Bug 702953 - Valgrind error in apr_vformatter
Summary: Valgrind error in apr_vformatter
Status: RESOLVED FIXED
Alias: None
Product: Ghostscript
Classification: Unclassified
Component: Valgrind/AddressSanitizer (show other bugs)
Version: master
Hardware: PC Linux
: P4 normal
Assignee: Default assignee
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-01 07:57 UTC by Peter Cherepanov
Modified: 2021-08-13 20:28 UTC (History)
0 users

See Also:
Customer:
Word Size: ---

Attachments
Sample file (3.04 MB, application/pdf)
2020-10-01 07:57 UTC, Peter Cherepanov 		Details
Log file (2.07 KB, application/gzip)
2020-10-02 17:30 UTC, Peter Cherepanov 		Details
Simplified sample file (23.78 KB, application/pdf)
2020-10-05 03:27 UTC, Peter Cherepanov 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Cherepanov 2020-10-01 07:57:24 UTC 
Created attachment 19900 [details]
Sample file

Valgrind reports an error in apr_vformatter() on the ps2write device.
Comment 1 Peter Cherepanov 2020-10-02 17:30:38 UTC 
Created attachment 19908 [details]
Log file

Here is the log for the commit df537046c2130be285b213b5d0478159d1c5b16d .
This bug report is about the first error in the log. The rest are assumed to be duplicates or parts of the cascade.
Comment 2 Peter Cherepanov 2020-10-05 03:27:43 UTC 
Created attachment 19919 [details]
Simplified sample file

The uUninitialized values are introduced in

int convert_separation_alternate( ... )
{
        // ...
        gs_client_color cc;

        // ...

        // Should be sizeof(float)*GS_CLIENT_COLOR_MAX_COMPONENTS
        memset(&cc.paint.values, 0x00, GS_CLIENT_COLOR_MAX_COMPONENTS);

        // Why? It is already zeroed.
        cc.paint.values[0] = 0;

        // This function leaves the separation color intact.
        // And writes only 1 component to conc[]
        sep_space->type->concretize_color(&cc, sep_space, conc, pgs, (gx_device *)pdev);

        // The next fragment uses 3 components.
        for (i = 0;i < pdev->color_info.num_components;i++)
            cc.paint.values[i] = frac2float(conc[i]);

        // ...
}
Comment 3 Ray Johnston 2021-08-13 20:28:12 UTC 
No longer happens. Tested with commit 4ea891719046f38f2d7758f7556d7a291fb1b1ad

Not worth git bisect since it is fixed.