Bug 91271

Summary: Conditional jump or move depends on uninitialised value(s) in composite_traps()
Product: cairo Reporter: Michael Catanzaro <mcatanzaro>
Component: generalAssignee: Federico Mena-Quintero <federico>
Status: RESOLVED FIXED QA Contact: cairo-bugs mailing list <cairo-bugs>
Severity: normal    
Priority: medium CC: bryce, federico, mcatanzaro, mclasen
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Michael Catanzaro 2015-07-08 15:56:02 UTC 
I see this complaint from Valgrind when starting Epiphany using cairo 1.14.2-1.fc22:

==18581== Thread 1:
==18581== Conditional jump or move depends on uninitialised value(s)
==18581==    at 0xAF68A9D: composite_traps (cairo-xlib-render-compositor.c:1888)
==18581==    by 0xAF4FB44: composite_traps (cairo-traps-compositor.c:1098)
==18581==    by 0xAF4FB44: composite_mask_clip (cairo-traps-compositor.c:2035)
==18581==    by 0xAF5014C: create_composite_mask (cairo-traps-compositor.c:477)
==18581==    by 0xAF5121C: clip_and_composite_with_mask (cairo-traps-compositor.c:548)
==18581==    by 0xAF5121C: clip_and_composite (cairo-traps-compositor.c:1039)
==18581==    by 0xAF515E1: _cairo_traps_compositor_mask (cairo-traps-compositor.c:2102)
==18581==    by 0xAEF7038: _cairo_compositor_mask (cairo-compositor.c:106)
==18581==    by 0xAF3F8AB: _cairo_surface_mask (cairo-surface.c:2166)
==18581==    by 0xAEFF083: _cairo_gstate_mask (cairo-gstate.c:1142)
==18581==    by 0xAEF1A80: cairo_mask (cairo.c:2066)
==18581==    by 0x9C068FB: mask_surface_repeat (gtkcssshadowvalue.c:386)
==18581==    by 0x9C069CA: gtk_css_shadow_value_finish_drawing (gtkcssshadowvalue.c:412)
==18581==    by 0x9C06AFC: draw_shadow (gtkcssshadowvalue.c:644)
Comment 1 Massimo 2015-07-08 17:21:00 UTC 
A similar stack trace is obtained:      

==2146== Conditional jump or move depends on uninitialised value(s)
==2146==    at 0x4CA625A: composite_traps (cairo/src/cairo-xlib-render-compositor.c:1888)
==2146==    by 0x4C8E5DA: composite_traps (cairo/src/cairo-traps-compositor.c:1098)
==2146==    by 0x4C8E5DA: composite_mask_clip (cairo/src/cairo-traps-compositor.c:2035)
==2146==    by 0x4C8EB05: create_composite_mask (cairo/src/cairo-traps-compositor.c:477)
==2146==    by 0x4C8FAB4: clip_and_composite_with_mask (cairo/src/cairo-traps-compositor.c:548)
==2146==    by 0x4C8FAB4: clip_and_composite (cairo/src/cairo-traps-compositor.c:1039)
==2146==    by 0x4C8FE41: _cairo_traps_compositor_mask (cairo/src/cairo-traps-compositor.c:2102)
==2146==    by 0x4C38D78: _cairo_compositor_mask (cairo/src/cairo-compositor.c:106)
==2146==    by 0x4C7EE1B: _cairo_surface_mask (cairo/src/cairo-surface.c:2166)
==2146==    by 0x4C85125: _cairo_surface_wrapper_mask (cairo/src/cairo-surface-wrapper.c:206)
==2146==    by 0x4C70A60: _cairo_recording_surface_replay_internal (cairo/src/cairo-recording-surface.c:1754)
==2146==    by 0x4C71D48: _cairo_recording_surface_replay_with_clip (cairo/src/cairo-recording-surface.c:2013)
==2146==    by 0x4C901E5: composite_aligned_boxes (cairo/src/cairo-traps-compositor.c:1242)
==2146==    by 0x4C901E5: clip_and_composite_boxes.part.13 (cairo/src/cairo-traps-compositor.c:1792)
==2146==    by 0x4C9058C: clip_and_composite_boxes (cairo/src/cairo-traps-compositor.c:1742)
==2146==    by 0x4C90BD1: _cairo_traps_compositor_paint (cairo/src/cairo-traps-compositor.c:2063)
==2146==    by 0x4C38CE8: _cairo_compositor_paint (cairo/src/cairo-compositor.c:65)
==2146==    by 0x4C7EB40: _cairo_surface_paint (cairo/src/cairo-surface.c:2117)
==2146==    by 0x4C4062E: _cairo_gstate_paint (cairo/src/cairo-gstate.c:1067)
==2146==    by 0x4C33BC4: cairo_paint (cairo/src/cairo.c:2003)
==2146==    by 0x43C154: record_replay (cairo/test/record2x.c:377)
==2146==    by 0x40E5F1: cairo_test_for_target (cairo/test/cairo-test.c:929)
==2146==    by 0x40E5F1: _cairo_test_context_run_for_target (cairo/test/cairo-test.c:1532)
==2146==    by 0x40BA53: _cairo_test_runner_draw (cairo/test/cairo-test-runner.c:255)
==2146==    by 0x40BA53: main (cairo/test/cairo-test-runner.c:937)
==2146==  Uninitialised value was created by a stack allocation
==2146==    at 0x4CA5EAD: composite_traps (cairo/src/cairo-xlib-render-compositor.c:1818)


running:

( cd test; DISPLAY=:2 CAIRO_TEST_TARGET=xlib valgrind --track-origins=yes .libs/cairo-test-suite -f record2x-paint-alpha-clip-mask )

it happens when in 'composite_traps'  traps->num_traps == 0

in that case returning CAIRO_STATUS_SUCCESS at line 1829

http://cgit.freedesktop.org/cairo/tree/src/cairo-xlib-render-compositor.c#n1829

silences valgrind.
Comment 2 Michael Catanzaro 2016-12-20 14:50:13 UTC 
(In reply to Massimo from comment #1)
> it happens when in 'composite_traps'  traps->num_traps == 0
> 
> in that case returning CAIRO_STATUS_SUCCESS at line 1829
> 
> http://cgit.freedesktop.org/cairo/tree/src/cairo-xlib-render-compositor.
> c#n1829
> 
> silences valgrind.

So, is that the right thing to do?
Comment 3 Michael Catanzaro 2017-09-28 13:38:16 UTC 
CCing some people who have committed patches recently. Proposed fix is at the bottom of comment #1.
Comment 4 Michael Catanzaro 2018-03-07 03:04:50 UTC 
(In reply to Michael Catanzaro from comment #3)
> Proposed fix is at the bottom of comment #1.

This two-line fix really needs to be landed, it's been polluting attempts to run valgrind on applications that use cairo for years.
Comment 5 Federico Mena-Quintero 2018-03-07 20:17:22 UTC 
This is the right fix.  I'll create a merge request in a second.
Comment 6 Federico Mena-Quintero 2018-03-08 00:15:52 UTC 
Merge request at https://gitlab.com/cairo/cairo/merge_requests/2

Note that the CI pipeline fails because the test suite fails... for other reasons.
Comment 7 Federico Mena-Quintero 2018-03-09 02:13:16 UTC 
Pushed to commit 5454b85d4bf2f7bea454c940d90255a15517fa3b.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.