[Bug 857143] [NEW] uninitialised value in sscanf

Björn Lundberg 857143 at bugs.launchpad.net
Fri Sep 23 08:11:16 UTC 2011 

Public bug reported:

Code example:

#include <stdio.h>

int main()
{
	double d;
	sscanf("inf","%lf",&d);
	printf("%g\n", d);
	return 0;
}

gcc --version
gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

gcc -g example.c

valgrind --version
valgrind-3.6.1


valgrind ./a.out
==6353== Memcheck, a memory error detector
==6353== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==6353== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==6353== Command: ./a.out
==6353== 
==6353== Conditional jump or move depends on uninitialised value(s)
==6353==    at 0x4EB73A1: __GI___strncasecmp_l (strcmp.S:243)
==6353==    by 0x4E6DF20: ____strtod_l_internal (strtod_l.c:566)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
==6353== Conditional jump or move depends on uninitialised value(s)
==6353==    at 0x4EB98C7: __GI___strncasecmp_l (strcmp.S:2255)
==6353==    by 0x4E6DF20: ____strtod_l_internal (strtod_l.c:566)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
==6353== Conditional jump or move depends on uninitialised value(s)
==6353==    at 0x4EB73A1: __GI___strncasecmp_l (strcmp.S:243)
==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
==6353== Conditional jump or move depends on uninitialised value(s)
==6353==    at 0x4EB98C7: __GI___strncasecmp_l (strcmp.S:2255)
==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
==6353== Use of uninitialised value of size 8
==6353==    at 0x4EB98C9: __GI___strncasecmp_l (strcmp.S:2257)
==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
==6353== Use of uninitialised value of size 8
==6353==    at 0x4EB98CD: __GI___strncasecmp_l (strcmp.S:2258)
==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
==6353==    by 0x400589: main (example.c:6)
==6353== 
inf
==6353== 
==6353== HEAP SUMMARY:
==6353==     in use at exit: 0 bytes in 0 blocks
==6353==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==6353== 
==6353== All heap blocks were freed -- no leaks are possible
==6353== 
==6353== For counts of detected and suppressed errors, rerun with: -v
==6353== Use --track-origins=yes to see where uninitialised values come from
==6353== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 4 from 4)

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: libc-bin 2.13-0ubuntu13
ProcVersionSignature: Ubuntu 2.6.38-11.48-generic 2.6.38.8
Uname: Linux 2.6.38-11-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Fri Sep 23 10:03:12 2011
Dependencies:
 
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
ProcEnviron:
 LANGUAGE=en_US:en
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: eglibc
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: eglibc (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug natty running-unity

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/857143

Title:
  uninitialised value in sscanf

Status in “eglibc” package in Ubuntu:
  New

Bug description:
  Code example:

  #include <stdio.h>

  int main()
  {
  	double d;
  	sscanf("inf","%lf",&d);
  	printf("%g\n", d);
  	return 0;
  }

  gcc --version
  gcc (Ubuntu/Linaro 4.5.2-8ubuntu4) 4.5.2
  Copyright (C) 2010 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

  gcc -g example.c

  valgrind --version
  valgrind-3.6.1

  
  valgrind ./a.out
  ==6353== Memcheck, a memory error detector
  ==6353== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
  ==6353== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
  ==6353== Command: ./a.out
  ==6353== 
  ==6353== Conditional jump or move depends on uninitialised value(s)
  ==6353==    at 0x4EB73A1: __GI___strncasecmp_l (strcmp.S:243)
  ==6353==    by 0x4E6DF20: ____strtod_l_internal (strtod_l.c:566)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  ==6353== Conditional jump or move depends on uninitialised value(s)
  ==6353==    at 0x4EB98C7: __GI___strncasecmp_l (strcmp.S:2255)
  ==6353==    by 0x4E6DF20: ____strtod_l_internal (strtod_l.c:566)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  ==6353== Conditional jump or move depends on uninitialised value(s)
  ==6353==    at 0x4EB73A1: __GI___strncasecmp_l (strcmp.S:243)
  ==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  ==6353== Conditional jump or move depends on uninitialised value(s)
  ==6353==    at 0x4EB98C7: __GI___strncasecmp_l (strcmp.S:2255)
  ==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  ==6353== Use of uninitialised value of size 8
  ==6353==    at 0x4EB98C9: __GI___strncasecmp_l (strcmp.S:2257)
  ==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  ==6353== Use of uninitialised value of size 8
  ==6353==    at 0x4EB98CD: __GI___strncasecmp_l (strcmp.S:2258)
  ==6353==    by 0x4E6DF4E: ____strtod_l_internal (strtod_l.c:571)
  ==6353==    by 0x4E82FF8: _IO_vfscanf (vfscanf.c:2297)
  ==6353==    by 0x4E888C4: __isoc99_vsscanf (isoc99_vsscanf.c:44)
  ==6353==    by 0x4E88843: __isoc99_sscanf (isoc99_sscanf.c:33)
  ==6353==    by 0x400589: main (example.c:6)
  ==6353== 
  inf
  ==6353== 
  ==6353== HEAP SUMMARY:
  ==6353==     in use at exit: 0 bytes in 0 blocks
  ==6353==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
  ==6353== 
  ==6353== All heap blocks were freed -- no leaks are possible
  ==6353== 
  ==6353== For counts of detected and suppressed errors, rerun with: -v
  ==6353== Use --track-origins=yes to see where uninitialised values come from
  ==6353== ERROR SUMMARY: 6 errors from 6 contexts (suppressed: 4 from 4)

  ProblemType: Bug
  DistroRelease: Ubuntu 11.04
  Package: libc-bin 2.13-0ubuntu13
  ProcVersionSignature: Ubuntu 2.6.38-11.48-generic 2.6.38.8
  Uname: Linux 2.6.38-11-generic x86_64
  NonfreeKernelModules: nvidia
  Architecture: amd64
  Date: Fri Sep 23 10:03:12 2011
  Dependencies:
   
  InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
  ProcEnviron:
   LANGUAGE=en_US:en
   PATH=(custom, no user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: eglibc
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/857143/+subscriptions

More information about the foundations-bugs mailing list