1, argv=0xbff8ac34) at parm_utility.c:48
48 prova=xmalloc(strlen(argv[1])+1+5);

But i receive seg fault some time after 5 iteration sometime after 100
iteration,
any suggestion?

Bye, Jojo

 

[Tor Rustad]

Andrea wrote:

But i receive seg fault some time after 5 iteration sometime after 100
iteration, any suggestion?

You have posted a couple of basic questions, now you pull in the OpenSSL
library, which isn't really supposed to be used by a newbie. Even if
multiple ppl here have used this library before, OpenSSL is off-topic.

To improve your chances of getting help, you should post a *minimal*
example, illustrating your C problem, if any. If your problem is OpenSSL
specific, sci.crypt is a better place to ask.

A good start, is to post code that actually compile..!

Your code was so ill-formated (hard to read), that it completely turned
me off.

$man indent

 

[Johan Bengtsson]

Others have already mentioned several good suggestions, I have but one
thing left to point out immediately (Yes I know this is at the top)

void * xmalloc (size_t size){
register void *value = OPENSSL_malloc(size);
if (value == 0)
printf("virtual memory exhausted");
return value;
}

The printf() statement contains a string with no newline, I am not
completely sure this will be printed on the screen if there is no other
output before the program crashes.

A better handling IMO would be something like this:

if (!value)
{
fprintf(stderr,"virtual memory exhausted\n");
exit(EXIT_FAILURE/*or some other suitable error code*/);
}

Making the output of something that is clearly an error message better
go to stderr so it is *always* visible even if the output is piped
somewhere.
Immediately terminate the program with a defined error code in a case
where it surely does not continue to work anyway.