Bug 10465

Summary:

misprite/misdispcur expects a zero-initialised Pixmap

Product:

xorg

Reporter:

Chris Wilson <chris>

Component:

Server/General

Assignee:

Xorg Project Team <xorg-team>

Status:

RESOLVED MOVED

QA Contact:

Xorg Project Team <xorg-team>

Severity:

normal

Priority:

medium

CC:

esigra

Version:

git

Hardware:

Other

OS:

All

Whiteboard:

i915 platform:

i915 features:

Attachments:

Description	Flags
Clear the pixmaps on allocation	none

Description Chris Wilson 2007-03-29 13:54:56 UTC

==15839== Conditional jump or move depends on uninitialised value(s)
==15839==    at 0x809A0A9: fbBltOne (fbbltone.c:351)
==15839==    by 0x80A8F91: fbPushFill (fbpush.c:152)
==15839==    by 0x80A9153: fbPushImage (fbpush.c:214)
==15839==    by 0x80A91F1: fbPushPixels (fbpush.c:244)
==15839==    by 0x812C153: damagePushPixels (damage.c:1576)
==15839==    by 0x80C56CD: miDCPutBits (midispcur.c:416)
==15839==    by 0x80C5C06: miDCPutUpCursor (midispcur.c:506)
==15839==    by 0x80D20E1: miSpriteRestoreCursor (misprite.c:794)
==15839==    by 0x80CA99A: miPointerUpdateSprite (mipointer.c:343)
==15839==    by 0x80CAAF4: miPointerDisplayCursor (mipointer.c:188)
==15839==    by 0x80E038D: CursorDisplayCursor (cursor.c:136)
==15839==    by 0x811EDC4: AnimCurDisplayCursor (animcur.c:234)
==15839== 

With many variations and oft repeated.

Trivially using xcalloc instead of xalloc clears the warnings:
diff --git a/dix/pixmap.c b/dix/pixmap.c
index c280a3b..9c25b8e 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -118,7 +118,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
        return NullPixmap;
     
-    pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = (PixmapPtr)xcalloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
        return NullPixmap;
     ppriv = (DevUnion *)(pPixmap + 1);

Comment 1 Chris Wilson 2007-03-29 13:55:31 UTC

Created attachment 9364 [details] [review]
Clear the pixmaps on allocation

Comment 2 Adam Jackson 2008-02-29 13:44:06 UTC

Fixed in git, thanks!

Comment 3 Adam Jackson 2008-02-29 13:46:13 UTC

Actually, I don't like this.  calloc is wildly expensive for large pixmaps.  The callers should just initialize their pixmaps correctly.

Comment 4 Keith Packard 2008-03-24 16:09:24 UTC

This is presumably just accessing bits beyond the right edge of the pixmap; the cursor display code does carefully fill the entire pixmap.

The thing to do is put in a special valgrind mode which clears the padding in the pixmap without clearing the whole pixmap.

Comment 5 GitLab Migration User 2018-12-13 22:18:07 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/354.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.