Boost C++ Libraries: Ticket #7248: UUID Conditional jump or move depends on uninitialised value(s) https://svn.boost.org/trac10/ticket/7248 <p> The following code produces Valgrind warnings: </p> <p> Code: </p> <pre class="wiki">boost::uuids::uuid uuid = boost::uuids::random_generator()(); </pre><p> Valgrind: </p> <pre class="wiki">==5381== Memcheck, a memory error detector ==5381== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==5381== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info ==5381== Command: ../../bin/test/test_r14p ==5381== ==5381== Conditional jump or move depends on uninitialised value(s) ==5381== at 0x40296B: main (mersenne_twister.hpp:177) ==5381== Uninitialised value was created by a heap allocation ==5381== at 0x4C2747E: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5381== by 0x4041AD: boost::uuids::detail::seed_rng::sha1_random_digest_() (seed_rng.hpp:162) ==5381== by 0x402910: main (seed_rng.hpp:103) ==5381== ==5381== Conditional jump or move depends on uninitialised value(s) ==5381== at 0x40298D: main (mersenne_twister.hpp:179) ==5381== Uninitialised value was created by a heap allocation ==5381== at 0x4C2747E: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5381== by 0x4041AD: boost::uuids::detail::seed_rng::sha1_random_digest_() (seed_rng.hpp:162) ==5381== by 0x402910: main (seed_rng.hpp:103) ==5381== ==5381== Use of uninitialised value of size 8 ==5381== at 0x54DD208: ??? (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54E25AA: std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; std::num_put&lt;char, std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; &gt;::_M_insert_int&lt;unsigned long&gt;(std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt;, std::ios_base&amp;, char, unsigned long) const (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54E27A5: std::num_put&lt;char, std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; &gt;::do_put(std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt;, std::ios_base&amp;, char, unsigned long) const (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54F4FCD: std::ostream&amp; std::ostream::_M_insert&lt;unsigned long&gt;(unsigned long) (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x402CCD: main (ostream:195) ==5381== Uninitialised value was created by a heap allocation ==5381== at 0x4C2747E: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5381== by 0x4041AD: boost::uuids::detail::seed_rng::sha1_random_digest_() (seed_rng.hpp:162) ==5381== by 0x404BBE: void boost::random::detail::fill_array_int_impl&lt;32, 624ul, boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;, unsigned int&gt;(boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;&amp;, boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;, unsigned int (&amp;) [624ul]) (seed_rng.hpp:103) ==5381== by 0x40295B: main (seed_impl.hpp:324) ==5381== ==5381== Conditional jump or move depends on uninitialised value(s) ==5381== at 0x54DD20E: ??? (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54E25AA: std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; std::num_put&lt;char, std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; &gt;::_M_insert_int&lt;unsigned long&gt;(std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt;, std::ios_base&amp;, char, unsigned long) const (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54E27A5: std::num_put&lt;char, std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt; &gt;::do_put(std::ostreambuf_iterator&lt;char, std::char_traits&lt;char&gt; &gt;, std::ios_base&amp;, char, unsigned long) const (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x54F4FCD: std::ostream&amp; std::ostream::_M_insert&lt;unsigned long&gt;(unsigned long) (in /usr/lib64/gcc/x86_64-pc-linux-gnu/4.4.5/libstdc++.so.6.0.13) ==5381== by 0x402CCD: main (ostream:195) ==5381== Uninitialised value was created by a heap allocation ==5381== at 0x4C2747E: operator new(unsigned long) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==5381== by 0x4041AD: boost::uuids::detail::seed_rng::sha1_random_digest_() (seed_rng.hpp:162) ==5381== by 0x404BBE: void boost::random::detail::fill_array_int_impl&lt;32, 624ul, boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;, unsigned int&gt;(boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;&amp;, boost::uuids::detail::generator_iterator&lt;boost::uuids::detail::seed_rng&gt;, unsigned int (&amp;) [624ul]) (seed_rng.hpp:103) ==5381== by 0x40295B: main (seed_impl.hpp:324) ==5381== c0dbd170-11c6-4877-9180-d26753748484 ==5381== ==5381== HEAP SUMMARY: ==5381== in use at exit: 0 bytes in 0 blocks ==5381== total heap usage: 128 allocs, 128 frees, 3,596 bytes allocated ==5381== ==5381== All heap blocks were freed -- no leaks are possible ==5381== ==5381== For counts of detected and suppressed errors, rerun with: -v ==5381== ERROR SUMMARY: 48 errors from 4 contexts (suppressed: 6 from 6) </pre><p> The following works without any warnings: </p> <pre class="wiki">boost::mt19937 