Valgrind Messages

From PSwiki
Jump to navigation Jump to search

This page is a dump of all the valgrind messages I see:

Linux

In psclient

in libX11

Syscall param writev(vector[...]) points to uninitialised byte(s)
  at 0xD31B78: writev (in /lib/libc-2.5.so)
  by 0x15098D: (within /usr/lib/libX11.so.6.2.0)
  by 0x15077E: _X11TransWritev (in /usr/lib/libX11.so.6.2.0)
  by 0x156468: _XSend (in /usr/lib/libX11.so.6.2.0)
  by 0x14738A: XQueryExtension (in /usr/lib/libX11.so.6.2.0)
  by 0x13BCAA: XInitExtension (in /usr/lib/libX11.so.6.2.0)
  by 0x254AD4: XRenderFindDisplay (in /usr/lib/libXrender.so.1.3.0)
  by 0x25589C: XRenderQueryExtension (in /usr/lib/libXrender.so.1.3.0)
  by 0x550DC1: _XcursorGetDisplayInfo (in /usr/lib/libXcursor.so.1.0.2)
  by 0x5514EC: XcursorSupportsARGB (in /usr/lib/libXcursor.so.1.0.2)
  by 0x553C1B: XcursorNoticeCreateBitmap (in /usr/lib/libXcursor.so.1.0.2)
  by 0x12FB24: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0)
Address 0x443D95D is 165 bytes inside a block of size 16,384 alloc'd
  at 0x400473F: calloc (vg_replace_malloc.c:279)
  by 0x141406: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
  by 0x46C32C0: csXWindow::Initialize(iObjectRegistry*) (xwindow.cpp:139)
  by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203)
  by 0x4610110: csPtr<iXWindow> csLoadPlugin<iXWindow>(iPluginManager*, char const*) (plugin.h:152)
  by 0x460EB29: csGraphics2DGLX::Initialize(iObjectRegistry*) (glx2d.cpp:107)
  by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203)
  by 0x4575E20: csPtr<iGraphics2D> csLoadPlugin<iGraphics2D>(iPluginManager*, char const*) (plugin.h:152)
  by 0x45578B8: csGLGraphics3D::Initialize(iObjectRegistry*) (gl_render3d.cpp:3513)
  by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203)
  by 0x8139F71: csPluginLoader::LoadPlugins() (plugldr.cpp:357)
  by 0x8104ADE: csInitializer::RequestPlugins(iObjectRegistry*, csArray<csPluginRequest, csArrayElementHandler<csPl
uginRequest>, CS::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (initapp.cpp:403)

I don't know what this message total means, it is not in PlaneShift or CrystalSpace and a variable unitalized passed to writev() shouldn't really be an error becasue it is writing memory to this location and not reading from it. It happens on starup.

nvidia

Conditional jump or move depends on uninitialised value(s)
    at 0x2FF9C7C: (within /usr/lib/nvidia/libGLcore.so.1.0.9755)
 
 Conditional jump or move depends on uninitialised value(s)
    at 0x2EC073F: (within /usr/lib/nvidia/libGLcore.so.1.0.9755)
 
 Conditional jump or move depends on uninitialised value(s)
    at 0x2ECFDF4: (within /usr/lib/nvidia/libGLcore.so.1.0.9755)
 
 Conditional jump or move depends on uninitialised value(s)
    at 0x2B98B9B: (within /usr/lib/nvidia/libGLcore.so.1.0.9755)
 
 Conditional jump or move depends on uninitialised value(s)
    at 0x2B98BAE: (within /usr/lib/nvidia/libGLcore.so.1.0.9755)
 Invalid read of size 4
    at 0x493725: (within /usr/lib/nvidia/libGL.so.1.0.9755)
    by 0x27AE56: _dl_close (in /lib/ld-2.5.so)
    by 0xDABDA3: dlclose_doit (in /lib/libdl-2.5.so)
    by 0x275C05: _dl_catch_error (in /lib/ld-2.5.so)
    by 0xDAC38B: _dlerror_run (in /lib/libdl-2.5.so)
    by 0xDABDD9: dlclose (in /lib/libdl-2.5.so)
    by 0x816B638: csUnloadLibrary(void*) (loadlib.cpp:85)
    by 0x81489E4: scfSharedLibrary::~scfSharedLibrary() (scf.cpp:278)
    by 0x8149726: csPDelArrayElementHandler<scfSharedLibrary*>::Destroy(scfSharedLibrary**) (parray.h:47)
    by 0x814BA96: csArray<scfSharedLibrary*, csPDelArrayElementHandler<scfSharedLibrary*>, CS::Memory::AllocatorMallo
c, csArrayCapacityDefault>::DeleteIndex(unsigned) (array.h:1001)
    by 0x814BB3A: scfSharedLibrary::TryUnload() (scf.cpp:222)
    by 0x814642D: csSCF::UnloadUnusedModules() (scf.cpp:918)
  Address 0x4CC2FC8 is 0 bytes inside a block of size 36 free'd
    at 0x400501A: free (vg_replace_malloc.c:233)
    by 0x49388D: (within /usr/lib/nvidia/libGL.so.1.0.9755)

