Ubuntu
glibc package

Valgrind errors on gethostbyname().

Bug #59449 reported by Erik de Castro Lopo on 2006-09-08

Affects		Status	Importance	Assigned to	Milestone
	glibc (Debian)	Fix Released	Unknown	debbugs #318317
	glibc (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: libc6

Simple C program:

    #include <netdb.h>
    int main (void)
    {
        return (gethostbyname ("www.whatever.com") == NULL) ;
    }

Compile with

gcc -W -Wall gethostname.c -o gethostname

Run program under Valgrind:

==27843== Memcheck, a memory error detector.
==27843== Copyright (C) 2002-2005, and GNU GPL'd, by Julian Seward et al.
==27843== Using LibVEX rev 1471, a library for dynamic binary translation.
==27843== Copyright (C) 2004-2005, and GNU GPL'd, by OpenWorks LLP.
==27843== Using valgrind-3.1.0-Debian, a dynamic binary instrumentation framework.
==27843== Copyright (C) 2000-2005, and GNU GPL'd, by Julian Seward et al.
==27843== For more details, rerun with: -v
==27843==
--27843-- DWARF2 CFI reader: unhandled CFI instruction 0:50
--27843-- DWARF2 CFI reader: unhandled CFI instruction 0:50
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x4010BEE: (within /lib/ld-2.3.6.so)
==27843== by 0x4131FB5: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x4010BFD: (within /lib/ld-2.3.6.so)
==27843== by 0x4131FB5: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x4010C0C: (within /lib/ld-2.3.6.so)
==27843== by 0x4131FB5: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x4010C1B: (within /lib/ld-2.3.6.so)
==27843== by 0x4131FB5: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x400882D: (within /lib/ld-2.3.6.so)
==27843== by 0x4132119: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== Conditional jump or move depends on uninitialised value(s)
==27843== at 0x4008852: (within /lib/ld-2.3.6.so)
==27843== by 0x4132119: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x4132C57: _dl_open (in /lib/tls/libc-2.3.6.so)
==27843== by 0x413426C: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x400B105: (within /lib/ld-2.3.6.so)
==27843== by 0x413434D: __libc_dlopen_mode (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E7A5: __nss_lookup_function (in /lib/tls/libc-2.3.6.so)
==27843== by 0x410E92E: (within /lib/tls/libc-2.3.6.so)
==27843== by 0x41102B6: __nss_hosts_lookup (in /lib/tls/libc-2.3.6.so)
==27843== by 0x41130E8: gethostbyname_r (in /lib/tls/libc-2.3.6.so)
==27843== by 0x4112993: gethostbyname (in /lib/tls/libc-2.3.6.so)
==27843==
==27843== ERROR SUMMARY: 10 errors from 6 contexts (suppressed: 11 from 1)
==27843== malloc/free: in use at exit: 0 bytes in 0 blocks.
==27843== malloc/free: 57 allocs, 57 frees, 6,365 bytes allocated.
==27843== For counts of detected errors, rerun with: -v
==27843== No malloc'd blocks -- no leaks are possible.

Revision history for this message

Jeff Bailey (jbailey) wrote on 2006-09-08:

Nothing in here indicates to me that glibc is returning an incorrect value. However, I do see that valgrind isn't updated for recent CFI instructions. Reassigning this to valgrind.

Revision history for this message

Erik de Castro Lopo (erikd) wrote on 2006-09-08:

This is not an issue of returning a wrong value, but the gethostbyname code does have a bug.

Valgrind reports a number of "Conditional jump or move depends on uninitialised value(s)" which is a result of code paths being taken which depend on uninitialised automatic variables.

Compiling the gethostbyname code with -Wuninitialized should report an error.

Reassigning to libc (if I can figure out how).

Revision history for this message

Erik de Castro Lopo (erikd) wrote on 2006-09-08:

Valgrind does have an issue (unhandled CFI instruction 0:50) but this bug is about gethostbyname doing a "Conditional jump or move depends on uninitialised value(s)".

Revision history for this message

Teudimundo (tommaso-ctrl-z-bg) wrote on 2007-09-09:

Valgrind output on Ubuntu 7.04 Edit (7.0 KiB, text/plain)

I found the same problem on Ubuntu 7.04, but the errors that I get are 'invalid reads'.
I attach the valgrind outputs.

Revision history for this message

Erik de Castro Lopo (erikd) wrote on 2007-10-13:

I'm now running the Gutsy pre-release (libc6, 2.6.1-1ubuntu9) and this problem is still present.

Revision history for this message

Teudimundo (tommaso-ctrl-z-bg) wrote on 2007-11-21:

Download full text (6.5 KiB)

In Gutsy Gibbon the error changed in 4 invalid read:

In Gutsy Gibbon the error changed in 4 invalid read:

==10321== Invalid read of size 4
==10321==    at 0x4014C09: (within /lib/ld-2.6.1.so)
==10321==    by 0x4005BE9: (within /lib/ld-2.6.1.so)
==10321==    by 0x4007A07: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x412286F: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4124495: __nss_hosts_lookup (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==  Address 0x418A344 is 36 bytes inside a block of size 37 alloc'd
==10321==    at 0x4021765: malloc (vg_replace_malloc.c:149)
==10321==    by 0x4007FA1: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x412286F: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4124495: __nss_hosts_lookup (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4128A52: gethostbyname_r (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321== 
==10321== Invalid read of size 4
==10321==    at 0x4014C37: (within /lib/ld-2.6.1.so)
==10321==    by 0x4005BE9: (within /lib/ld-2.6.1.so)
==10321==    by 0x4007A07: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4123066: __nss_next (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4128944: gethostbyname_r (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==  Address 0x418AB74 is 28 bytes inside a block of size 31 alloc'd
==10321==    at 0x4021765: malloc (vg_replace_malloc.c:149)
==10321==    by 0x4007FA1: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4123066: __nss_next (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4128944: gethostbyname_r (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x41282B7: gethostbyname (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321== 
==10321== Invalid read of size 4
==10321==    at 0x4014BF3: (within /lib/ld-2.6.1.so)
==10321==    by 0x4005BE9: (within /lib/ld-2.6.1.so)
==10321==    by 0x4007A07: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4123066: __nss_next (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4128944: gethostbyname_r (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==  Address 0x418B068 is 32 bytes inside a block of size 35 alloc'd
==10321==    at 0x4021765: malloc (vg_replace_malloc.c:149)
==10321==    by 0x4007FA1: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010F83: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4123066: __nss_next (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4128944: gethostbyname_r (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x41282B7: gethostbyname (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321== 
==10321== Invalid read of size 4
==10321==    at 0x4014BF3: (within /lib/ld-2.6.1.so)
==10321==    by 0x4005BE9: (within /lib/ld-2.6.1.so)
==10321==    by 0x4007A07: (within /lib/ld-2.6.1.so)
==10321==    by 0x400B806: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x400B9E6: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010FE3: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==  Address 0x418B3B0 is 32 bytes inside a block of size 34 alloc'd
==10321==    at 0x4021765: malloc (vg_replace_malloc.c:149)
==10321==    by 0x4007FA1: (within /lib/ld-2.6.1.so)
==10321==    by 0x400B806: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x400B9E6: (within /lib/ld-2.6.1.so)
==10321==    by 0x4010FE3: (within /lib/ld-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x401099D: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148061: (within /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x400D015: (within /lib/ld-2.6.1.so)
==10321==    by 0x4148224: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.6.1.so)
==10321==    by 0x4122756: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.6.1.so)

Revision history for this message

Morgan GERMAIN (morgan-germain) wrote on 2008-02-27:

I found that problem on Debian Etch.

Is there another way to get hosts info ?

Revision history for this message

Morgan GERMAIN (morgan-germain) wrote on 2008-02-27:

See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=318317

Debian lists suggests to use get{addr|name}info() instead

but some systems do not have these methods and your program may lose portability...

Bug Watch Updater (bug-watch-updater) on 2008-02-27

Changed in glibc:
status:	Unknown → New

Revision history for this message

xRaich[o]²x (raichoo) wrote on 2008-03-31:

Confirmed in Hardy Beta :

==13762== Invalid read of size 4
==13762== at 0x40151F3: (within /lib/ld-2.7.so)
==13762== by 0x4005C69: (within /lib/ld-2.7.so)
==13762== by 0x4007A97: (within /lib/ld-2.7.so)
==13762== by 0x400BC16: (within /lib/ld-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x400BDF9: (within /lib/ld-2.7.so)
==13762== by 0x40115A3: (within /lib/ld-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x4010F5D: (within /lib/ld-2.7.so)
==13762== by 0x4145181: (within /lib/tls/i686/cmov/libc-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x4145344: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.7.so)
==13762== Address 0x41893b8 is 32 bytes inside a block of size 34 alloc'd
==13762== at 0x4022AB8: malloc (vg_replace_malloc.c:207)
==13762== by 0x4008031: (within /lib/ld-2.7.so)
==13762== by 0x400BC16: (within /lib/ld-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x400BDF9: (within /lib/ld-2.7.so)
==13762== by 0x40115A3: (within /lib/ld-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x4010F5D: (within /lib/ld-2.7.so)
==13762== by 0x4145181: (within /lib/tls/i686/cmov/libc-2.7.so)
==13762== by 0x400D5D5: (within /lib/ld-2.7.so)
==13762== by 0x4145344: __libc_dlopen_mode (in /lib/tls/i686/cmov/libc-2.7.so)
==13762== by 0x411F076: __nss_lookup_function (in /lib/tls/i686/cmov/libc-2.7.so)
==13762==
==13762== ERROR SUMMARY: 4 errors from 4 contexts (suppressed: 27 from 1)
==13762== malloc/free: in use at exit: 0 bytes in 0 blocks.
==13762== malloc/free: 66 allocs, 66 frees, 7,388 bytes allocated.
==13762== For counts of detected errors, rerun with: -v
==13762== All heap blocks were freed -- no leaks are possible.

Changed in glibc:
status:	New → Confirmed

Revision history for this message

Morgan GERMAIN (morgan-germain) wrote on 2008-10-31:

#10

No problem with Intrepid Ibex

morgan@morgan-laptop:~/tmp$ valgrind --leak-check=full --show-reachable=yes ./gethostbyname
==12288== Memcheck, a memory error detector.
==12288== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==12288== Using LibVEX rev 1854, a library for dynamic binary translation.
==12288== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==12288== Using valgrind-3.3.1-Debian, a dynamic binary instrumentation framework.
==12288== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==12288== For more details, rerun with: -v
==12288==
==12288==
==12288== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 47 from 2)
==12288== malloc/free: in use at exit: 0 bytes in 0 blocks.
==12288== malloc/free: 65 allocs, 65 frees, 7,360 bytes allocated.
==12288== For counts of detected errors, rerun with: -v
==12288== All heap blocks were freed -- no leaks are possible.
morgan@morgan-laptop:~/tmp$