Valgrind warnings when accessing https://mail.microsoft.com/ews/exchange.asmx

[nikic]

I did this

valgrind curl -v https://mail.microsoft.com/ews/exchange.asmx

Output: https://gist.github.com/nikic/b7af10da8f73923a46a0

Are these valgrind warnings expected or do they indicate an issue in libcurl? I assume the first one is one of the "usual" libssl warnings, but there are quite a few following in Curl_http_readwrite_headers which look like they could be valid.

This is coming originally from a PHP bug report: https://bugs.php.net/bug.php?id=71861

curl/libcurl version

curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP 

operating system

Ubuntu 14.04

Linux saturn 3.13.0-79-generic #123-Ubuntu SMP Fri Feb 19 14:27:58 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

[nikic]

Same happens with a 7.48.1-dev build: https://gist.github.com/nikic/d685d44e5ca671ffd049

[bagder]

This is a known issue with openssl

[bagder]

I believe the ones below are caused by the first, as the uninitialized values get used further down the line. You can test this theory by building a debug version of openssl that doesn't cause these warnings and see.

[nikic]

Thanks for the quick response. I wasn't able to test a -DPURIFY build because libtool hates me, but running valgrind with --track-origins=yes shows that all warnings are caused by

==32281==  Uninitialised value was created by a stack allocation
==32281==    at 0x5FC9E77: aesni_cbc_encrypt (in /lib/x86_64-linux-gnu/libcrypto.so.1.0.0)

so clearly not an issue with curl.