Bug#214147: iconv_open("L1","L1") causes conditional jump/move on uninitialized value
Package: libc6
Version: 2.3.2-8
I don't know whether this is really a bug, as I can only confirm it to cause
error messages from valgrind and no real seg faults, but:
$ cat fixme.c
#include <iconv.h>
int main (void) { iconv_open ("L1", "L1"); return 0; }
$ valgrind --num-callers=40 ./fixme
==15689== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==15689== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==15689== Using valgrind-20030725, a program supervision framework for x86-linux.
==15689== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==15689== Estimated CPU clock rate is 902 MHz
==15689== For more details, rerun with: -v
==15689==
==15689== Conditional jump or move depends on uninitialised value(s)
==15689== at 0x40008ABA: _dl_relocate_object_internal (in /lib/ld-2.3.2.so)
==15689== by 0x4035FCF0: (within /lib/libc-2.3.2.so)
==15689== by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689== by 0x4035FF5B: _dl_open (in /lib/libc-2.3.2.so)
==15689== by 0x40360E77: (within /lib/libc-2.3.2.so)
==15689== by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689== by 0x40360E2D: (within /lib/libc-2.3.2.so)
==15689== by 0x40360F47: (within /lib/libc-2.3.2.so)
==15689== by 0x40278655: (within /lib/libc-2.3.2.so)
==15689== by 0x40270785: (within /lib/libc-2.3.2.so)
==15689== by 0x40270A90: (within /lib/libc-2.3.2.so)
==15689== by 0x40271075: (within /lib/libc-2.3.2.so)
==15689== by 0x4026FA22: (within /lib/libc-2.3.2.so)
==15689== by 0x4026F694: iconv_open (in /lib/libc-2.3.2.so)
==15689== by 0x8048387: main (fixme.c:7)
==15689== by 0x4026EDBD: __libc_start_main (in /lib/libc-2.3.2.so)
==15689== by 0x80482C0: (within ###/fixme)
==15689==
==15689== Conditional jump or move depends on uninitialised value(s)
==15689== at 0x40008B05: _dl_relocate_object_internal (in /lib/ld-2.3.2.so)
==15689== by 0x4035FCF0: (within /lib/libc-2.3.2.so)
==15689== by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689== by 0x4035FF5B: _dl_open (in /lib/libc-2.3.2.so)
==15689== by 0x40360E77: (within /lib/libc-2.3.2.so)
==15689== by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689== by 0x40360E2D: (within /lib/libc-2.3.2.so)
==15689== by 0x40360F47: (within /lib/libc-2.3.2.so)
==15689== by 0x40278655: (within /lib/libc-2.3.2.so)
==15689== by 0x40270785: (within /lib/libc-2.3.2.so)
==15689== by 0x40270A90: (within /lib/libc-2.3.2.so)
==15689== by 0x40271075: (within /lib/libc-2.3.2.so)
==15689== by 0x4026FA22: (within /lib/libc-2.3.2.so)
==15689== by 0x4026F694: iconv_open (in /lib/libc-2.3.2.so)
==15689== by 0x8048387: main (fixme.c:7)
==15689== by 0x4026EDBD: __libc_start_main (in /lib/libc-2.3.2.so)
==15689== by 0x80482C0: (within ###/fixme)
==15689== discard syms in /usr/lib/gconv/ISO8859-1.so due to munmap()
==15689==
==15689== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==15689== malloc/free: in use at exit: 32720 bytes in 2 blocks.
==15689== malloc/free: 1927 allocs, 1925 frees, 102653 bytes allocated.
==15689== For a detailed leak analysis, rerun with: --leak-check=yes
==15689== For counts of detected errors, rerun with: -v
$
An strace on valgrind shows that the gconv module is already loaded at that
point. It does not depend on what 8bit encoding is chosen, as I tried
several ISO-8859-* and KOI8-R. I wished I could show debugging info from
glibc, but as soon as I install libc6-dbg, this bug doesn't happen anymore,
so it might be a compiler or optimizer bug. Playing with prelink could
reduce the number of errors to one, though none to cause reads or writes to
illegal mem.
Reply to: