Bug#214147: marked as done (iconv_open("L1","L1") causes conditional jump/move on uninitialized value)

To: GOTO Masanori <gotom@debian.or.jp>
Cc: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Subject: Bug#214147: marked as done (iconv_open("L1","L1") causes conditional jump/move on uninitialized value)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 30 Apr 2004 18:48:04 -0700
Message-id: <[🔎] handler.214147.D214147.108337537429815.ackdone@bugs.debian.org>
In-reply-to: <81vfjh9beb.wl@omega.webmasters.gr.jp>
References: <81vfjh9beb.wl@omega.webmasters.gr.jp> <20031004235104.GA28178@o112.hadiko.de>
Your message dated Sat, 01 May 2004 10:36:12 +0900
with message-id <81vfjh9beb.wl@omega.webmasters.gr.jp>
and subject line Bug#214147: iconv_open("L1","L1") causes conditional jump/move on uninitialized value
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Oct 2003 23:51:20 +0000
>From debian-bugs-8.SIkFZGM16s=spam@ruediger-kuhlmann.de Sat Oct 04 18:51:09 2003
Return-path: <debian-bugs-8.SIkFZGM16s=spam@ruediger-kuhlmann.de>
Received: from mailgate.rz.uni-karlsruhe.de [129.13.64.97] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1A5wB2-0005aZ-00; Sat, 04 Oct 2003 18:51:08 -0500
Received: from hadio112.hadiko.uni-karlsruhe.de ([CGPU8mZ+XLXqpWrYSCZR80bAKViSWZGz]@hadio112.hadiko.uni-karlsruhe.de [172.20.45.27])
	by mailgate.rz.uni-karlsruhe.de with esmtp (Exim 3.36 #1)
	id 1A5wB1-00017M-00; Sun, 05 Oct 2003 01:51:07 +0200
Received: from ruediger by hadio112.hadiko.uni-karlsruhe.de with local (Exim 3.35 #1 (Debian))
	id 1A5wAy-0004MT-00
	for <submit@bugs.debian.org>; Sun, 05 Oct 2003 01:51:04 +0200
Date: Sun, 5 Oct 2003 01:51:04 +0200
From: =?iso-8859-1?Q?R=FCdiger?= Kuhlmann <debian-bugs-8.SIkFZGM16s=spam@ruediger-kuhlmann.de>
To: submit@bugs.debian.org
Subject: iconv_open("L1","L1") causes conditional jump/move on uninitialized value
Message-ID: <20031004235104.GA28178@o112.hadiko.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.4i
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0
	tests=HAS_PACKAGE
	version=2.53-bugs.debian.org_2003_10_03
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_10_03 (1.174.2.15-2003-03-30-exp)


Package: libc6
Version: 2.3.2-8

I don't know whether this is really a bug, as I can only confirm it to cause
error messages from valgrind and no real seg faults, but:

