<html>
<head>
<base href="https://bugs.freedesktop.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Uninitialized memory leads to invalid free"
href="https://bugs.freedesktop.org/show_bug.cgi?id=105084">105084</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Uninitialized memory leads to invalid free
</td>
</tr>
<tr>
<th>Product</th>
<td>cairo
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Other
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>medium
</td>
</tr>
<tr>
<th>Component</th>
<td>general
</td>
</tr>
<tr>
<th>Assignee</th>
<td>chris@chris-wilson.co.uk
</td>
</tr>
<tr>
<th>Reporter</th>
<td>federico@gnome.org
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>cairo-bugs@cairographics.org
</td>
</tr></table>
<p>
<div>
<pre>Running this:
CAIRO_TEST_TARGET=image libtool --mode=execute valgrind ./cairo-test-suite -f
api-special-cases
Gets this:
TESTING api-special-cases
api-special-cases.image.argb32 [0x1]: ==20255== Conditional jump or move
depends on uninitialised value(s)
==20255== at 0x4C2E271: free (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20255== by 0x4EEEDAB: _cairo_ft_options_fini (cairo-ft-font.c:206)
==20255== by 0x4EEEDAB: _cairo_ft_font_face_destroy (cairo-ft-font.c:3163)
==20255== by 0x4E63845: cairo_font_face_destroy (cairo-font-face.c:186)
==20255== by 0x4EB1CC2: _cairo_toy_font_face_destroy
(cairo-toy-font-face.c:371)
==20255== by 0x4E63845: cairo_font_face_destroy (cairo-font-face.c:186)
==20255== by 0x4E652C5: _cairo_gstate_fini (cairo-gstate.c:197)
==20255== by 0x4E61AB5: _cairo_default_context_fini
(cairo-default-context.c:75)
==20255== by 0x4E61B28: _cairo_default_context_destroy
(cairo-default-context.c:93)
==20255== by 0x412BC8: draw (api-special-cases.c:1919)
==20255== by 0x40E70A: cairo_test_for_target (cairo-test.c:933)
==20255== by 0x40E70A: _cairo_test_context_run_for_target
(cairo-test.c:1536)
==20255== by 0x40C038: _cairo_test_runner_draw (cairo-test-runner.c:255)
==20255== by 0x40C038: main (cairo-test-runner.c:937)
==20255== Uninitialised value was created by a heap allocation
==20255== at 0x4C2D08F: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==20255== by 0x4EEEB42: _cairo_ft_font_face_create_for_pattern
(cairo-ft-font.c:3250)
==20255== by 0x4EEEEEF: _cairo_ft_font_face_create_for_toy
(cairo-ft-font.c:3098)
==20255== by 0x4EB1F5F: _cairo_toy_font_face_create_impl_face
(cairo-toy-font-face.c:168)
==20255== by 0x4EB1F5F: _cairo_toy_font_face_init
(cairo-toy-font-face.c:197)
==20255== by 0x4EB1F5F: cairo_toy_font_face_create
(cairo-toy-font-face.c:321)
==20255== by 0x4EB9B0C: cairo_select_font_face (cairo.c:3042)
==20255== by 0x411B37: test_cairo_select_font_face (api-special-cases.c:654)
==20255== by 0x412950: test_context (api-special-cases.c:1833)
==20255== by 0x412BB5: draw (api-special-cases.c:1917)
==20255== by 0x40E70A: cairo_test_for_target (cairo-test.c:933)
==20255== by 0x40E70A: _cairo_test_context_run_for_target
(cairo-test.c:1536)
==20255== by 0x40C038: _cairo_test_runner_draw (cairo-test-runner.c:255)
==20255== by 0x40C038: main (cairo-test-runner.c:937)
This is uninitialized memory from _cairo_ft_font_face_create_for_pattern()'s
call to malloc(). It is not initializing font_face->ft_options.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
</ul>
</body>
</html>