Bug 10391 - conditional jump depends on uninitialised value in __libc_res_nsend
Summary: conditional jump depends on uninitialised value in __libc_res_nsend
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: 2.9
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on:
Reported: 2009-07-15 03:51 UTC by dank
Modified: 2014-07-01 07:50 UTC (History)
1 user (show)

See Also:
Last reconfirmed:
fweimer: security-


Note You need to log in before you can comment on or make changes to this bug.
Description dank 2009-07-15 03:51:57 UTC
Originally reported to Ubuntu
( https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/399580 )
but inspection of current glibc source makes me suspect
the problem's still in the latest sources.

Running the (32-bit) google-chromium ui_tests all day under valgrind on
64 bit jaunty netted a single instance of this warning:

Conditional jump or move depends on uninitialised value(s)
   at __libc_res_nsend (res_send.c:1011)
   by __libc_res_nquery (res_query.c:225)
   by __libc_res_nquerydomain (res_query.c:569)
   by __libc_res_nsearch (res_query.c:370)
   by _nss_dns_gethostbyname3_r (dns-host.c:197)
   by _nss_dns_gethostbyname2_r (dns-host.c:245)
   by gethostbyname2_r@@GLIBC_2.1.2 (getXXbyYY_r.c:253)
   by gaih_inet (getaddrinfo.c:531)
   by getaddrinfo (getaddrinfo.c:2154)

Looking at the source for glibc in ia32-libs-2.7ubuntu6, I see
   1009 if (n == 0) {
   1010  Dprint(statp->options & RES_DEBUG, (stdout, ";; timeout\n"));
   1011  if (resplen > 1 && (recvresp1 || (buf2 != NULL && recvresp2)))

Inspecting the source, I agree with valgrind that
resplen is probably uninitialised there.
Although this file has changed in the latest glibc from git,
that variable still looks uninitialised there.

Perhaps this warning occurs infrequently because DNS usually doesn't time out.
Comment 1 dank 2009-07-15 17:32:24 UTC
Happened a dozen times yesterday, perhaps my ISP was having a bad
day, triggering lots of DNS retries.
Comment 2 Ulrich Drepper 2009-10-30 06:03:39 UTC
I've changed the code.