mhu
/
gds-render
1
0
Fork 0
Code Issues 4 Pull Requests Releases 8 Wiki Activity

Use of uninitialized memory #49

New Issue
Closed
opened 2022-12-17 18:38:43 +01:00 by mhu · 0 comments
mhu commented 2022-12-17 18:38:43 +01:00
Owner
Copy Link

cell->stats.total_gfx_count is not initialized with 0 on creation of cell. However, it is used in calculate_vertex_gfx_count_cell during stat summation.

Initialize this variable.

Found by valgrind:

==24813== Conditional jump or move depends on uninitialised value(s)
==24813==    at 0x120B9E: calculate_vertex_gfx_count_cell (gds-statistics.c:46)
==24813==    by 0x120D03: gds_statistics_calc_cummulative_counts_in_lib (gds-statistics.c:84)
==24813==    by 0x11ECA9: calc_library_stats (gds-parser.c:625)
==24813==    by 0x48DC32F: g_list_foreach (glist.c:1092)
==24813==    by 0x12098A: parse_gds_from_file (gds-parser.c:1193)
==24813==    by 0x119D6F: on_load_gds (gds-render-gui.c:326)
==24813==    by 0x57B511B: UnknownInlinedFun (gclosure.c:895)
==24813==    by 0x57B511B: g_signal_emit_valist (gsignal.c:3456)
==24813==    by 0x57B5203: g_signal_emit (gsignal.c:3606)
==24813==    by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1845)
==24813==    by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1832)
==24813==    by 0x4A9D8D8: gtk_real_button_released (gtkbutton.c:1963)
==24813==    by 0x579720F: g_closure_invoke (gclosure.c:832)
==24813==    by 0x57C4B46: signal_emit_unlocked_R.isra.0 (gsignal.c:3726)
==24813==    by 0x57B4F74: g_signal_emit_valist (gsignal.c:3549)
==24813==  Uninitialised value was created by a heap allocation
==24813==    at 0x4841888: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24813==    by 0x11E66B: append_cell (gds-parser.c:357)
==24813==    by 0x11F77B: parse_gds_from_file (gds-parser.c:838)
==24813==    by 0x119D6F: on_load_gds (gds-render-gui.c:326)
==24813==    by 0x57B511B: UnknownInlinedFun (gclosure.c:895)
==24813==    by 0x57B511B: g_signal_emit_valist (gsignal.c:3456)
==24813==    by 0x57B5203: g_signal_emit (gsignal.c:3606)
==24813==    by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1845)
==24813==    by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1832)
==24813==    by 0x4A9D8D8: gtk_real_button_released (gtkbutton.c:1963)
==24813==    by 0x579720F: g_closure_invoke (gclosure.c:832)
==24813==    by 0x57C4B46: signal_emit_unlocked_R.isra.0 (gsignal.c:3726)
==24813==    by 0x57B4F74: g_signal_emit_valist (gsignal.c:3549)
==24813==    by 0x57B5203: g_signal_emit (gsignal.c:3606)
==24813==    by 0x4A9D684: multipress_released_cb (gtkbutton.c:666)
==24813==
cell->stats.total_gfx_count is not initialized with 0 on creation of cell. However, it is used in calculate_vertex_gfx_count_cell during stat summation. Initialize this variable. Found by valgrind: ``` ==24813== Conditional jump or move depends on uninitialised value(s) ==24813== at 0x120B9E: calculate_vertex_gfx_count_cell (gds-statistics.c:46) ==24813== by 0x120D03: gds_statistics_calc_cummulative_counts_in_lib (gds-statistics.c:84) ==24813== by 0x11ECA9: calc_library_stats (gds-parser.c:625) ==24813== by 0x48DC32F: g_list_foreach (glist.c:1092) ==24813== by 0x12098A: parse_gds_from_file (gds-parser.c:1193) ==24813== by 0x119D6F: on_load_gds (gds-render-gui.c:326) ==24813== by 0x57B511B: UnknownInlinedFun (gclosure.c:895) ==24813== by 0x57B511B: g_signal_emit_valist (gsignal.c:3456) ==24813== by 0x57B5203: g_signal_emit (gsignal.c:3606) ==24813== by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1845) ==24813== by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1832) ==24813== by 0x4A9D8D8: gtk_real_button_released (gtkbutton.c:1963) ==24813== by 0x579720F: g_closure_invoke (gclosure.c:832) ==24813== by 0x57C4B46: signal_emit_unlocked_R.isra.0 (gsignal.c:3726) ==24813== by 0x57B4F74: g_signal_emit_valist (gsignal.c:3549) ==24813== Uninitialised value was created by a heap allocation ==24813== at 0x4841888: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==24813== by 0x11E66B: append_cell (gds-parser.c:357) ==24813== by 0x11F77B: parse_gds_from_file (gds-parser.c:838) ==24813== by 0x119D6F: on_load_gds (gds-render-gui.c:326) ==24813== by 0x57B511B: UnknownInlinedFun (gclosure.c:895) ==24813== by 0x57B511B: g_signal_emit_valist (gsignal.c:3456) ==24813== by 0x57B5203: g_signal_emit (gsignal.c:3606) ==24813== by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1845) ==24813== by 0x4A9D8D8: UnknownInlinedFun (gtkbutton.c:1832) ==24813== by 0x4A9D8D8: gtk_real_button_released (gtkbutton.c:1963) ==24813== by 0x579720F: g_closure_invoke (gclosure.c:832) ==24813== by 0x57C4B46: signal_emit_unlocked_R.isra.0 (gsignal.c:3726) ==24813== by 0x57B4F74: g_signal_emit_valist (gsignal.c:3549) ==24813== by 0x57B5203: g_signal_emit (gsignal.c:3606) ==24813== by 0x4A9D684: multipress_released_cb (gtkbutton.c:666) ==24813== ```
mhu added the
enhancement
 label 2022-12-17 18:38:43 +01:00
mhu self-assigned this 2022-12-17 18:38:43 +01:00
mhu added this to the Release v2.0.0 milestone 2022-12-17 18:40:05 +01:00
mhu modified the milestone from Release v2.0.0 to v1.2.1 2022-12-17 18:40:25 +01:00
mhu referenced this issue from a commit 2022-12-17 18:42:40 +01:00
Fix #49: Initialize variable
mhu closed this issue 2022-12-17 18:43:57 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
46-open-file-in-gui
dev
opengl-preview
japanese-translations
python-renderer
translation-docu
v1.2.3
v1.2.2
v1.2.1
v1.2-2
v1.2-1
v1.2
v1.2-rc1
v1.1
v1.0-1
v1.0
v1.0-rc4
v1.0-rc3
v1.0-rc2
v1.0-rc1
Labels
Clear labels   
bug

   
duplicate

   
enhancement

   
help wanted

   
invalid

   
New Feature

   
question

   
wontfix
No Label
bug
duplicate
enhancement
help wanted
invalid
New Feature
question
wontfix
Milestone
Clear milestone
No items
No Milestone
v1.2.1
Assignees
Clear assignees
No Assignees
mhu
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: mhu/gds-render#49
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?