Home » Mailing list archives » openbsd-misc » 2008 » May » 16

Re: Debian libssl security (Cause???)

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
[view in full thread]
From: Ted Unangst <ted.unangst@...>
To: <ross.cameron@...>
Cc: <misc@...>, Otto Moerbeek <otto@...>
Subject: Re: Debian libssl security (Cause???)
Date: Friday, May 16, 2008 - 4:02 pm

On 5/16/08, Ross Cameron  wrote:


I think people are placing too much blame on valgrind.  valgrind

doesn't tell you "Delete this line of code."  It says "You are using

uninitialized memory here."  The correct fix is to initialize the

memory, not delete the line of code.  It's not about trusting or not

trusting the tool; it's about responding correctly.


I've seen innocuous valgrind reports, but never wrong ones.  I also

saw a valgrind report ignored as innocuous because it didn't seem to

cause trouble, only to be the root cause of a problem that cost a

minimum of $50,000 to resolve later.
Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]
Messages in current thread:
Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 7:31 am)
Re: Debian libssl security (Cause???), Otto Moerbeek, (Fri May 16, 7:41 am)
Re: Debian libssl security (Cause???), Ross Cameron, (Fri May 16, 8:30 am)
Re: Debian libssl security (Cause???), Ted Unangst, (Fri May 16, 4:02 pm)
Re: Debian libssl security (Cause???), Otto Moerbeek, (Sat May 17, 2:36 am)
Re: Debian libssl security (Cause???), Tim Post, (Sat May 17, 3:12 am)
Re: Debian libssl security (Cause???), Travers Buda, (Fri May 16, 2:33 pm)
Re: Debian libssl security (Cause???), mcb, inc., (Fri May 16, 3:06 pm)