New subject: [Bug 1395915] Conditional jump or move depends on uninitialised value(s)

16 Nov 2016


      https://bugzilla.redhat.com/show_bug.cgi?id=1395915
Bug ID: 1395915
           Summary: Conditional jump or move depends on uninitialised
                    value(s)
           Product: Fedora
           Version: rawhide
         Component: freetype
          Severity: low
          Assignee: mkasik@redhat.com
          Reporter: orion@cora.nwra.com
        QA Contact: extras-qa@fedoraproject.org
                CC: behdad@fedoraproject.org,
                    fonts-bugs@lists.fedoraproject.org,
                    kevin@tigcc.ticalc.org, mkasik@redhat.com
Description of problem:
I'm trying to track down a segmentation fault in libxcb when running a plplot
test.  The following valgrind errors turn up as well prior to the crash.  I'm
not sure if they are related.
==32144== Conditional jump or move depends on uninitialised value(s)
==32144==    at 0x5BFB68C: gray_set_cell (ftgrays.c:587)
==32144==    by 0x5BFC20F: gray_move_to (ftgrays.c:1204)
==32144==    by 0x5BA8AE8: FT_Outline_Decompose (ftoutln.c:143)
==32144==    by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742)
==32144==    by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825)
==32144==    by 0x5BFB589: gray_raster_render (ftgrays.c:1968)
==32144==    by 0x5BA9222: FT_Outline_Render (ftoutln.c:640)
==32144==    by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681)
==32144==    by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*,
unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7C70D04: QFontEngineFT::recalcAdvances(QGlyphLayout*,
QFlagsQTextEngine::ShaperFlag) const (in /usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7B99076: ??? (in /usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x8599B68: ??? (in /usr/lib64/libQtCore.so.4.8.7)
==32144==
==32144== Conditional jump or move depends on uninitialised value(s)
==32144==    at 0x5BFB68C: gray_set_cell (ftgrays.c:587)
==32144==    by 0x5BFB930: gray_render_line (ftgrays.c:969)
==32144==    by 0x5BFC1D1: gray_line_to (ftgrays.c:1216)
==32144==    by 0x5BA8CA7: FT_Outline_Decompose (ftoutln.c:165)
==32144==    by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742)
==32144==    by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825)
==32144==    by 0x5BFB589: gray_raster_render (ftgrays.c:1968)
==32144==    by 0x5BA9222: FT_Outline_Render (ftoutln.c:640)
==32144==    by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681)
==32144==    by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*,
unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7C7143E: QFontEngineFT::boundingBox(unsigned int) (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7C6CA3E: QFontEngineFT::minRightBearing() const (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==
==32144== Conditional jump or move depends on uninitialised value(s)
==32144==    at 0x5BFB68C: gray_set_cell (ftgrays.c:587)
==32144==    by 0x5BFBB41: gray_render_line (ftgrays.c:905)
==32144==    by 0x5BFC1D1: gray_line_to (ftgrays.c:1216)
==32144==    by 0x5BA8CA7: FT_Outline_Decompose (ftoutln.c:165)
==32144==    by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742)
==32144==    by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825)
==32144==    by 0x5BFB589: gray_raster_render (ftgrays.c:1968)
==32144==    by 0x5BA9222: FT_Outline_Render (ftoutln.c:640)
==32144==    by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681)
==32144==    by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*,
unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7C7143E: QFontEngineFT::boundingBox(unsigned int) (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==    by 0x7C6CA3E: QFontEngineFT::minRightBearing() const (in
/usr/lib64/libQtGui.so.4.8.7)
==32144==
Code is:
static void
  gray_set_cell( RAS_ARG_ TCoord  ex,
                          TCoord  ey )
  {
    /* Move the cell pointer to a new position.  We set the `invalid'      */
    /* flag to indicate that the cell isn't part of those we're interested */
    /* in during the render phase.  This means that:                       */
    /*                                                                     */
    /* . the new vertical position must be within min_ey..max_ey-1.        */
    /* . the new horizontal position must be strictly less than max_ex     */
    /*                                                                     */
    /* Note that if a cell is to the left of the clipping region, it is    */
    /* actually set to the (min_ex-1) horizontal position.                 */
/* All cells that are on the left of the clipping region go to the */
    /* min_ex - 1 horizontal position.                                 */
    if ( ex > ras.max_ex )
      ex = ras.max_ex;
if ( ex < ras.min_ex )
      ex = ras.min_ex - 1;
/* are we moving to a different cell ? */
==> if ( ex != ras.ex || ey != ras.ey )
    {
      /* record the current one if it is valid */
      if ( !ras.invalid )
        gray_record_cell( RAS_VAR );
ras.area  = 0;
      ras.cover = 0;
      ras.ex    = ex;
      ras.ey    = ey;
    }
ras.invalid = ( ey >= ras.max_ey || ey < ras.min_ey ||
                    ex >= ras.max_ex );
  }
So it looks like either ras.ex and/or ras.ey is not being initialized.
However, this doesn't look like it matters since we just go on to set ras.ex
and ras.ey.  So I suppose this is a false positive of sorts.  It might be nice
though if ras could be initialized so that valgrind wouldn't output these
errors.
Version-Release number of selected component (if applicable):
freetype-2.7-1.fc26.x86_64
-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1395915] New: Conditional jump or move depends on uninitialised value (s)