Bug#728953: strtod: Valgrind reports invalid read when first char is 'n' (in the x86_64 version)
Package: libc6
Version: 2.13-38
Severity: minor
When strtod receives a string starting with 'n', it will read 16
bytes regardless of the actual length of the string sent.
Example:
$ echo "#include <stdlib.h>
int main() {
char buf[] = "no";
strtod(buf, NULL);
}
" > main.c
$ gcc main.c
$ LD_DEBUG=bindings ./a.out 2>&1 | grep strtod
25988: binding file ./a.out [0] to
/lib/x86_64-linux-gnu/libc.so.6 [0]:
normal symbol `strtod' [GLIBC_2.2.5]
$ valgrind --track-origins=yes ./a.out
==123== Memcheck, a memory error detector
==123== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==123== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==123== Command: ./a.out
==123==
==123== Conditional jump or move depends on uninitialised value(s)
==123== at 0x4EB5C71: __GI___strncasecmp_l (strcmp.S:243)
==123== by 0x4E6B2F3: ____strtod_l_internal (strtod_l.c:585)
==123== by 0x40052E: main (in /net/home/borisc/test/a.out)
==123== Uninitialised value was created by a stack allocation
==123== at 0x40050C: main (in /net/home/borisc/test/a.out)
==123==
==123== Conditional jump or move depends on uninitialised value(s)
==123== at 0x4EB8197: __GI___strncasecmp_l (strcmp.S:2255)
==123== by 0x4E6B2F3: ____strtod_l_internal (strtod_l.c:585)
==123== by 0x40052E: main (in /net/home/borisc/test/a.out)
==123== Uninitialised value was created by a stack allocation
==123== at 0x40050C: main (in /net/home/borisc/test/a.out)
==123==
==123== Use of uninitialised value of size 8
==123== at 0x4EB8199: __GI___strncasecmp_l (strcmp.S:2257)
==123== by 0x4E6B2F3: ____strtod_l_internal (strtod_l.c:585)
==123== by 0x40052E: main (in /net/home/borisc/test/a.out)
==123== Uninitialised value was created by a stack allocation
==123== at 0x40050C: main (in /net/home/borisc/test/a.out)
==123==
==123== Use of uninitialised value of size 8
==123== at 0x4EB819D: __GI___strncasecmp_l (strcmp.S:2258)
==123== by 0x4E6B2F3: ____strtod_l_internal (strtod_l.c:585)
==123== by 0x40052E: main (in /net/home/borisc/test/a.out)
==123== Uninitialised value was created by a stack allocation
==123== at 0x40050C: main (in /net/home/borisc/test/a.out)
==123==
==123==
==123== HEAP SUMMARY:
==123== in use at exit: 0 bytes in 0 blocks
==123== total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==123==
==123== All heap blocks were freed -- no leaks are possible
==123==
==123== For counts of detected and suppressed errors, rerun with: -v
==123== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 4 from 4)
$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.7/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.7.2-5'
--with-bugurl=file:///usr/share/doc/gcc-4.7/README.Bugs
--enable-languages=c,c++,go,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.7 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.7
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--enable-gnu-unique-object --enable-plugin --enable-objc-gc
--with-arch-32=i586 --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.7.2 (Debian 4.7.2-5)
-- System Information:
Debian Release: 7.2
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.8-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libc6 depends on:
ii libc-bin 2.13-38
ii libgcc1 1:4.7.2-5
libc6 recommends no packages.
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.49
pn glibc-doc <none>
ii locales 2.13-38
-- debconf information:
glibc/upgrade: true
glibc/disable-screensaver:
glibc/restart-failed:
glibc/restart-services:
libraries/restart-without-asking: false
Reply to: