I haven't seen this one before and thought it might be worth looking at: pcl6 -sDEVICE=ppmraw -o /dev/null /home/marcosw/cluster/tests_private/pcl/pcl5cfts/fts.1640 % Reading /home/marcosw/cluster/tests_private/pcl/pcl5cfts/fts.1640: ==25668== Invalid read of size 4 ==25668== at 0x81D1BA: gx_stroke_path_only_aux (gxstroke.c:728) ==25668== by 0x81EB4C: gx_stroke_path_only (gxstroke.c:1044) ==25668== by 0x81BEA9: gx_default_stroke_path (gxstroke.c:335) ==25668== by 0x8105F7: gx_stroke_fill (gxpaint.c:69) ==25668== by 0x71AF2D: do_stroke (gspaint.c:453) ==25668== by 0x71B002: gs_stroke (gspaint.c:487) ==25668== by 0x8B9A04: hpgl_stick_arc_build_char (pgfont.c:171) ==25668== by 0x8B9A58: hpgl_stick_build_char (pgfont.c:180) ==25668== by 0x7C527A: show_proceed (gxchar.c:1240) ==25668== by 0x7C3E1E: continue_show (gxchar.c:772) ==25668== by 0x7C3DB6: gx_show_text_process (gxchar.c:749) ==25668== by 0x722A89: gs_text_process (gstext.c:554) ==25668== Address 0x88b6cb0 is 0 bytes after a block of size 80 alloc'd ==25668== at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64
and another in the same "neck of the woods": % Reading /home/marcosw/cluster/tests_private/xl/pcl6cet3.0/C333.bin: ==25922== Conditional jump or move depends on uninitialised value(s) ==25922== at 0x71C32E: clamp_point_aux (gspath.c:138) ==25922== by 0x71C444: gs_moveto_aux (gspath.c:157) ==25922== by 0x71C5B1: gs_moveto (gspath.c:188) ==25922== by 0x8673CE: paint_path (pxpaint.c:462) ==25922== by 0x867436: paint_shape (pxpaint.c:476) ==25922== by 0x867B3B: pxRectangle (pxpaint.c:696) ==25922== by 0x85A3AF: px_process (pxparse.c:593) ==25922== by 0x405A21: pxl_impl_process (pxtop.c:456) ==25922== by 0x858563: pl_process (pltop.c:163) ==25922== by 0x8BACD8: pl_main_aux (plmain.c:463) ==25922== by 0x8BB121: pl_main (plmain.c:545) ==25922== by 0x8BA09F: main (realmain.c:19) ==25922==
First one fixed in: commit ce794d70d543d4d7de8615dcdc249516c05ff87b Author: Robin Watts <robin@peeves.(none)> Date: Mon Feb 25 08:22:15 2013 -0800 Bug 693655: Fix valgrind error in stroking. The code was treating gaps like dashes, which is fine except for the fact that gaps have no tangent entry and so we were accessing off the end of a buffer in some cases.
Created attachment 9319 [details] patch.txt Proposed fix for the second one.
Created attachment 9320 [details] patch.txt Correct patch. Sorry.
Passing to Henry.
Problem in Comment 2 is fixed with: commit d2a1f2e9de96d9fe70225302fd304309a19ef787 Author: Henry Stiles <henry.stiles@artifex.com> Date: Mon Mar 25 08:47:42 2013 -0600 Fix reading uninitialized point (bug #693655), remove obsolete supported conditional configurations and refactor. A logical error in paint_path resulted in reading the cursor uninitialized. Early in XL development NEWPATH_AFTER_PAINT and NO_SCALED_DASH_PATTERN were added to support incorrect language in the specification but their behavior is well established after 3 major revisions of the PCL-XL language can be safely removed allowing simplification of this code. Even with those changes the paint_path procedure was much too complex to be understandable, it is easy to see how a logical error would go unnoticed. We try to refactor the code such that client procedures take on some of the lifting and get rid of the gotos in hopes of having something cohesive and correct.