[SDL] Conditional jump or move depends on uninitialised value(s)

Patrick Baggett baggett.patrick at gmail.com
Fri Mar 16 07:08:50 PDT 2012 

http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c

Line 130-146 seems initialize the SDL_Touch structure's various fields.

   130 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l130>
    SDL_touchPads[index]->focus = 0;

   131 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l131>
    SDL_touchPads[index]->name = SDL_malloc((length + 2) *
sizeof(char));

   132 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l132>
    SDL_strlcpy(SDL_touchPads[index]->name, name, length + 1);

   133 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l133>

   134 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l134>
    SDL_touchPads[index]->num_fingers = 0;

   135 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l135>
    SDL_touchPads[index]->max_fingers = 1;

   136 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l136>
    SDL_touchPads[index]->fingers = (SDL_Finger **)
SDL_malloc(sizeof(SDL_Finger*));

   137 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l137>
    SDL_touchPads[index]->fingers[0] = NULL;

   138 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l138>
    SDL_touchPads[index]->buttonstate = 0;

   139 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l139>
    SDL_touchPads[index]->relative_mode = SDL_FALSE;

   140 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l140>
    SDL_touchPads[index]->flush_motion = SDL_FALSE;

   141 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l141>

   142 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l142>
    SDL_touchPads[index]->xres = (1<<(16-1));

   143 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l143>
    SDL_touchPads[index]->yres = (1<<(16-1));

   144 <http://hg.libsdl.org/SDL/file/6bb657898f55/src/events/SDL_touch.c#l144>
    SDL_touchPads[index]->pressureres = (1<<(16-1));


then Line 353 (valgrind)

if(xin < touch->x_min || yin < touch->y_min) return 0; //should defer
if only a partial input



I don't see where touch->x_min and touch->y_min get initialized, so you may
have a legitimate bug here. The easiest way to tell (if you're compiling
from source) is to modify SDL_touch.c around line 145 and add something
like SDL_touchPads[index]->x_min = SDL_touchPads[index]->y_min = 0; and see
if the Valgrind message goes away. That isn't to say that is a proper fix
by any means -- but it would definitely tell if those fields were
uninitialized and used.


On Fri, Mar 16, 2012 at 8:54 AM, Spark Around <sparkaround at gmail.com> wrote:

> Valgrind always report "Conditional jump or move depends on
> uninitialised value(s) " when I press some key to exit the event loop
> for application based on SDL2.
>
> Is valgrind wrong? Or is there problem in SDL?
>
> The attachment is an lame example named sdlbug.c (without checking the
> return value of SDL_Init).
> Link sdlbug.c with SDL2 rev 6303 on 32bits gentoo linux. Run the
> application with valgrind:
>
> valgrind --leak-check=full --track-origins=yes ./sdlbug
>
> When I press ESCAPE, the application terminates and valgrind print
> errors like this:
>
> ==3494== Memcheck, a memory error detector
> ==3494== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
> ==3494== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
> ==3494== Command: ./sdlbug
> ==3494==
> ==3494== Conditional jump or move depends on uninitialised value(s)
> ==3494==    at 0x4066977: SDL_SendFingerDown (SDL_touch.c:353)
> ==3494==    by 0x40D5C90: X11_PumpEvents (SDL_x11events.c:601)
> ==3494==    by 0x4061063: SDL_PumpEvents (SDL_events.c:303)
> ==3494==    by 0x4061599: SDL_WaitEventTimeout (SDL_events.c:336)
> ==3494==    by 0x4061674: SDL_PollEvent (SDL_events.c:318)
> ==3494==    by 0x804865D: main (sdlbug.c:14)
> ==3494==  Uninitialised value was created by a stack allocation
> ==3494==    at 0x40DA8B1: X11_InitTouch (SDL_x11touch.c:37)
> ==3494==
> ==3494==
> ==3494== HEAP SUMMARY:
> ==3494==     in use at exit: 159,398 bytes in 937 blocks
> ==3494==   total heap usage: 6,292 allocs, 5,355 frees, 3,726,924
> bytes allocated
> ==3494==
> ==3494== 4 bytes in 1 blocks are definitely lost in loss record 12 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x534B08E: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x53479CA: ???
> ==3494==    by 0x5347CB0: ???
> ==3494==    by 0x5354ADF: ???
> ==3494==    by 0x4A0EB50: ???
> ==3494==    by 0x400EBE6: call_init (dl-init.c:70)
> ==3494==    by 0x400ED08: _dl_init (dl-init.c:134)
> ==3494==    by 0x4012E79: dl_open_worker (dl-open.c:478)
> ==3494==    by 0x400E7F6: _dl_catch_error (dl-error.c:178)
> ==3494==    by 0x40125A7: _dl_open (dl-open.c:569)
> ==3494==
> ==3494== 12 bytes in 1 blocks are definitely lost in loss record 30 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x4DDB510: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x4DD7BE3: ???
> ==3494==    by 0x4DD7C6C: ???
> ==3494==    by 0x4DD8484: ???
> ==3494==    by 0x4E3B178: ???
> ==3494==    by 0x4D0728E: ???
> ==3494==    by 0x4CF41C7: ???
> ==3494==    by 0x4EEE535: ???
> ==3494==    by 0x4EEEC88: ???
> ==3494==    by 0x4CD43E9: ???
> ==3494==
> ==3494== 14 bytes in 2 blocks are definitely lost in loss record 35 of 508
> ==3494==    at 0x4026EE1: malloc (vg_replace_malloc.c:263)
> ==3494==    by 0x47439CA: _XimEncodeString (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4742A14: _XimEncodeLocalICAttr (in
> /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4743C25: _XimSetICValueData (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x473EBBA: _XimLocalCreateIC (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4722F2B: XCreateIC (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x40DC4DB: SetupWindowData (SDL_x11window.c:109)
> ==3494==    by 0x40DCA09: X11_CreateWindow (SDL_x11window.c:552)
> ==3494==    by 0x40C0A96: SDL_CreateWindow (SDL_video.c:1199)
> ==3494==    by 0x40C0F6F: SDL_VideoInit (SDL_video.c:174)
> ==3494==    by 0x4037FFB: SDL_InitSubSystem (SDL.c:74)
> ==3494==    by 0x4038064: SDL_Init (SDL.c:150)
> ==3494==
> ==3494== 14 bytes in 2 blocks are definitely lost in loss record 36 of 508
> ==3494==    at 0x4026EE1: malloc (vg_replace_malloc.c:263)
> ==3494==    by 0x47439CA: _XimEncodeString (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4742A14: _XimEncodeLocalICAttr (in
> /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4743C25: _XimSetICValueData (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x473EBBA: _XimLocalCreateIC (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x4722F2B: XCreateIC (in /usr/lib/libX11.so.6.3.0)
> ==3494==    by 0x40DC4DB: SetupWindowData (SDL_x11window.c:109)
> ==3494==    by 0x40DCA09: X11_CreateWindow (SDL_x11window.c:552)
> ==3494==    by 0x40C0A96: SDL_CreateWindow (SDL_video.c:1199)
> ==3494==    by 0x8048620: main (sdlbug.c:7)
> ==3494==
> ==3494== 20 (12 direct, 8 indirect) bytes in 1 blocks are definitely
> lost in loss record 138 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x532D933: ???
> ==3494==    by 0x4CE9530: ???
> ==3494==    by 0x4CF3905: ???
> ==3494==    by 0x4CF3AD2: ???
> ==3494==    by 0x4CA1287: ???
> ==3494==    by 0x4CA1322: ???
> ==3494==    by 0x4A53868: ???
> ==3494==    by 0x4A6B718: ???
> ==3494==    by 0x4A14459: ???
> ==3494==    by 0x4A10BA2: ???
> ==3494==    by 0x4A10C03: ???
> ==3494==
> ==3494== 36 (12 direct, 24 indirect) bytes in 1 blocks are definitely
> lost in loss record 298 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x4DFE523: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x5344651: ???
> ==3494==    by 0x4CE19AA: ???
