Your message dated Tue, 15 May 2012 22:00:29 +0200
with message-id <20120515200029.GA15175@PC-Ale>
and subject line Re: Bug#626389: libc6: uninitialised value via gconv_open.c:70
has caused the Debian Bug report #626389,
regarding libconfuse-dev: cfg_init() does odd things with errno & friends
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
626389: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626389
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libconfuse-dev
Version: 2.7-4
Severity: normal
Hello,
After calling cfg_init(), the first call to strerror_r() (and perror(), by the
way) causes reading unitialised value. See the attached test program for more
details. Here is the valgrind output (the verbose valgrind output is also
attached):
$ gcc -Wall -Wextra -g -lconfuse test_confuse.c && valgrind ./a.out
==4821== Memcheck, a memory error detector
==4821== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==4821== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==4821== Command: ./a.out
==4821==
This works well: Success
We can access errno without problem, here is its value: 0
==4821== Conditional jump or move depends on uninitialised value(s)
==4821== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
==4821== Use of uninitialised value of size 8
==4821== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
==4821== Use of uninitialised value of size 8
==4821== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
This generates an error: Succès
This does not generate an error: Succès
==4821==
==4821== HEAP SUMMARY:
==4821== in use at exit: 0 bytes in 0 blocks
==4821== total heap usage: 70 allocs, 70 frees, 21,050 bytes allocated
==4821==
==4821== All heap blocks were freed -- no leaks are possible
==4821==
==4821== For counts of detected and suppressed errors, rerun with: -v
==4821== Use --track-origins=yes to see where uninitialised values come from
==4821== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (900, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libconfuse-dev depends on:
ii libconfuse0 2.7-4 Library for parsing configuration
libconfuse-dev recommends no packages.
libconfuse-dev suggests no packages.
-- no debconf information
==4828== Memcheck, a memory error detector
==4828== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==4828== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==4828== Command: ./a.out
==4828==
--4828-- Valgrind options:
--4828-- --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--4828-- -v
--4828-- Contents of /proc/version:
--4828-- Linux version 3.0.0-1-amd64 (Debian 3.0.0-2) ([email protected])
(gcc version 4.5.3 (Debian 4.5.3-5) ) #1 SMP Wed Aug 17 04:08:52 UTC 2011
--4828-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--4828-- Page sizes: currently 4096, max supported 4096
--4828-- Valgrind library directory: /usr/lib/valgrind
--4828-- Reading syms from /home/mc/essais/a.out (0x400000)
--4828-- Reading syms from /lib/x86_64-linux-gnu/ld-2.13.so (0x4000000)
--4828-- Considering /lib/x86_64-linux-gnu/ld-2.13.so ..
--4828-- .. CRC mismatch (computed a5722a9a wanted 2ec1758b)
--4828-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.13.so ..
--4828-- .. CRC is valid
--4828-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux (0x38000000)
--4828-- object doesn't have a symbol table
--4828-- object doesn't have a dynamic symbol table
--4828-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--4828-- Reading suppressions file: /usr/lib/valgrind/default.supp
--4828-- REDIR: 0x40164f0 (strlen) redirected to 0x3805f727 (???)
--4828-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
(0x4a22000)
--4828-- object doesn't have a symbol table
--4828-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
(0x4c23000)
--4828-- object doesn't have a symbol table
==4828== WARNING: new redirection conflicts with existing -- ignoring it
--4828-- new: 0x040164f0 (strlen ) R-> 0x04c280d0 strlen
--4828-- REDIR: 0x4016360 (index) redirected to 0x4c27d30 (index)
--4828-- REDIR: 0x40163e0 (strcmp) redirected to 0x4c28c90 (strcmp)
--4828-- Reading syms from /usr/lib/x86_64-linux-gnu/libconfuse.so.0.0.0
(0x4e2d000)
--4828-- object doesn't have a symbol table
--4828-- Reading syms from /lib/x86_64-linux-gnu/libc-2.13.so (0x5039000)
--4828-- Considering /lib/x86_64-linux-gnu/libc-2.13.so ..
--4828-- .. CRC mismatch (computed a808b01d wanted e4e07f30)
--4828-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.13.so ..
