[cairo-bugs] [Bug 105084] New: Uninitialized memory leads to invalid free

Tue Feb 13 21:05:59 UTC 2018

https://bugs.freedesktop.org/show_bug.cgi?id=105084

            Bug ID: 105084
           Summary: Uninitialized memory leads to invalid free
           Product: cairo
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: chris at chris-wilson.co.uk
          Reporter: federico at gnome.org
        QA Contact: cairo-bugs at cairographics.org

Running this:

  CAIRO_TEST_TARGET=image libtool --mode=execute valgrind ./cairo-test-suite -f
api-special-cases

Gets this:

TESTING api-special-cases
api-special-cases.image.argb32 [0x1]:   ==20255== Conditional jump or move
depends on uninitialised value(s)
==20255==    at 0x4C2E271: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20255==    by 0x4EEEDAB: _cairo_ft_options_fini (cairo-ft-font.c:206)
==20255==    by 0x4EEEDAB: _cairo_ft_font_face_destroy (cairo-ft-font.c:3163)
==20255==    by 0x4E63845: cairo_font_face_destroy (cairo-font-face.c:186)
==20255==    by 0x4EB1CC2: _cairo_toy_font_face_destroy
(cairo-toy-font-face.c:371)
==20255==    by 0x4E63845: cairo_font_face_destroy (cairo-font-face.c:186)
==20255==    by 0x4E652C5: _cairo_gstate_fini (cairo-gstate.c:197)
==20255==    by 0x4E61AB5: _cairo_default_context_fini
(cairo-default-context.c:75)
==20255==    by 0x4E61B28: _cairo_default_context_destroy
(cairo-default-context.c:93)
==20255==    by 0x412BC8: draw (api-special-cases.c:1919)
==20255==    by 0x40E70A: cairo_test_for_target (cairo-test.c:933)
==20255==    by 0x40E70A: _cairo_test_context_run_for_target
(cairo-test.c:1536)  
==20255==    by 0x40C038: _cairo_test_runner_draw (cairo-test-runner.c:255)
==20255==    by 0x40C038: main (cairo-test-runner.c:937)
==20255==  Uninitialised value was created by a heap allocation
==20255==    at 0x4C2D08F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20255==    by 0x4EEEB42: _cairo_ft_font_face_create_for_pattern
(cairo-ft-font.c:3250)
==20255==    by 0x4EEEEEF: _cairo_ft_font_face_create_for_toy
(cairo-ft-font.c:3098)
==20255==    by 0x4EB1F5F: _cairo_toy_font_face_create_impl_face
(cairo-toy-font-face.c:168)
==20255==    by 0x4EB1F5F: _cairo_toy_font_face_init
(cairo-toy-font-face.c:197)  
==20255==    by 0x4EB1F5F: cairo_toy_font_face_create
(cairo-toy-font-face.c:321) 
==20255==    by 0x4EB9B0C: cairo_select_font_face (cairo.c:3042)
==20255==    by 0x411B37: test_cairo_select_font_face (api-special-cases.c:654) 
==20255==    by 0x412950: test_context (api-special-cases.c:1833)
==20255==    by 0x412BB5: draw (api-special-cases.c:1917)
==20255==    by 0x40E70A: cairo_test_for_target (cairo-test.c:933)
==20255==    by 0x40E70A: _cairo_test_context_run_for_target
(cairo-test.c:1536)  
==20255==    by 0x40C038: _cairo_test_runner_draw (cairo-test-runner.c:255)
==20255==    by 0x40C038: main (cairo-test-runner.c:937)

This is uninitialized memory from _cairo_ft_font_face_create_for_pattern()'s
call to malloc().  It is not initializing font_face->ft_options.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cairographics.org/archives/cairo-bugs/attachments/20180213/dfb3e34f/attachment.html>