[Bug 1841403] [NEW] Uninitialized use with glibc version <= 2.28

Sun, 25 Aug 2019 23:26:14 -0700 

Public bug reported:

This bug is found in Ubuntu 18.10 and 18.04.

I am not sure if it has been fixed or not, so I think I should report it
first.

In 18.10 or 18.04, if you updated all the software to newest version, then 
execute:
valgrind objdump -d test-input.

The output of valgrind on Ubuntu 18.10:
==30071== Memcheck, a memory error detector
==30071== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==30071== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==30071== Command: objdump -d input.12602
==30071== Parent PID: 21664
==30071== 
==30071== Conditional jump or move depends on uninitialised value(s)
==30071==    at 0x524DF47: __wmemchr_avx2 (memchr-avx2.S:260)
==30071==    by 0x51AD4C2: internal_fnwmatch (fnmatch_loop.c:168)
==30071==    by 0x51B0868: fnmatch@@GLIBC_2.2.5 (fnmatch.c:434)
==30071==    by 0x4E3B646: ??? (in 
/usr/lib/x86_64-linux-gnu/libbfd-2.31.1-multiarch.so)
==30071==    by 0x4E3B738: bfd_set_default_target (in 
/usr/lib/x86_64-linux-gnu/libbfd-2.31.1-multiarch.so)
==30071==    by 0x14017C: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==30071==    by 0x10F97A: ??? (in /usr/bin/x86_64-linux-gnu-objdump)
==30071==    by 0x50ED09A: (below main) (libc-start.c:308)
==30071== 
==30071== 
==30071== HEAP SUMMARY:
==30071==     in use at exit: 0 bytes in 0 blocks
==30071==   total heap usage: 768 allocs, 768 frees, 342,516 bytes allocated
==30071== 
==30071== All heap blocks were freed -- no leaks are possible
==30071== 
==30071== For counts of detected and suppressed errors, rerun with: -v
==30071== Use --track-origins=yes to see where uninitialised values come from
==30071== ERROR SUMMARY: 6 errors from 1 contexts (suppressed: 0 from 0)

The test input is attached.

** Affects: glibc (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "PoC input to trigger this bug."
   
https://bugs.launchpad.net/bugs/1841403/+attachment/5284637/+files/input.12602

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1841403

Title:
  Uninitialized use with glibc version <= 2.28

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1841403/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to