5
所以我有一个非常基本的通过https与Facebook服务器交谈的例子,但是valgrind抱怨地抱怨。所以我认为我没有设置错误的东西......有谁知道我做错了什么?当使用https时,valgrind会报告libcurl的问题
这里是我的代码:
#include <string>
#include <iostream>
#include <curl/curl.h>
size_t write_fn_impl(void* ptr, size_t size, size_t nmemb, void * data)
{
std::string * result = static_cast<std::string*>(data);
*result += std::string((char*)ptr, size*nmemb);
return size*nmemb;
}
int main()
{
std::string url_full="https://graph.facebook.com/me";
std::string useragent = "Facebook API C++ Client (curl)";
CURL * ch_ = curl_easy_init();
char error_buffer[CURL_ERROR_SIZE];
curl_easy_setopt(ch_, CURLOPT_ERRORBUFFER, error_buffer);
curl_easy_setopt(ch_, CURLOPT_WRITEFUNCTION, &write_fn_impl);
std::string result;
curl_easy_setopt(ch_, CURLOPT_WRITEDATA, &result);
int id = 1;
curl_easy_setopt(ch_, CURLOPT_VERBOSE, id);
curl_easy_setopt(ch_, CURLOPT_URL, url_full.c_str());
curl_easy_setopt(ch_, CURLOPT_USERAGENT, useragent.c_str());
curl_easy_setopt(ch_, CURLOPT_CONNECTTIMEOUT, 10);
curl_easy_setopt(ch_, CURLOPT_TIMEOUT, 30);
curl_easy_perform(ch_);
curl_easy_cleanup(ch_);
std::cout<< result<<std::endl;
}
什么的valgrind说的是:
==14149== Memcheck, a memory error detector
==14149== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==14149== Using Valgrind-3.5.0-Debian and LibVEX; rerun with -h for copyright info
==14149== Command: ./a.out
==14149==
* About to connect() to graph.facebook.com port 443 (#0)
* Trying 66.220.146.47... * connected
* Connected to graph.facebook.com (66.220.146.47) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
==14149== Syscall param write(buf) points to uninitialised byte(s)
==14149== at 0x4268113: __write_nocancel (in /lib/tls/i686/cmov/libc-2.10.1.so)
==14149== by 0x44A5A8E: BIO_write (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x43E49B8: ssl23_write_bytes (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43E39AB: ssl23_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43F0D49: SSL_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x4050EB0: ossl_connect_common (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4052202: Curl_ossl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x406597F: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x403FF1B: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4046F6D: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x404C396: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4059B23: Curl_perform (in /usr/lib/libcurl.so.4.1.1)
==14149== Address 0x47e92df is 15 bytes inside a block of size 21,848 alloc'd
==14149== at 0x4024C1C: malloc (vg_replace_malloc.c:195)
==14149== by 0x4446EFD: ??? (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x444755B: CRYPTO_malloc (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x44A4EF7: BUF_MEM_grow (in /lib/i686/cmov/libcrypto.so.0.9.8)
==14149== by 0x43E3BAB: ssl23_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x43F0D49: SSL_connect (in /lib/i686/cmov/libssl.so.0.9.8)
==14149== by 0x4050EB0: ossl_connect_common (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4052202: Curl_ossl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x406597F: Curl_ssl_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x403FF1B: Curl_http_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x4046F6D: Curl_protocol_connect (in /usr/lib/libcurl.so.4.1.1)
==14149== by 0x404C396: Curl_connect (in /usr/lib/libcurl.so.4.1.1)
和页面更....
那篇文章很有趣,但它忽略了一个事实的valgrind *没有发现其实OpenSSL中的一个bug *。 OpenSSL是(并且可能仍然是)依赖*未定义行为*作为熵源,而不是从合法来源获得熵。 Debian添加的非常相同的“bug”可能很容易从编译器或库更改中出现,这些更改导致未初始化的数据OpenSSL读取“不太随意”。简而言之,如果valgrind正在报告这样的问题,那么它几乎肯定意味着代码是*错误*,但是微小的修复可能会更糟。 :-) – 2011-02-02 05:15:31