[cairo] crash copying recording surface to PDF surface with tags
Ben Pfaff
blp at cs.stanford.edu
Sat Dec 26 18:46:59 UTC 2020
On Sat, Dec 26, 2020 at 10:25 AM Uli Schlachter <psychon at znc.in> wrote:
> Am 26.12.20 um 19:12 schrieb Ben Pfaff:
> [...]> I do still see the following use of an uninitialized value (I forgot
> > to report this before, sorry!):
> [...]
> > and the following memory leak:
>
> When do you see those? I only have debian's libcairo and current
> git/master. Of course, debian's libcairo gives me a crash. On current
> master, valgrind only reports six memory leaks from libpixman's
> initialisation code and no use of an uninitialized value.
>
> Would it be possible for you to check if this was already fixed in git?
> (You still have to apply the patch to fix that crash to master.)
OK. Sorry, I should have done that before. I was lazy, I guess. Now,
I have applied the two patches to tip of master on Git, commit
979382dd302b ("Merge branch 'boilerplate-leak' into 'master'").
The memory leak is fixed.
I do still see the use of an uninitialized value, though. I added
--track-origins to the valgrind command line and that gave the following
additional information:
Uninitialised value was created by a heap allocation
at 0x483877F: malloc (vg_replace_malloc.c:307)
by 0x48CF16E: _cairo_recording_surface_snapshot (cairo-recording-surface.c:1563)
by 0x48E9D96: _cairo_surface_snapshot_copy_on_write (cairo-surface-snapshot.c:193)
by 0x48EDAE0: _cairo_surface_detach_snapshot (cairo-surface.c:349)
by 0x48EDA4C: _cairo_surface_detach_snapshots (cairo-surface.c:334)
by 0x48EF5B1: _cairo_surface_flush (cairo-surface.c:1626)
by 0x48EEBE4: _cairo_surface_finish_snapshots (cairo-surface.c:1019)
by 0x48EEA4C: cairo_surface_destroy (cairo-surface.c:963)
by 0x1094E8: main (cairo-test.c:65)
Indeed, when I apply the following, the warning goes away:
diff --git a/src/cairo-recording-surface.c b/src/cairo-recording-surface.c
index 6df8b0821..1765e7da6 100644
--- a/src/cairo-recording-surface.c
+++ b/src/cairo-recording-surface.c
@@ -1561,6 +1561,7 @@ _cairo_recording_surface_snapshot (void *abstract_other)
cairo_status_t status;
surface = _cairo_malloc (sizeof (cairo_recording_surface_t));
+ memset (surface, 0, sizeof (cairo_recording_surface_t));
if (unlikely (surface == NULL))
return _cairo_surface_create_in_error (_cairo_error (CAIRO_STATUS_NO_MEMORY));
Thanks,
Ben.
More information about the cairo
mailing list