ran; boost::uuids::uuid uuid = boost::uuids::random_generator(ran)(); </pre> en-us Boost C++ Libraries /htdocs/site/boost.png https://svn.boost.org/trac10/ticket/7248 Trac 1.4.3 Andy Tompkins Wed, 12 Sep 2012 02:19:34 GMT <link>https://svn.boost.org/trac10/ticket/7248#comment:1 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7248#comment:1</guid> <description> <p> I believe I have fixed this with trunk commit <a class="missing ticket">#80501</a>. </p> <p> Can you confirm please. </p> </description> <category>Ticket</category> </item> <item> <dc:creator>Andy Tompkins</dc:creator> <pubDate>Fri, 14 Jun 2013 19:12:32 GMT</pubDate> <title>status changed; resolution set https://svn.boost.org/trac10/ticket/7248#comment:2 https://svn.boost.org/trac10/ticket/7248#comment:2 <ul> <li><strong>status</strong> <span class="trac-field-old">new</span> → <span class="trac-field-new">closed</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">fixed</span> </li> </ul> Ticket k.stuhlemmer@… Tue, 22 Jul 2014 06:56:52 GMT status, version, severity changed; resolution deleted https://svn.boost.org/trac10/ticket/7248#comment:3 https://svn.boost.org/trac10/ticket/7248#comment:3 <ul> <li><strong>status</strong> <span class="trac-field-old">closed</span> → <span class="trac-field-new">reopened</span> </li> <li><strong>version</strong> <span class="trac-field-old">Boost 1.48.0</span> → <span class="trac-field-new">Boost Development Trunk</span> </li> <li><strong>resolution</strong> <span class="trac-field-deleted">fixed</span> </li> <li><strong>severity</strong> <span class="trac-field-old">Optimization</span> → <span class="trac-field-new">Showstopper</span> </li> </ul> <p> This is a serious issue! Using uninitialized variables (i.e. _rd[]) as extra source of randomness has been proven to be a very bad idea (see <a class="ext-link" href="http://kqueue.org/blog/2012/06/25/more-randomness-or-less"><span class="icon">​</span>http://kqueue.org/blog/2012/06/25/more-randomness-or-less</a>). You should consider to rework the seed generation or remove it completely. Boost is believed to be high-quality code and many developers trust on it. In this certain case its usage is simply dangerous. </p> Ticket anonymous Sat, 11 Oct 2014 01:23:07 GMT <link>https://svn.boost.org/trac10/ticket/7248#comment:4 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7248#comment:4</guid> <description> <p> I have observed the same issue in boost 1.55.0 </p> <p> Are there any plans to fix this? </p> <p> Besides creating a lot of noise in my case, I agree that relying on uninitialized values as a source of entropy is simply not safe. </p> </description> <category>Ticket</category> </item> <item> <author>douwegelling@…</author> <pubDate>Tue, 28 Mar 2017 11:14:44 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/7248#comment:5 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7248#comment:5</guid> <description> <p> I'd just like to draw some attention to this issue. I'd prefer if uuid::random_generator did not provide a default constructor to the current state where a you can do so, but it takes data from uninitialized variables in lieu of entropy. </p> </description> <category>Ticket</category> </item> <item> <dc:creator>James E. King, III</dc:creator> <pubDate>Sat, 12 Aug 2017 23:32:35 GMT</pubDate> <title/> <link>https://svn.boost.org/trac10/ticket/7248#comment:6 </link> <guid isPermaLink="false">https://svn.boost.org/trac10/ticket/7248#comment:6</guid> <description> <p> I'm wondering if we should simply eliminate the current default construction with the sha1 code, and require a random generator from boost::random, such as mt19937 (or perhaps that becomes the default), or random_device. </p> </description> <category>Ticket</category> </item> <item> <dc:creator>James E. King, III</dc:creator> <pubDate>Sun, 27 Aug 2017 18:30:49 GMT</pubDate> <title>status, version, severity, milestone changed; resolution set https://svn.boost.org/trac10/ticket/7248#comment:7 https://svn.boost.org/trac10/ticket/7248#comment:7 <ul> <li><strong>status</strong> <span class="trac-field-old">reopened</span> → <span class="trac-field-new">closed</span> </li> <li><strong>version</strong> <span class="trac-field-old">Boost Development Trunk</span> → <span class="trac-field-new">Boost 1.55.0</span> </li> <li><strong>resolution</strong> → <span class="trac-field-new">worksforme</span> </li> <li><strong>severity</strong> <span class="trac-field-old">Showstopper</span> → <span class="trac-field-new">Problem</span> </li> <li><strong>milestone</strong> <span class="trac-field-old">To Be Determined</span> → <span class="trac-field-new">Boost 1.66.0</span> </li> </ul> <p> This is no longer reproducible. I believe the issue was fixed in boost 1.59 or earlier; see <a class="ext-link" href="https://svn.boost.org/trac10/ticket/9407"><span class="icon">​</span>https://svn.boost.org/trac10/ticket/9407</a>. I am resolving this as "worksforme" in boost 1.66 however I suspect it was fixed as far back as 1.59. </p> Ticket