--4828-- .. CRC is valid
--4828-- REDIR: 0x50bb3e0 (strncasecmp) redirected to 0x4a22620
(_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x50b9120 (strcasecmp) redirected to 0x4a22620
(_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x50b7180 (__GI_strrchr) redirected to 0x4c27b50 (__GI_strrchr)
--4828-- REDIR: 0x50b56a0 (__GI_strlen) redirected to 0x4c28090 (__GI_strlen)
--4828-- REDIR: 0x50b58d0 (__GI_strncmp) redirected to 0x4c28590 (__GI_strncmp)
--4828-- REDIR: 0x50b8fd0 (__GI_stpcpy) redirected to 0x4c299d0 (__GI_stpcpy)
--4828-- REDIR: 0x50beed0 (strchrnul) redirected to 0x4c29dd0 (strchrnul)
This works well: Success
--4828-- REDIR: 0x50af940 (calloc) redirected to 0x4c25dc0 (calloc)
--4828-- REDIR: 0x50b03b0 (malloc) redirected to 0x4c27730 (malloc)
--4828-- REDIR: 0x50bdab0 (memcpy) redirected to 0x4a22620 (_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x515b2b0 (__memcpy_ssse3_back) redirected to 0x4c28d90 (memcpy)
--4828-- REDIR: 0x50b1400 (realloc) redirected to 0x4c27800 (realloc)
--4828-- REDIR: 0x50b3c60 (__GI_strcmp) redirected to 0x4c28c30 (__GI_strcmp)
--4828-- REDIR: 0x50b3ba0 (__GI_strchr) redirected to 0x4c27c30 (__GI_strchr)
--4828-- REDIR: 0x50b02d0 (free) redirected to 0x4c26890 (free)
We can access errno without problem, here is its value: 22
--4828-- REDIR: 0x50b5780 (strnlen) redirected to 0x4c28010 (strnlen)
--4828-- REDIR: 0x50b50e0 (__GI_strcpy) redirected to 0x4c281c0 (__GI_strcpy)
--4828-- REDIR: 0x50b7880 (memchr) redirected to 0x4c28d50 (memchr)
--4828-- REDIR: 0x51480d0 (__strcasecmp_sse42) redirected to 0x4c28610
(strcasecmp)
--4828-- REDIR: 0x50bee80 (__GI___rawmemchr) redirected to 0x4c29e20
(__GI___rawmemchr)
==4828== Conditional jump or move depends on uninitialised value(s)
==4828== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
This generates an error: Succès
This does not generate an error: Succès
==4828==
==4828== HEAP SUMMARY:
==4828== in use at exit: 0 bytes in 0 blocks
==4828== total heap usage: 69 allocs, 69 frees, 20,482 bytes allocated
==4828==
==4828== All heap blocks were freed -- no leaks are possible
==4828==
==4828== Use --track-origins=yes to see where uninitialised values come from
==4828== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
==4828==
==4828== 1 errors in context 1 of 3:
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828==
==4828== 1 errors in context 2 of 3:
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828==
==4828== 1 errors in context 3 of 3:
==4828== Conditional jump or move depends on uninitialised value(s)
==4828== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
--4828--
--4828-- used_suppression: 4 dl-hack3-cond-1
==4828==
==4828== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <confuse.h>
int main(void)
{
cfg_t *cfg = NULL ;
cfg_opt_t opts[] =
{
CFG_INT("my-int-option", 0, CFGF_NONE),
CFG_END()
} ;
errno = 0 ;
perror("This works well") ;
cfg = cfg_init(opts, CFGF_NONE) ;
fprintf(stderr,
"We can access errno without problem, here is its value: %d\n",
errno) ;
errno = 0 ; // this changes nothing
perror("This generates an error") ;
perror("This does not generate an error") ;
cfg_free(cfg) ;
return 0 ;
}
--- End Message ---
--- Begin Message ---
Version: 1:3.7.0-1
On Wed, May 11, 2011 at 07:48:32PM +0200, Aurelien Jarno wrote:
> On Wed, May 11, 2011 at 03:51:10PM +0200, Julian Andres Klode wrote:
> > Package: libc6, valgrind
> > Version: libc6/2.13-2
> > Severity: normal
> >
> > It seems that with the new libc6 package, we get some more uninitialized
> > values. There seems to be a value uninitialized somewhere (something
> > pointed to by _nl_C_locobj_ptr?), causing dgettext() to produce warnings
> > in valgrind, as seen in the example.
>
> The problem is on the valgrind side. The new version of strcasecmp uses
> sse to compare strings, and compare them 16 bytes by 16 bytes:
>
> pxor %xmm0, %xmm0 /* clear %xmm0 for null char checks */
> pcmpeqb %xmm1, %xmm0 /* Any null chars? */
> pcmpeqb %xmm2, %xmm1 /* compare first 16 bytes for
> equality */
> psubb %xmm0, %xmm1 /* packed sub of comparison results*/
> pmovmskb %xmm1, %edx
> sub $0xffff, %edx /* if first 16 bytes are same, edx ==
> 0xffff */
> jnz LABEL(less16bytes) /* If not, find different value or
> null char */
This should have been fixed in the latest upstream release (3.7.0).
Cheers
--
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'
signature.asc
Description: Digital signature
--- End Message ---
