<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Conditional jump depends on uninitialised value testing record2x-paint.svg12.argb32"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=88538">88538</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Conditional jump depends on uninitialised value testing record2x-paint.svg12.argb32
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>cairo
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>svg backend
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>emmanuel.pacaud@lapp.in2p3.fr
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>sixtysix@inwind.it
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>cairo-bugs@cairographics.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>valgrind reports

<span class="quote">>==2== Conditional jump or move depends on uninitialised value(s)
>==2==    at 0x4C740B9: _cairo_recording_surface_merge_source_attributes.isra.8 (cairo/src/cairo-recording-surface.c:1628)
>==2==    by 0x4C7484B: _cairo_recording_surface_replay_internal (cairo/src/cairo-recording-surface.c:1865)
>==2==    by 0x4C75A4E: _cairo_recording_surface_replay_and_create_regions (cairo/src/cairo-recording-surface.c:2029)
>==2==    by 0x4C56B2D: _paint_page (cairo/src/cairo-paginated-surface.c:356)
>==2==    by 0x4C56F4C: _cairo_paginated_surface_show_page (cairo/src/cairo-paginated-surface.c:509)
>==2==    by 0x4C57057: _cairo_paginated_surface_finish (cairo/src/cairo-paginated-surface.c:204)
>==2==    by 0x4C81C7D: _cairo_surface_finish (cairo/src/cairo-surface.c:1030)
>==2==    by 0x4C828CE: cairo_surface_finish (cairo/src/cairo-surface.c:1077)
>==2==    by 0x46BB87: _cairo_boilerplate_svg_finish_surface (cairo/boilerplate/cairo-boilerplate-svg.c:184)
>==2==    by 0x4185B5: cairo_test_for_target (cairo/test/cairo-test.c:994)
>==2==    by 0x4185B5: _cairo_test_context_run_for_target (cairo/test/cairo-test.c:1532)
>==2==    by 0x415955: _cairo_test_runner_draw (cairo/test/cairo-test-runner.c:255)
>==2==    by 0x415955: main (cairo/test/cairo-test-runner.c:937)
>==2==  Uninitialised value was created by a heap allocation
>==2==    at 0x4A06BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>==2==    by 0x4C73760: _cairo_recording_surface_snapshot (cairo/src/cairo-recording-surface.c:1427)
>==2==    by 0x4C885B3: _cairo_surface_snapshot_copy_on_write (cairo/src/cairo-surface-snapshot.c:189)
>==2==    by 0x4C82768: _cairo_surface_detach_snapshot (cairo/src/cairo-surface.c:348)
>==2==    by 0x4C824BB: _cairo_surface_detach_snapshots (cairo/src/cairo-surface.c:333)
>==2==    by 0x4C824BB: _cairo_surface_flush (cairo/src/cairo-surface.c:1545)
>==2==    by 0x4C82644: _cairo_surface_finish_snapshots (cairo/src/cairo-surface.c:1017)</span >

and the test fails executing

(cd test && CAIRO_TEST_TARGET=svg12 valgrind --track-origins=yes
.libs/cairo-test-suite -f record2x-paint)

the problem is that in _cairo_svg_surface_emit_recording_surface:

<a href="http://cgit.freedesktop.org/cairo/tree/src/cairo-svg-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n1405">http://cgit.freedesktop.org/cairo/tree/src/cairo-svg-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n1405</a>

the cairo_recording_surface_t extents_pixels member is used even when the
recording surface is unbounded, in which case it is not uninitialized:

<a href="http://cgit.freedesktop.org/cairo/tree/src/cairo-recording-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n399">http://cgit.freedesktop.org/cairo/tree/src/cairo-recording-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n399</a>

using a arbitrarily big extent for unbounded recording surfaces prevents 
the failure and valgrind doesn't report that error.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
      </ul>
    </body>
</html>