Bug#415573: libc6: uninitialised value in manager.c:128
Package: libc6
Version: 2.3.6.ds1-13
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Valgrind has been reporting the following already for a long time:
==16241== Thread 2:
==16241== Conditional jump or move depends on uninitialised value(s)
==16241== at 0x40270CC: __pthread_manager (manager.c:128)
==16241== by 0x4151389: clone (clone.S:119)
This might pose an attack vector, as memory on the stack is not cleared
out per default, depending on the compiler that is used, which in
general is gcc which does not do that; which is evident otherwise
valgrind would not complain about it.
The problem seems to be somewhere inside:
8<---------------------------------------------
/* If we have special thread_self processing, initialize it. */
#ifdef INIT_THREAD_SELF
INIT_THREAD_SELF(self, 1);
#endif
- --------------------------------------------->8
Which, when trying to follow it, is a huge messy code block.
Trying to determine exactly that this problem occurs is difficult
because of this, it would have been very handy if instead of #defining
functions that code was actually in functions and then let the compiler
choose to optimize it out or not. But that is my opinion.
Can somebody, more fluent in glibc, take a look at this?
- -- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i386)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libc6 depends on:
ii tzdata 2007c-1 Time Zone and Daylight Saving Time
libc6 recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Jeroen Massar / http://unfix.org/~jeroen/
iD8DBQFF/9SwKaooUjM+fCMRArQYAJ9McAvhz6iT8UWiedv85HJkfL/fqQCffmme
6ya9sqgMApd9C+VvhnzluA8=
=MMRc
-----END PGP SIGNATURE-----
Reply to: