Package: libc6 Version: 2.3.6.ds1-13 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Valgrind has been reporting the following already for a long time: ==16241== Thread 2: ==16241== Conditional jump or move depends on uninitialised value(s) ==16241== at 0x40270CC: __pthread_manager (manager.c:128) ==16241== by 0x4151389: clone (clone.S:119) This might pose an attack vector, as memory on the stack is not cleared out per default, depending on the compiler that is used, which in general is gcc which does not do that; which is evident otherwise valgrind would not complain about it. The problem seems to be somewhere inside: 8<--------------------------------------------- /* If we have special thread_self processing, initialize it. */ #ifdef INIT_THREAD_SELF INIT_THREAD_SELF(self, 1); #endif - --------------------------------------------->8 Which, when trying to follow it, is a huge messy code block. Trying to determine exactly that this problem occurs is difficult because of this, it would have been very handy if instead of #defining functions that code was actually in functions and then let the compiler choose to optimize it out or not. But that is my opinion. Can somebody, more fluent in glibc, take a look at this? - -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i386) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libc6 depends on: ii tzdata 2007c-1 Time Zone and Daylight Saving Time libc6 recommends no packages. - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Jeroen Massar / http://unfix.org/~jeroen/ iD8DBQFF/9SwKaooUjM+fCMRArQYAJ9McAvhz6iT8UWiedv85HJkfL/fqQCffmme 6ya9sqgMApd9C+VvhnzluA8= =MMRc -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