There are some errors in nvidia. Not much can be done here...

crystal space

 Invalid read of size 1
    at 0x462227E: csGLFontCache::CopyGlyphData(iFont*, unsigned, unsigned, csBitmapMetrics const&, csRect const&, iDa
taBuffer*, iDataBuffer*) (glfontcache.cpp:447)
    by 0x4622EC8: csGLFontCache::InternalCacheGlyph(csFontCache::KnownFont*, unsigned, unsigned) (glfontcache.cpp:336
)
    by 0x4665B8E: csFontCache::CacheGlyphUnsafe(csFontCache::KnownFont*, unsigned, unsigned) (fontcache.cpp:423)
    by 0x462161F: csGLFontCache::WriteString(iFont*, int, int, int, int, void const*, bool, unsigned) (glfontcache.cp
p:696)
    by 0x466AAE8: csGraphics2D::Write(iFont*, int, int, int, int, char const*, unsigned) (graph2d.cpp:827)
    by 0x837FA24: psEffectObjText::DrawTextElement(psEffectTextElement const&) (pseffectobjtext.cpp:305)
    by 0x83807D1: psEffectObjText::SetText(csArray<psEffectTextElement, csArrayElementHandler<psEffectTextElement>, C
S::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (pseffectobjtext.cpp:121)
    by 0x8380A88: psEffectObjText::SetText(int, ...) (pseffectobjtext.cpp:205)
    by 0x80CD0EF: psEntityLabels::SetObjectText(GEMClientObject*) (entitylabels.cpp:272)
    by 0x80CD3EE: psEntityLabels::CreateLabelOfObject(GEMClientObject*) (entitylabels.cpp:300)
    by 0x80CD526: psEntityLabels::OnObjectArrived(GEMClientObject*) (entitylabels.cpp:332)
    by 0x808EDEE: GEMClientActor::GEMClientActor(psCelClient*, psPersistActor&) (pscelclient.cpp:1046)
  Address 0x56EA769 is 0 bytes after a block of size 497 alloc'd
    at 0x4005835: operator new[](unsigned) (vg_replace_malloc.c:195)
    by 0x44B739A: CS::Plugin::FreeFont2::csFreeType2Font::GetGlyphBitmap(unsigned, csBitmapMetrics&) (freefnt2.cpp:44
0)
    by 0x4508BAF: CS::Plugin::FontPlex::csFontPlexer::GetGlyphBitmap(unsigned, csBitmapMetrics&) (fontplex.cpp:461)
    by 0x46226E2: csGLFontCache::InternalCacheGlyph(csFontCache::KnownFont*, unsigned, unsigned) (glfontcache.cpp:229
)
    by 0x4665B8E: csFontCache::CacheGlyphUnsafe(csFontCache::KnownFont*, unsigned, unsigned) (fontcache.cpp:423)
    by 0x462161F: csGLFontCache::WriteString(iFont*, int, int, int, int, void const*, bool, unsigned) (glfontcache.cp
p:696)
    by 0x466AAE8: csGraphics2D::Write(iFont*, int, int, int, int, char const*, unsigned) (graph2d.cpp:827)
    by 0x837FA24: psEffectObjText::DrawTextElement(psEffectTextElement const&) (pseffectobjtext.cpp:305)
    by 0x83807D1: psEffectObjText::SetText(csArray<psEffectTextElement, csArrayElementHandler<psEffectTextElement>, C
S::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (pseffectobjtext.cpp:121)
    by 0x8380A88: psEffectObjText::SetText(int, ...) (pseffectobjtext.cpp:205)
    by 0x80CD0EF: psEntityLabels::SetObjectText(GEMClientObject*) (entitylabels.cpp:272)
    by 0x80CD3EE: psEntityLabels::CreateLabelOfObject(GEMClientObject*) (entitylabels.cpp:300)

This is a bug in crystal space's code in glfontcache.cpp line 447 csGLFontCache::CopyGlyphData(). Crystal space ticket 314.

The for loop reads a line ahead at the end of the loop, and assigns it to dest value on the next iteration. The problem is when it reaches the end of the array, the memory reads ahead to a non allocated area in memory. Here is what people in #crystalspace said.

