Andres Freund <andres@anarazel.de> writes:
> What we could do is add a suppression like:
> {
> broken-openssl-accesses-random
> Memcheck:Cond
> ...
> fun:pg_strong_random
> fun:InitProcessGlobals
> fun:PostmasterMain
> fun:main
> }
> (alternatively one suppression for each RAND_status, RAND_poll,
> RAND_bytes(), to avoid suppressing all of pg_strong_random itself)
> and then prevent spread of the uninitialized memory by adding a
> VALGRIND_MAKE_MEM_DEFINED(buf, len);
> after a successful RAND_bytes() call.
> I tested that that quiesces the problem locally. Probably not worth
> pushing something like that though?
Yeah, that seems awfully aggressive to be pushing to machines that
don't have the problem. Did you get any sense of how fast the
openssl fix is goinng to show up?
regards, tom lane