[cairo-bugs] [Bug 88538] New: Conditional jump depends on uninitialised value testing record2x-paint.svg12.argb32

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat Jan 17 08:47:34 PST 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=88538

            Bug ID: 88538
           Summary: Conditional jump depends on uninitialised value
                    testing record2x-paint.svg12.argb32
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: svg backend
          Assignee: emmanuel.pacaud at lapp.in2p3.fr
          Reporter: sixtysix at inwind.it
        QA Contact: cairo-bugs at cairographics.org

valgrind reports

>==2== Conditional jump or move depends on uninitialised value(s)
>==2==    at 0x4C740B9: _cairo_recording_surface_merge_source_attributes.isra.8 (cairo/src/cairo-recording-surface.c:1628)
>==2==    by 0x4C7484B: _cairo_recording_surface_replay_internal (cairo/src/cairo-recording-surface.c:1865)
>==2==    by 0x4C75A4E: _cairo_recording_surface_replay_and_create_regions (cairo/src/cairo-recording-surface.c:2029)
>==2==    by 0x4C56B2D: _paint_page (cairo/src/cairo-paginated-surface.c:356)
>==2==    by 0x4C56F4C: _cairo_paginated_surface_show_page (cairo/src/cairo-paginated-surface.c:509)
>==2==    by 0x4C57057: _cairo_paginated_surface_finish (cairo/src/cairo-paginated-surface.c:204)
>==2==    by 0x4C81C7D: _cairo_surface_finish (cairo/src/cairo-surface.c:1030)
>==2==    by 0x4C828CE: cairo_surface_finish (cairo/src/cairo-surface.c:1077)
>==2==    by 0x46BB87: _cairo_boilerplate_svg_finish_surface (cairo/boilerplate/cairo-boilerplate-svg.c:184)
>==2==    by 0x4185B5: cairo_test_for_target (cairo/test/cairo-test.c:994)
>==2==    by 0x4185B5: _cairo_test_context_run_for_target (cairo/test/cairo-test.c:1532)
>==2==    by 0x415955: _cairo_test_runner_draw (cairo/test/cairo-test-runner.c:255)
>==2==    by 0x415955: main (cairo/test/cairo-test-runner.c:937)
>==2==  Uninitialised value was created by a heap allocation
>==2==    at 0x4A06BCF: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
>==2==    by 0x4C73760: _cairo_recording_surface_snapshot (cairo/src/cairo-recording-surface.c:1427)
>==2==    by 0x4C885B3: _cairo_surface_snapshot_copy_on_write (cairo/src/cairo-surface-snapshot.c:189)
>==2==    by 0x4C82768: _cairo_surface_detach_snapshot (cairo/src/cairo-surface.c:348)
>==2==    by 0x4C824BB: _cairo_surface_detach_snapshots (cairo/src/cairo-surface.c:333)
>==2==    by 0x4C824BB: _cairo_surface_flush (cairo/src/cairo-surface.c:1545)
>==2==    by 0x4C82644: _cairo_surface_finish_snapshots (cairo/src/cairo-surface.c:1017)

and the test fails executing

(cd test && CAIRO_TEST_TARGET=svg12 valgrind --track-origins=yes
.libs/cairo-test-suite -f record2x-paint)

the problem is that in _cairo_svg_surface_emit_recording_surface:

http://cgit.freedesktop.org/cairo/tree/src/cairo-svg-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n1405

the cairo_recording_surface_t extents_pixels member is used even when the
recording surface is unbounded, in which case it is not uninitialized:

http://cgit.freedesktop.org/cairo/tree/src/cairo-recording-surface.c?id=8020e0bc8cbd3e5ac188eb305b74ae1c1f362a31#n399

using a arbitrarily big extent for unbounded recording surfaces prevents 
the failure and valgrind doesn't report that error.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cairographics.org/archives/cairo-bugs/attachments/20150117/223d63f9/attachment.html>

More information about the cairo-bugs mailing list