[gnutls-devel] GnuTLS | enable valgrind tests for full testsuite (#1174)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Jan 30 06:20:09 CET 2021

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1174

As we are adopting valgrind instruments more and [more](3d7fae761e65e9d0f16d7247ee8a464d4fe002da), it would make sense to run all the tests under valgrind in CI. However, for some reason it's disabled when `--disable-full-test-suite` is specified and that's the case with the "fedora-valgrind/build" job. I tried to enable it but found quite a few roadblocks:
- the gnulib `valgrind-tests` module usage is incorrect and the current code exercises also for shell-scripts (i.e. bash binary) - we should properly set `TEST_EXTENSIONS = .sh`
- there are actual memleaks in some code e.g., `tests/tls13/no-auto-send-ticket.c`
- the FIPS library state check is done too late (I don't know why), and the tests manually invalidating the state (e.g., `tests/x509sign-verify-error.c`) causes memory error deep under nettle primitives, because the gnutls random functions refuses to produce proper value in that case, resulting in the dest memory area uninitialized
- some tests (e.g., `tests/memset.c`) are poorly written, violating the C ABI assumption (those are removed in !1382)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1174
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210130/c3eae793/attachment.html>

More information about the Gnutls-devel mailing list