Bug#419012: /lib/ld-2.5.so: Conditional jump or move depends on uninitialised value(s)
Package: libc6
Version: 2.5-1
Severity: critical
Tags: security
Justification: root security hole
Hi,
valgrind reports jumps depending on uninitialized valuse in
/lib/ld-2.5.so. I found this bug using some gfortran 4.2, but I get it
also using the standard gcc package (version 4:4.1.1-15).
I'm not really sure about severity of this bug. Please have a look on it
and change it to the appopriate value.
C-Program:
-----------
#include <stdio.h>
int main() {
printf("Hello World\n");
}
-----------
valgrind output:
-----------
==16052== Memcheck, a memory error detector.
==16052== Copyright (C) 2002-2006, and GNU GPL'd, by Julian Seward et al.
==16052== Using LibVEX rev 1658, a library for dynamic binary translation.
==16052== Copyright (C) 2004-2006, and GNU GPL'd, by OpenWorks LLP.
==16052== Using valgrind-3.2.1-Debian, a dynamic binary instrumentation framework.
==16052== Copyright (C) 2000-2006, and GNU GPL'd, by Julian Seward et al.
==16052== For more details, rerun with: -v
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x4015347: (within /lib/ld-2.5.so)
==16052== by 0x40052A8: (within /lib/ld-2.5.so)
==16052== by 0x4007D4B: (within /lib/ld-2.5.so)
==16052== by 0x40031A8: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x40151EE: (within /lib/ld-2.5.so)
==16052== by 0x400779A: (within /lib/ld-2.5.so)
==16052== by 0x4008467: (within /lib/ld-2.5.so)
==16052== by 0x400169A: (within /lib/ld-2.5.so)
==16052== by 0x400D8D5: (within /lib/ld-2.5.so)
==16052== by 0x4004817: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x40151F9: (within /lib/ld-2.5.so)
==16052== by 0x400779A: (within /lib/ld-2.5.so)
==16052== by 0x4008467: (within /lib/ld-2.5.so)
==16052== by 0x400169A: (within /lib/ld-2.5.so)
==16052== by 0x400D8D5: (within /lib/ld-2.5.so)
==16052== by 0x4004817: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x4015204: (within /lib/ld-2.5.so)
==16052== by 0x400779A: (within /lib/ld-2.5.so)
==16052== by 0x4008467: (within /lib/ld-2.5.so)
==16052== by 0x400169A: (within /lib/ld-2.5.so)
==16052== by 0x400D8D5: (within /lib/ld-2.5.so)
==16052== by 0x4004817: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x4015361: (within /lib/ld-2.5.so)
==16052== by 0x40077A7: (within /lib/ld-2.5.so)
==16052== by 0x4008467: (within /lib/ld-2.5.so)
==16052== by 0x400169A: (within /lib/ld-2.5.so)
==16052== by 0x400D8D5: (within /lib/ld-2.5.so)
==16052== by 0x4004817: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x4015361: (within /lib/ld-2.5.so)
==16052== by 0x400A71D: (within /lib/ld-2.5.so)
==16052== by 0x40061A3: (within /lib/ld-2.5.so)
==16052== by 0x4008513: (within /lib/ld-2.5.so)
==16052== by 0x400169A: (within /lib/ld-2.5.so)
==16052== by 0x400D8D5: (within /lib/ld-2.5.so)
==16052== by 0x4004817: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x400ADF5: (within /lib/ld-2.5.so)
==16052== by 0x4003CDD: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
==16052==
==16052== Conditional jump or move depends on uninitialised value(s)
==16052== at 0x400ADFE: (within /lib/ld-2.5.so)
==16052== by 0x4003CDD: (within /lib/ld-2.5.so)
==16052== by 0x4013F0A: (within /lib/ld-2.5.so)
==16052== by 0x40012D6: (within /lib/ld-2.5.so)
==16052== by 0x4000A77: (within /lib/ld-2.5.so)
Hello World
==16052==
==16052== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 0 from 0)
==16052== malloc/free: in use at exit: 0 bytes in 0 blocks.
==16052== malloc/free: 0 allocs, 0 frees, 0 bytes allocated.
==16052== For counts of detected errors, rerun with: -v
==16052== All heap blocks were freed -- no leaks are possible.
-----------
LANG=C gcc --version
gcc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
Copyright (C) 2006 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is
NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
-- System Information:
Debian Release: lenny/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'dapper-updates'), (500, 'dapper-security'), (500, 'dapper-proposed'), (500, 'dapper-backports'), (500, 'dapper'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-amd64-generic
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
-- no debconf information
Reply to: