Report forwarded
to debian-bugs-dist@lists.debian.org, Mark Brown <broonie@debian.org>: Bug#577135; Package zlib1g.
(Fri, 09 Apr 2010 23:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Yaroslav Halchenko <debian@onerussian.com>:
New Bug report received and forwarded. Copy sent to Mark Brown <broonie@debian.org>.
(Fri, 09 Apr 2010 23:57:04 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: somewhat safe -- inflateReset2: Conditional jump or move depends on
uninitialised value
Date: Fri, 09 Apr 2010 19:54:20 -0400
Package: zlib1g
Version: 1:1.2.3.5.dfsg-1~debug1
Severity: minor
File: /usr/lib/libz.so.1.2.3.5
We are experiencing some bugs in our project (pymvpa) so I went on
'valgrind triage'. Few issues come up due to libz, so I built 'experimental'
version with hope that some could have been resolved. Nevertheless here is one:
==15629== Conditional jump or move depends on uninitialised value(s)
==15629== at 0x976F917: inflateReset2 (inflate.c:157)
==15629== by 0x976FA6B: inflateInit2_ (inflate.c:193)
==15629== by 0x976B5EC: gz_head (gzread.c:132)
==15629== by 0x976C037: gz_make (gzread.c:305)
==15629== by 0x976C314: gzread (gzread.c:402)
==15629== by 0xF759671: znzread (in /usr/lib/libznz.so.1.1.0)
==15629== by 0xF5436E4: ??? (in /usr/lib/libniftiio.so.1.1.0)
==15629== by 0xF54DD87: nifti_image_read (in /usr/lib/libniftiio.so.1.1.0)
==15629== by 0xF30C51B: ??? (in /usr/lib/python-support/python-nifti/python2.5/nifti/_clib.so)
==15629== by 0x48DB17: PyEval_EvalFrameEx (in /usr/bin/python2.5)
==15629== by 0x48EC8E: PyEval_EvalFrameEx (in /usr/bin/python2.5)
==15629== by 0x48F4E0: PyEval_EvalCodeEx (in /usr/bin/python2.5)
==15629== Uninitialised value was created by a heap allocation
==15629== at 0x4C221A7: malloc (vg_replace_malloc.c:195)
==15629== by 0x97771C7: zcalloc (zutil.c:306)
==15629== by 0x976FA30: inflateInit2_ (inflate.c:187)
==15629== by 0x976B5EC: gz_head (gzread.c:132)
==15629== by 0x976C037: gz_make (gzread.c:305)
==15629== by 0x976C314: gzread (gzread.c:402)
==15629== by 0xF759671: znzread (in /usr/lib/libznz.so.1.1.0)
==15629== by 0xF5436E4: ??? (in /usr/lib/libniftiio.so.1.1.0)
and if we look at the code of inflate.c:
130:int ZEXPORT inflateReset2(strm, windowBits)
131:z_streamp strm;
132:int windowBits;
133:{
...
139: state = (struct inflate_state FAR *)strm->state;
...
157: if (state->wbits != windowBits && state->window != Z_NULL) {
158: ZFREE(strm, state->window);
159: state->window = Z_NULL;
160: }
...
187: state = (struct inflate_state FAR *)
188: ZALLOC(strm, 1, sizeof(struct inflate_state));
189: if (state == Z_NULL) return Z_MEM_ERROR;
190: Tracev((stderr, "inflate: allocated\n"));
191: strm->state = (struct internal_state FAR *)state;
192: state->window = Z_NULL;
193: ret = inflateReset2(strm, windowBits);
so probably in this case the issue is non-existant (at least in this case) since
state->window = Z_NULL;
so condition is never evaluated to True, but if that was the logic -- to allow
uninitialized wbits while window is Z_NULL, it would be better to swap the
order of conditions in 157 to pacify valgrind for such nerveous users as I am
;) and allow to catch true positives ;)
cheers
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (901, 'unstable'), (900, 'testing'), (300, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages zlib1g depends on:
ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib
zlib1g recommends no packages.
zlib1g suggests no packages.
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Mark Brown <broonie@debian.org>: Bug#577135; Package zlib1g.
(Mon, 10 May 2010 10:12:07 GMT) (full text, mbox, link).
Acknowledgement sent
to jgmb65@rezozer.net:
Extra info received and forwarded to list. Copy sent to Mark Brown <broonie@debian.org>.
(Mon, 10 May 2010 10:12:07 GMT) (full text, mbox, link).
Subject: somewhat safe -- inflateReset2: Conditional jump or move depends
on uninitialised value
Date: Mon, 10 May 2010 17:46:07 +0800
Hello,
this issue is fixed in version 1.2.4.
Jerome
--
Jerome BENOIT
jgmbenoit-at+rezozer*dot_net
Reply sent
to Mark Brown <broonie@debian.org>:
You have taken responsibility.
(Mon, 10 May 2010 10:18:09 GMT) (full text, mbox, link).
Notification sent
to Yaroslav Halchenko <debian@onerussian.com>:
Bug acknowledged by developer.
(Mon, 10 May 2010 10:18:09 GMT) (full text, mbox, link).
Subject: Re: Bug#577135: somewhat safe -- inflateReset2: Conditional jump
or move depends on uninitialised value
Date: Mon, 10 May 2010 11:14:53 +0100
Version: 1.2.4-1
On Mon, May 10, 2010 at 05:46:07PM +0800, Jerome BENOIT wrote:
> this issue is fixed in version 1.2.4.
Closing then. Version tracking should do the right thing here. Thanks
for checking.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 08 Jun 2010 07:31:08 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.