Package: libconfuse-dev
Version: 2.7-4
Severity: normal
Hello,
After calling cfg_init(), the first call to strerror_r() (and perror(), by the
way) causes reading unitialised value. See the attached test program for more
details. Here is the valgrind output (the verbose valgrind output is also
attached):
$ gcc -Wall -Wextra -g -lconfuse test_confuse.c && valgrind ./a.out
==4821== Memcheck, a memory error detector
==4821== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==4821== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==4821== Command: ./a.out
==4821==
This works well: Success
We can access errno without problem, here is its value: 0
==4821== Conditional jump or move depends on uninitialised value(s)
==4821== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
==4821== Use of uninitialised value of size 8
==4821== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
==4821== Use of uninitialised value of size 8
==4821== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4821== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4821== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4821== by 0x5066673: __dcigettext (dcigettext.c:654)
==4821== by 0x50B5597: strerror_r (_strerror.c:65)
==4821== by 0x508DA8B: perror_internal (perror.c:38)
==4821== by 0x40082A: main (test_confuse.c:25)
==4821==
This generates an error: Succès
This does not generate an error: Succès
==4821==
==4821== HEAP SUMMARY:
==4821== in use at exit: 0 bytes in 0 blocks
==4821== total heap usage: 70 allocs, 70 frees, 21,050 bytes allocated
==4821==
==4821== All heap blocks were freed -- no leaks are possible
==4821==
==4821== For counts of detected and suppressed errors, rerun with: -v
==4821== Use --track-origins=yes to see where uninitialised values come from
==4821== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (900, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libconfuse-dev depends on:
ii libconfuse0 2.7-4 Library for parsing configuration
libconfuse-dev recommends no packages.
libconfuse-dev suggests no packages.
-- no debconf information
==4828== Memcheck, a memory error detector
==4828== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==4828== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==4828== Command: ./a.out
==4828==
--4828-- Valgrind options:
--4828-- --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--4828-- -v
--4828-- Contents of /proc/version:
--4828-- Linux version 3.0.0-1-amd64 (Debian 3.0.0-2) ([email protected])
(gcc version 4.5.3 (Debian 4.5.3-5) ) #1 SMP Wed Aug 17 04:08:52 UTC 2011
--4828-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--4828-- Page sizes: currently 4096, max supported 4096
--4828-- Valgrind library directory: /usr/lib/valgrind
--4828-- Reading syms from /home/mc/essais/a.out (0x400000)
--4828-- Reading syms from /lib/x86_64-linux-gnu/ld-2.13.so (0x4000000)
--4828-- Considering /lib/x86_64-linux-gnu/ld-2.13.so ..
--4828-- .. CRC mismatch (computed a5722a9a wanted 2ec1758b)
--4828-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.13.so ..
--4828-- .. CRC is valid
--4828-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux (0x38000000)
--4828-- object doesn't have a symbol table
--4828-- object doesn't have a dynamic symbol table
--4828-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--4828-- Reading suppressions file: /usr/lib/valgrind/default.supp
--4828-- REDIR: 0x40164f0 (strlen) redirected to 0x3805f727 (???)
--4828-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so
(0x4a22000)
--4828-- object doesn't have a symbol table
--4828-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so
(0x4c23000)
--4828-- object doesn't have a symbol table
==4828== WARNING: new redirection conflicts with existing -- ignoring it
--4828-- new: 0x040164f0 (strlen ) R-> 0x04c280d0 strlen
--4828-- REDIR: 0x4016360 (index) redirected to 0x4c27d30 (index)
--4828-- REDIR: 0x40163e0 (strcmp) redirected to 0x4c28c90 (strcmp)
--4828-- Reading syms from /usr/lib/x86_64-linux-gnu/libconfuse.so.0.0.0
(0x4e2d000)
--4828-- object doesn't have a symbol table
--4828-- Reading syms from /lib/x86_64-linux-gnu/libc-2.13.so (0x5039000)
--4828-- Considering /lib/x86_64-linux-gnu/libc-2.13.so ..
--4828-- .. CRC mismatch (computed a808b01d wanted e4e07f30)
--4828-- Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.13.so ..