> ==3494==    by 0x4CE1AE5: ???
> ==3494==    by 0x4CDC7D9: ???
> ==3494==    by 0x4CD427E: ???
> ==3494==    by 0x4CD4559: ???
> ==3494==    by 0x4CE95BE: ???
> ==3494==    by 0x4CF3905: ???
> ==3494==    by 0x4CF3AD2: ???
> ==3494==
> ==3494== 36 (12 direct, 24 indirect) bytes in 1 blocks are definitely
> lost in loss record 299 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x4DFE523: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x5298BEA: ???
> ==3494==    by 0x528B036: ???
> ==3494==    by 0x528D6E7: ???
> ==3494==    by 0x5354ADF: ???
> ==3494==    by 0x4A0EB50: ???
> ==3494==    by 0x400EBE6: call_init (dl-init.c:70)
> ==3494==    by 0x400ED08: _dl_init (dl-init.c:134)
> ==3494==    by 0x4012E79: dl_open_worker (dl-open.c:478)
> ==3494==    by 0x400E7F6: _dl_catch_error (dl-error.c:178)
> ==3494==
> ==3494== 64 (40 direct, 24 indirect) bytes in 1 blocks are definitely
> lost in loss record 321 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x4CD2816: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x4CD444E: ???
> ==3494==    by 0x4CD4559: ???
> ==3494==    by 0x4CE95BE: ???
> ==3494==    by 0x4CF3905: ???
> ==3494==    by 0x4CF3AD2: ???
> ==3494==    by 0x4CA1287: ???
> ==3494==    by 0x4CA1322: ???
> ==3494==    by 0x4A53868: ???
> ==3494==    by 0x4A6B718: ???
> ==3494==
> ==3494== 112 bytes in 1 blocks are definitely lost in loss record 351 of
> 508
> ==3494==    at 0x4025BE5: calloc (vg_replace_malloc.c:566)
> ==3494==    by 0x48A79D8: driswCreateScreen (drisw_glx.c:626)
> ==3494==    by 0x488543E: __glXInitialize (glxext.c:784)
> ==3494==    by 0x4881D6A: GetGLXPrivScreenConfig (glxcmds.c:176)
> ==3494==    by 0x4883056: glXChooseVisual (glxcmds.c:1234)
> ==3494==    by 0x40D9D04: X11_GL_InitExtensions (SDL_x11opengl.c:434)
> ==3494==    by 0x40DA3D6: X11_GL_LoadLibrary (SDL_x11opengl.c:186)
> ==3494==    by 0x40BDFEF: SDL_GL_LoadLibrary (SDL_video.c:2135)
> ==3494==    by 0x40C09C9: SDL_CreateWindow (SDL_video.c:1167)
> ==3494==    by 0x40C0F6F: SDL_VideoInit (SDL_video.c:174)
> ==3494==    by 0x4037FFB: SDL_InitSubSystem (SDL.c:74)
> ==3494==    by 0x4038064: SDL_Init (SDL.c:150)
> ==3494==
> ==3494== 190 (100 direct, 90 indirect) bytes in 1 blocks are
> definitely lost in loss record 374 of 508
> ==3494==    at 0x4026EE1: malloc (vg_replace_malloc.c:263)
> ==3494==    by 0x4065EC2: SDL_AddTouch (SDL_touch.c:120)
> ==3494==    by 0x40DABD4: X11_InitTouch (SDL_x11touch.c:90)
> ==3494==    by 0x40DB4CF: X11_VideoInit (SDL_x11video.c:367)
> ==3494==    by 0x40C0E66: SDL_VideoInit (SDL_video.c:507)
> ==3494==    by 0x4037FFB: SDL_InitSubSystem (SDL.c:74)
> ==3494==    by 0x4038064: SDL_Init (SDL.c:150)
> ==3494==    by 0x80485EC: main (sdlbug.c:6)
> ==3494==
> ==3494== 8,439 (4 direct, 8,435 indirect) bytes in 1 blocks are
> definitely lost in loss record 505 of 508
> ==3494==    at 0x4027984: operator new(unsigned int)
> (vg_replace_malloc.c:282)
> ==3494==    by 0x5298E5E: ???
> ==3494==    by 0x53327B1: ???
> ==3494==    by 0x52973CA: ???
> ==3494==    by 0x528B02A: ???
> ==3494==    by 0x528D6E7: ???
> ==3494==    by 0x5354ADF: ???
> ==3494==    by 0x4A0EB50: ???
> ==3494==    by 0x400EBE6: call_init (dl-init.c:70)
> ==3494==    by 0x400ED08: _dl_init (dl-init.c:134)
> ==3494==    by 0x4012E79: dl_open_worker (dl-open.c:478)
> ==3494==    by 0x400E7F6: _dl_catch_error (dl-error.c:178)
> ==3494==
> ==3494== 109,189 (28 direct, 109,161 indirect) bytes in 1 blocks are
> definitely lost in loss record 508 of 508
> ==3494==    at 0x4025BE5: calloc (vg_replace_malloc.c:566)
> ==3494==    by 0x4CA1313: ???
> ==3494==    by 0x4A53868: ???
> ==3494==    by 0x4A6B718: ???
> ==3494==    by 0x4A14459: ???
> ==3494==    by 0x4A10BA2: ???
> ==3494==    by 0x4A10C03: ???
> ==3494==    by 0x4A10C3D: ???
> ==3494==    by 0x48A797B: drisw_create_context (drisw_glx.c:404)
> ==3494==    by 0x4882552: CreateContext (glxcmds.c:276)
> ==3494==    by 0x48837D1: glXCreateContext (glxcmds.c:381)
> ==3494==    by 0x40D9DF5: X11_GL_InitExtensions (SDL_x11opengl.c:278)
> ==3494==
> ==3494== LEAK SUMMARY:
> ==3494==    definitely lost: 364 bytes in 14 blocks
> ==3494==    indirectly lost: 117,766 bytes in 456 blocks
> ==3494==      possibly lost: 0 bytes in 0 blocks
> ==3494==    still reachable: 41,268 bytes in 467 blocks
> ==3494==         suppressed: 0 bytes in 0 blocks
> ==3494== Reachable blocks (those to which a pointer was found) are not
> shown.
> ==3494== To see them, rerun with: --leak-check=full --show-reachable=yes
> ==3494==
> ==3494== For counts of detected and suppressed errors, rerun with: -v
> ==3494== ERROR SUMMARY: 13 errors from 13 contexts (suppressed: 194 from
> 13)
>
> Check the attachment for the lame code sdlbug.c (without checking
> return value of SDL_Init).
>
> Thanks.
>
> _______________________________________________
> SDL mailing list
> SDL at lists.libsdl.org
> http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.libsdl.org/pipermail/sdl-libsdl.org/attachments/20120316/8542d5c2/attachment.htm>

More information about the SDL mailing list