$ cat fixme.c
#include <iconv.h>
int main (void) { iconv_open ("L1", "L1"); return 0; }
$ valgrind --num-callers=40 ./fixme
==15689== Memcheck, a.k.a. Valgrind, a memory error detector for x86-linux.
==15689== Copyright (C) 2002-2003, and GNU GPL'd, by Julian Seward.
==15689== Using valgrind-20030725, a program supervision framework for x86-linux.
==15689== Copyright (C) 2000-2003, and GNU GPL'd, by Julian Seward.
==15689== Estimated CPU clock rate is 902 MHz
==15689== For more details, rerun with: -v
==15689==
==15689== Conditional jump or move depends on uninitialised value(s)
==15689==    at 0x40008ABA: _dl_relocate_object_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x4035FCF0: (within /lib/libc-2.3.2.so)
==15689==    by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x4035FF5B: _dl_open (in /lib/libc-2.3.2.so)
==15689==    by 0x40360E77: (within /lib/libc-2.3.2.so)
==15689==    by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x40360E2D: (within /lib/libc-2.3.2.so)
==15689==    by 0x40360F47: (within /lib/libc-2.3.2.so)
==15689==    by 0x40278655: (within /lib/libc-2.3.2.so)
==15689==    by 0x40270785: (within /lib/libc-2.3.2.so)
==15689==    by 0x40270A90: (within /lib/libc-2.3.2.so)
==15689==    by 0x40271075: (within /lib/libc-2.3.2.so)
==15689==    by 0x4026FA22: (within /lib/libc-2.3.2.so)
==15689==    by 0x4026F694: iconv_open (in /lib/libc-2.3.2.so)
==15689==    by 0x8048387: main (fixme.c:7)
==15689==    by 0x4026EDBD: __libc_start_main (in /lib/libc-2.3.2.so)
==15689==    by 0x80482C0: (within ###/fixme)
==15689==
==15689== Conditional jump or move depends on uninitialised value(s)
==15689==    at 0x40008B05: _dl_relocate_object_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x4035FCF0: (within /lib/libc-2.3.2.so)
==15689==    by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x4035FF5B: _dl_open (in /lib/libc-2.3.2.so)
==15689==    by 0x40360E77: (within /lib/libc-2.3.2.so)
==15689==    by 0x4000B115: _dl_catch_error_internal (in /lib/ld-2.3.2.so)
==15689==    by 0x40360E2D: (within /lib/libc-2.3.2.so)
==15689==    by 0x40360F47: (within /lib/libc-2.3.2.so)
==15689==    by 0x40278655: (within /lib/libc-2.3.2.so)
==15689==    by 0x40270785: (within /lib/libc-2.3.2.so)
==15689==    by 0x40270A90: (within /lib/libc-2.3.2.so)
==15689==    by 0x40271075: (within /lib/libc-2.3.2.so)
==15689==    by 0x4026FA22: (within /lib/libc-2.3.2.so)
==15689==    by 0x4026F694: iconv_open (in /lib/libc-2.3.2.so)
==15689==    by 0x8048387: main (fixme.c:7)
==15689==    by 0x4026EDBD: __libc_start_main (in /lib/libc-2.3.2.so)
==15689==    by 0x80482C0: (within ###/fixme)
==15689== discard syms in /usr/lib/gconv/ISO8859-1.so due to munmap()
==15689==
==15689== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 from 0)
==15689== malloc/free: in use at exit: 32720 bytes in 2 blocks.
==15689== malloc/free: 1927 allocs, 1925 frees, 102653 bytes allocated.
==15689== For a detailed leak analysis,  rerun with: --leak-check=yes
==15689== For counts of detected errors, rerun with: -v
$ 

An strace on valgrind shows that the gconv module is already loaded at that
point. It does not depend on what 8bit encoding is chosen, as I tried
several ISO-8859-* and KOI8-R. I wished I could show debugging info from
glibc, but as soon as I install libc6-dbg, this bug doesn't happen anymore,
so it might be a compiler or optimizer bug. Playing with prelink could
reduce the number of errors to one, though none to cause reads or writes to
illegal mem.

---------------------------------------
Received: (at 214147-done) by bugs.debian.org; 1 May 2004 01:36:14 +0000
>From gotom@debian.or.jp Fri Apr 30 18:36:14 2004
Return-path: <gotom@debian.or.jp>
Received: from omega.webmasters.gr.jp (webmasters.gr.jp) [218.44.239.78] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BJjQL-0007kh-00; Fri, 30 Apr 2004 18:36:13 -0700
Received: from omega.webmasters.gr.jp (localhost [127.0.0.1])
	by webmasters.gr.jp (Postfix) with ESMTP
	id 026A5DF4FF; Sat,  1 May 2004 10:36:13 +0900 (JST)
Date: Sat, 01 May 2004 10:36:12 +0900
Message-ID: <81vfjh9beb.wl@omega.webmasters.gr.jp>
From: GOTO Masanori <gotom@debian.or.jp>
To: =?ISO-8859-1?Q?R=FCdiger?= Kuhlmann <debian-bugs-8.SIkFZGM16s=spam@ruediger-kuhlmann.de>,
	214147-done@bugs.debian.org
Subject: Re: Bug#214147: iconv_open("L1","L1") causes conditional jump/move on uninitialized value
In-Reply-To: <20031004235104.GA28178@o112.hadiko.de>
References: <20031004235104.GA28178@o112.hadiko.de>
User-Agent: Wanderlust/2.9.9 (Unchained Melody) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2
 (i386-debian-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Delivered-To: 214147-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 1

