==15839== Conditional jump or move depends on uninitialised value(s)
==15839== at 0x809A0A9: fbBltOne (fbbltone.c:351)
==15839== by 0x80A8F91: fbPushFill (fbpush.c:152)
==15839== by 0x80A9153: fbPushImage (fbpush.c:214)
==15839== by 0x80A91F1: fbPushPixels (fbpush.c:244)
==15839== by 0x812C153: damagePushPixels (damage.c:1576)
==15839== by 0x80C56CD: miDCPutBits (midispcur.c:416)
==15839== by 0x80C5C06: miDCPutUpCursor (midispcur.c:506)
==15839== by 0x80D20E1: miSpriteRestoreCursor (misprite.c:794)
==15839== by 0x80CA99A: miPointerUpdateSprite (mipointer.c:343)
==15839== by 0x80CAAF4: miPointerDisplayCursor (mipointer.c:188)
==15839== by 0x80E038D: CursorDisplayCursor (cursor.c:136)
==15839== by 0x811EDC4: AnimCurDisplayCursor (animcur.c:234)
With many variations and oft repeated.
Trivially using xcalloc instead of xalloc clears the warnings:
diff --git a/dix/pixmap.c b/dix/pixmap.c
index c280a3b..9c25b8e 100644
@@ -118,7 +118,7 @@ AllocatePixmap(ScreenPtr pScreen, int pixDataSize)
if (pScreen->totalPixmapSize > ((size_t)-1) - pixDataSize)
- pPixmap = (PixmapPtr)xalloc(pScreen->totalPixmapSize + pixDataSize);
+ pPixmap = (PixmapPtr)xcalloc(1, pScreen->totalPixmapSize + pixDataSize);
ppriv = (DevUnion *)(pPixmap + 1);
Created attachment 9364 [details] [review]
Clear the pixmaps on allocation
Fixed in git, thanks!
Actually, I don't like this. calloc is wildly expensive for large pixmaps. The callers should just initialize their pixmaps correctly.
This is presumably just accessing bits beyond the right edge of the pixmap; the cursor display code does carefully fill the entire pixmap.
The thing to do is put in a special valgrind mode which clears the padding in the pixmap without clearing the whole pixmap.
-- GitLab Migration Automatic Message --
This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.
You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/354.