--4828-- .. CRC is valid
--4828-- REDIR: 0x50bb3e0 (strncasecmp) redirected to 0x4a22620
(_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x50b9120 (strcasecmp) redirected to 0x4a22620
(_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x50b7180 (__GI_strrchr) redirected to 0x4c27b50 (__GI_strrchr)
--4828-- REDIR: 0x50b56a0 (__GI_strlen) redirected to 0x4c28090 (__GI_strlen)
--4828-- REDIR: 0x50b58d0 (__GI_strncmp) redirected to 0x4c28590 (__GI_strncmp)
--4828-- REDIR: 0x50b8fd0 (__GI_stpcpy) redirected to 0x4c299d0 (__GI_stpcpy)
--4828-- REDIR: 0x50beed0 (strchrnul) redirected to 0x4c29dd0 (strchrnul)
This works well: Success
--4828-- REDIR: 0x50af940 (calloc) redirected to 0x4c25dc0 (calloc)
--4828-- REDIR: 0x50b03b0 (malloc) redirected to 0x4c27730 (malloc)
--4828-- REDIR: 0x50bdab0 (memcpy) redirected to 0x4a22620 (_vgnU_ifunc_wrapper)
--4828-- REDIR: 0x515b2b0 (__memcpy_ssse3_back) redirected to 0x4c28d90 (memcpy)
--4828-- REDIR: 0x50b1400 (realloc) redirected to 0x4c27800 (realloc)
--4828-- REDIR: 0x50b3c60 (__GI_strcmp) redirected to 0x4c28c30 (__GI_strcmp)
--4828-- REDIR: 0x50b3ba0 (__GI_strchr) redirected to 0x4c27c30 (__GI_strchr)
--4828-- REDIR: 0x50b02d0 (free) redirected to 0x4c26890 (free)
We can access errno without problem, here is its value: 22
--4828-- REDIR: 0x50b5780 (strnlen) redirected to 0x4c28010 (strnlen)
--4828-- REDIR: 0x50b50e0 (__GI_strcpy) redirected to 0x4c281c0 (__GI_strcpy)
--4828-- REDIR: 0x50b7880 (memchr) redirected to 0x4c28d50 (memchr)
--4828-- REDIR: 0x51480d0 (__strcasecmp_sse42) redirected to 0x4c28610
(strcasecmp)
--4828-- REDIR: 0x50bee80 (__GI___rawmemchr) redirected to 0x4c29e20
(__GI___rawmemchr)
==4828== Conditional jump or move depends on uninitialised value(s)
==4828== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
This generates an error: Succès
This does not generate an error: Succès
==4828==
==4828== HEAP SUMMARY:
==4828== in use at exit: 0 bytes in 0 blocks
==4828== total heap usage: 69 allocs, 69 frees, 20,482 bytes allocated
==4828==
==4828== All heap blocks were freed -- no leaks are possible
==4828==
==4828== Use --track-origins=yes to see where uninitialised values come from
==4828== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
==4828==
==4828== 1 errors in context 1 of 3:
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB368: __GI___strcasecmp_l (strcmp.S:2258)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828==
==4828== 1 errors in context 2 of 3:
==4828== Use of uninitialised value of size 8
==4828== at 0x50BB364: __GI___strcasecmp_l (strcmp.S:2257)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
==4828==
==4828== 1 errors in context 3 of 3:
==4828== Conditional jump or move depends on uninitialised value(s)
==4828== at 0x50B922B: __GI___strcasecmp_l (strcmp.S:243)
==4828== by 0x5058E2C: __gconv_open (gconv_open.c:70)
==4828== by 0x5065EB6: _nl_find_msg (dcigettext.c:990)
==4828== by 0x5066673: __dcigettext (dcigettext.c:654)
==4828== by 0x50B5597: strerror_r (_strerror.c:65)
==4828== by 0x508DA8B: perror_internal (perror.c:38)
==4828== by 0x40082A: main (test_confuse.c:25)
==4828==
--4828--
--4828-- used_suppression: 4 dl-hack3-cond-1
==4828==
==4828== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 4 from 4)
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <confuse.h>
int main(void)
{
cfg_t *cfg = NULL ;
cfg_opt_t opts[] =
{
CFG_INT("my-int-option", 0, CFGF_NONE),
CFG_END()
} ;
errno = 0 ;
perror("This works well") ;
cfg = cfg_init(opts, CFGF_NONE) ;
fprintf(stderr,
"We can access errno without problem, here is its value: %d\n",
errno) ;
errno = 0 ; // this changes nothing
perror("This generates an error") ;
perror("This does not generate an error") ;
cfg_free(cfg) ;
return 0 ;
}