<res2k> brandon_rioja: after a row of pixels is processed it reads the first byte of the next row, even for the last one.
<brandon_rioja> does that make an invalid read at the end?
<res2k> yes
<brandon_rioja> and can causing a crash if it reads out side it's allocated buffer?
<res2k> why shouldn't it?
<thebolt> in very rare circumstances, yes
<res2k> I mean, a read beyond bounds is a read beyond bounds :P
<brandon_rioja> i am trying to chase down why one person is seeing a crash in planeshift..
 is it ok to add 1 byte to new[] in freefnt2.cpp?
<res2k> arguably the read beyond bounds shouldn'th appen
<thebolt> shouldn't be too hard to avoid it for the last row?
<res2k> besides, freefnt2 is not the only font server

in cal3d

==6802== Mismatched free() / delete / delete []
==6802==    at 0x4004D31: operator delete(void*) (vg_replace_malloc.c:244)
==6802==    by 0x7BBF1A4: CalCoreMaterial::~CalCoreMaterial() (corematerial.h:40)
==6802==    by 0x7BB8635: cal3d::RefCounted::decRef() (refcounted.h:69)
==6802==    by 0x7BB8658: cal3d::explicitDecRef(cal3d::RefCounted*) (refcounted.h:99)
==6802==    by 0x7BB86F7: cal3d::RefPtr<CalCoreMaterial>::~RefPtr() (refptr.h:32)
==6802==    by 0x7BC88E0: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial> >(cal3d::RefPtr<CalCoreMaterial>*) (stl_construct
.h:107)
==6802==    by 0x7BC89B0: void std::__destroy_aux<cal3d::RefPtr<CalCoreMaterial>*>(cal3d::RefPtr<CalCoreMaterial>*, cal3d::Re
fPtr<CalCoreMaterial>*, __false_type) (stl_construct.h:122)
==6802==    by 0x7BC89EF: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial>*>(cal3d::RefPtr<CalCoreMaterial>*, cal3d::RefPtr<
CalCoreMaterial>*) (stl_construct.h:155)
==6802==    by 0x7BC8A19: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial>*, cal3d::RefPtr<CalCoreMaterial> >(cal3d::RefPtr<
CalCoreMaterial>*, cal3d::RefPtr<CalCoreMaterial>*, std::allocator<cal3d::RefPtr<CalCoreMaterial> >) (stl_construct.h:182)
==6802==    by 0x7BCBE8E: std::vector<cal3d::RefPtr<CalCoreMaterial>, std::allocator<cal3d::RefPtr<CalCoreMaterial> > >::~vec
tor() (stl_vector.h:272)
==6802==    by 0x7BC20BA: CalCoreModel::~CalCoreModel() (coremodel.cpp:58)
==6802==    by 0x7AC8696: CS::Plugin::SprCal3d::csSpriteCal3DMeshObjectFactory::~csSpriteCal3DMeshObjectFactory() (sprcal3d.c
pp:192)
==6802==  Address 0x40A6630 is 0 bytes inside a block of size 48 alloc'd
==6802==    at 0x4005400: malloc (vg_replace_malloc.c:149)
==6802==    by 0x7AE69C0: operator new(unsigned, CS::AllocPlatform const&) (platform_new.cpp:45)
==6802==    by 0x7AC62E2: CS::Plugin::SprCal3d::csSpriteCal3DMeshObjectFactory::AddCoreMaterial(iMaterialWrapper*) (sprcal3d.
cpp:568)
==6802==    by 0x7A8D6F3: CS::Plugins::SprCal3dLoader::csSpriteCal3DFactoryLoader::LoadMaterialTag(iSpriteCal3DFactoryState*,
 iDocumentNode*, iLoaderContext*, char const*, char const*) (sprcal3dldr.cpp:485)
==6802==    by 0x7A8F89C: CS::Plugins::SprCal3dLoader::csSpriteCal3DFactoryLoader::Parse(iDocumentNode*, iStreamSource*, iLoa
derContext*, iBase*) (sprcal3dldr.cpp:332)
==6802==    by 0x4A432DF: csLoader::LoadMeshObjectFactory(iLoaderContext*, iMeshFactoryWrapper*, iMeshFactoryWrapper*, iDocum
entNode*, csReversibleTransform*, iStreamSource*) (csloader.cpp:2121)
==6802==    by 0x4A4C3DB: csLoader::Load(iDocumentNode*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const*, iMissing
LoaderData*) (csloader.cpp:776)
==6802==    by 0x4A3B88C: csLoader::Load(iDataBuffer*, char const*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const
*, iMissingLoaderData*) (csloader.cpp:682)
==6802==    by 0x4A3BD75: csLoader::Load(char const*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const*, iMissingLoa
derData*) (csloader.cpp:742)
==6802==    by 0x804E66A: ClientCacheManager::LoadNewFactory(char const*) (clientcachemanager.cpp:91)
==6802==    by 0x8068E44: psEngine::PreloadModels() (psengine.cpp:1360)
==6802==    by 0x805DE26: psEngine::HandleEvent(iEvent&) (psengine.cpp:712)
==6802== 

In sprcal3d.cpp line 568. Memory allocated with a custom "new" can't be deallocated with a delete. The fix is to delete the custom part of new. This is crystal space issue 315.