Bug 10465 - misprite/misdispcur expects a zero-initialised Pixmap
Summary: misprite/misdispcur expects a zero-initialised Pixmap
Status: RESOLVED MOVED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-29 13:54 UTC by Chris Wilson
Modified: 2018-12-13 22:18 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
Clear the pixmaps on allocation (1.63 KB, patch)
2007-03-29 13:55 UTC, Chris Wilson 		no flags Details | Splinter Review
View All

Description Chris Wilson 2007-03-29 13:54:56 UTC 
==15839== Conditional jump or move depends on uninitialised value(s)
==15839==    at 0x809A0A9: fbBltOne (fbbltone.c:351)
==15839==    by 0x80A8F91: fbPushFill (fbpush.c:152)
==15839==    by 0x80A9153: fbPushImage (fbpush.c:214)
==15839==    by 0x80A91F1: fbPushPixels (fbpush.c:244)
==15839==    by 0x812C153: damagePushPixels (damage.c:1576)
==15839==    by 0x80C56CD: miDCPutBits (midispcur.c:416)
==15839==    by 0x80C5C06: miDCPutUpCursor (midispcur.c:506)
==15839==    by 0x80D20E1: miSpriteRestoreCursor (misprite.c:794)
==15839==    by 0x80CA99A: miPointerUpdateSprite (mipointer.c:343)
==15839==    by 0x80CAAF4: miPointerDisplayCursor (mipointer.c:188)
==15839==    by 0x80E038D: CursorDisplayCursor (cursor.c:136)
==15839==    by 0x811EDC4: AnimCurDisplayCursor (animcur.c:234)
==15839== 

With many variations and oft repeated.

Trivially using xcalloc instead of xalloc clears the warnings:
diff --git a/dix/pixmap.c b/dix/pixmap.c
index c280a3b..9c25b8e 100644
--- a/dix/pixmap.c
+++ b/dix/pixmap.c
@@ -118,7 +118,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
     if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
        return NullPixmap;
     
-    pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize);
+    pPixmap = (PixmapPtr)xcalloc(1, pScreen->totalPixmapSize + pixDataSize);
     if (!pPixmap)
        return NullPixmap;
     ppriv = (DevUnion *)(pPixmap + 1);
Comment 1 Chris Wilson 2007-03-29 13:55:31 UTC 
Created attachment 9364 [details] [review]
Clear the pixmaps on allocation
Comment 2 Adam Jackson 2008-02-29 13:44:06 UTC 
Fixed in git, thanks!
Comment 3 Adam Jackson 2008-02-29 13:46:13 UTC 
Actually, I don't like this.  calloc is wildly expensive for large pixmaps.  The callers should just initialize their pixmaps correctly.
Comment 4 Keith Packard 2008-03-24 16:09:24 UTC 
This is presumably just accessing bits beyond the right edge of the pixmap; the cursor display code does carefully fill the entire pixmap.

The thing to do is put in a special valgrind mode which clears the padding in the pixmap without clearing the whole pixmap.
Comment 5 GitLab Migration User 2018-12-13 22:18:07 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/354.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.