Hi,=20

At Sun, 5 Oct 2003 01:51:04 +0200,
R=FCdiger Kuhlmann wrote:
> I don't know whether this is really a bug, as I can only confirm it to ca=
use
> error messages from valgrind and no real seg faults, but:
>=20
> $ cat fixme.c
> #include <iconv.h>
> int main (void) { iconv_open ("L1", "L1"); return 0; }
> $ valgrind --num-callers=3D40 ./fixme
> =3D=3D15689=3D=3D Memcheck, a.k.a. Valgrind, a memory error detector for =
x86-linux.
> =3D=3D15689=3D=3D Copyright (C) 2002-2003, and GNU GPL'd, by Julian Sewar=
d.
> =3D=3D15689=3D=3D Using valgrind-20030725, a program supervision framewor=
k for x86-linux.
> =3D=3D15689=3D=3D Copyright (C) 2000-2003, and GNU GPL'd, by Julian Sewar=
d.
> =3D=3D15689=3D=3D Estimated CPU clock rate is 902 MHz
> =3D=3D15689=3D=3D For more details, rerun with: -v
> =3D=3D15689=3D=3D
> =3D=3D15689=3D=3D Conditional jump or move depends on uninitialised value=
(s)
...
> =3D=3D15689=3D=3D ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 0 =
from 0)
> =3D=3D15689=3D=3D malloc/free: in use at exit: 32720 bytes in 2 blocks.
> =3D=3D15689=3D=3D malloc/free: 1927 allocs, 1925 frees, 102653 bytes allo=
cated.
> =3D=3D15689=3D=3D For a detailed leak analysis,  rerun with: --leak-check=
=3Dyes
> =3D=3D15689=3D=3D For counts of detected errors, rerun with: -v
>
> An strace on valgrind shows that the gconv module is already loaded at th=
at
> point. It does not depend on what 8bit encoding is chosen, as I tried
> several ISO-8859-* and KOI8-R. I wished I could show debugging info from
> glibc, but as soon as I install libc6-dbg, this bug doesn't happen anymor=
e,
> so it might be a compiler or optimizer bug. Playing with prelink could
> reduce the number of errors to one, though none to cause reads or writes =
to
> illegal mem.

Yeah, it might be bug.  However, with 2.3.2.ds1-12, it should be fixed.

	gotom@moog:~/debian/glibc/bugs/214147> dpkg -s libc6 | grep Version
	Version: 2.3.2.ds1-12
	gotom@moog:~/debian/glibc/bugs/214147> valgrind --num-callers=3D40 ./fixme
	=3D=3D10470=3D=3D Memcheck, a memory error detector for x86-linux.
	=3D=3D10470=3D=3D Copyright (C) 2002-2004, and GNU GPL'd, by Julian Seward.
	=3D=3D10470=3D=3D Using valgrind-2.1.1, a program supervision framework fo=
r x86-linux.
	=3D=3D10470=3D=3D Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward.
	=3D=3D10470=3D=3D For more details, rerun with: -v
	=3D=3D10470=3D=3D=20
	=3D=3D10470=3D=3D=20
	=3D=3D10470=3D=3D ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 13 =
from 1)
	=3D=3D10470=3D=3D malloc/free: in use at exit: 32720 bytes in 2 blocks.
	=3D=3D10470=3D=3D malloc/free: 1927 allocs, 1925 frees, 102712 bytes alloc=
ated.
	=3D=3D10470=3D=3D For a detailed leak analysis,  rerun with: --leak-check=
=3Dyes
	=3D=3D10470=3D=3D For counts of detected errors, rerun with: -v

I close this bug, but if you find another problem for this, please
reopen and report the problem.

Regards,
-- gotom
Reply to:
Prev by Date: Bug#245643: libc6: problem with $kernel_ver in preinst
Next by Date: Processed: Re: libc6: iconv(3) is not unix98 conformant - should take const char** as 2nd argument
Previous by thread: Bug#146489: libc6: Fixed upstream
Next by thread: Processed: Re: libc6: iconv(3) is not unix98 conformant - should take const char** as 2nd argument
Index(es):
- Date
- Thread