Closed Bug 499604 Opened 16 years ago Closed 15 years ago

Valgrind reports UMR and leak with <audio> (not allowed to load completely?)

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: memory-leak, testcase, valgrind)

Attachments

(1 file)

testcase
166 bytes, text/html
Details
Loading the testcase under Valgrind (and then quitting) gives me three UMR reports and one leak report. Valgrind trunk (http://valgrind.org/downloads/repository.html) runs on Mac. Conditional jump or move depends on uninitialised value(s) oggz_get_unit (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggz_seek_units (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggplay_get_duration (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::Run() (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ProcessNextEvent(int, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) NS_ProcessNextEvent_P(nsIThread*, int) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ThreadFunc(void*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) _pt_root (in /Users/jruderman/central/opt-obj/nsprpub/pr/src/libnspr4.dylib) _pthread_start (in /usr/lib/libSystem.B.dylib) thread_start (in /usr/lib/libSystem.B.dylib) Conditional jump or move depends on uninitialised value(s) oggz_get_unit (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggz_seek_units (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggplay_get_duration (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::Run() (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ProcessNextEvent(int, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) NS_ProcessNextEvent_P(nsIThread*, int) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ThreadFunc(void*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) _pt_root (in /Users/jruderman/central/opt-obj/nsprpub/pr/src/libnspr4.dylib) _pthread_start (in /usr/lib/libSystem.B.dylib) thread_start (in /usr/lib/libSystem.B.dylib) Conditional jump or move depends on uninitialised value(s) oggz_vector_find_with (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggz_get_unit (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggz_seek_units (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggplay_get_duration (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::Run() (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ProcessNextEvent(int, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) NS_ProcessNextEvent_P(nsIThread*, int) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ThreadFunc(void*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) _pt_root (in /Users/jruderman/central/opt-obj/nsprpub/pr/src/libnspr4.dylib) _pthread_start (in /usr/lib/libSystem.B.dylib) thread_start (in /usr/lib/libSystem.B.dylib) 232 (12 direct, 220 indirect) bytes in 1 blocks are definitely lost in loss record 1,311 of 1,892 calloc (vg_replace_malloc.c:414) oggplay_seek_cleanup (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) oggplay_get_duration (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsOggDecodeStateMachine::Run() (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ProcessNextEvent(int, int*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) NS_ProcessNextEvent_P(nsIThread*, int) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) nsThread::ThreadFunc(void*) (in /Users/jruderman/central/opt-obj/toolkit/library/XUL) _pt_root (in /Users/jruderman/central/opt-obj/nsprpub/pr/src/libnspr4.dylib) _pthread_start (in /usr/lib/libSystem.B.dylib) thread_start (in /usr/lib/libSystem.B.dylib)
Attached file testcase
Here's more useful output, from a debug build of Firefox and different valgrind options. valgrind --leak-check=full --auto-run-dsymutil=yes --track-origins=yes ~/central/debug-obj/dist/MinefieldDebug.app/Contents/MacOS/firefox-bin -P vgrind 18.html Thread 11: Conditional jump or move depends on uninitialised value(s) at 0x221F114F: oggz_get_unit (oggz.c:581) by 0x221F8318: oggz_seek_end (oggz_seek.c:813) by 0x221F8619: oggz_seek_units (oggz_seek.c:891) by 0x221E81B7: oggplay_get_duration (oggplay.c:861) by 0x221D659E: nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (nsOggDecoder.cpp:1830) by 0x221DA708: nsOggDecodeStateMachine::Run() (nsOggDecoder.cpp:1430) by 0x55EFFF: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:516) by 0x4E3E15: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:230) by 0x55F20E: nsThread::ThreadFunc(void*) (nsThread.cpp:254) by 0x12C352: _pt_root (ptthread.c:228) by 0xCBA094: _pthread_start (in /usr/lib/libSystem.B.dylib) by 0xCB9F51: thread_start (in /usr/lib/libSystem.B.dylib) Uninitialised value was created by a stack allocation at 0x221F825E: oggz_seek_end (oggz_seek.c:797) Conditional jump or move depends on uninitialised value(s) at 0x221F1168: oggz_get_unit (oggz.c:583) by 0x221F8318: oggz_seek_end (oggz_seek.c:813) by 0x221F8619: oggz_seek_units (oggz_seek.c:891) by 0x221E81B7: oggplay_get_duration (oggplay.c:861) by 0x221D659E: nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (nsOggDecoder.cpp:1830) by 0x221DA708: nsOggDecodeStateMachine::Run() (nsOggDecoder.cpp:1430) by 0x55EFFF: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:516) by 0x4E3E15: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:230) by 0x55F20E: nsThread::ThreadFunc(void*) (nsThread.cpp:254) by 0x12C352: _pt_root (ptthread.c:228) by 0xCBA094: _pthread_start (in /usr/lib/libSystem.B.dylib) by 0xCB9F51: thread_start (in /usr/lib/libSystem.B.dylib) Uninitialised value was created by a stack allocation at 0x221F825E: oggz_seek_end (oggz_seek.c:797) Conditional jump or move depends on uninitialised value(s) at 0x221F0A23: oggz_get_stream (oggz.c:329) by 0x221F11C1: oggz_get_unit (oggz.c:588) by 0x221F8318: oggz_seek_end (oggz_seek.c:813) by 0x221F8619: oggz_seek_units (oggz_seek.c:891) by 0x221E81B7: oggplay_get_duration (oggplay.c:861) by 0x221D659E: nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (nsOggDecoder.cpp:1830) by 0x221DA708: nsOggDecodeStateMachine::Run() (nsOggDecoder.cpp:1430) by 0x55EFFF: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:516) by 0x4E3E15: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:230) by 0x55F20E: nsThread::ThreadFunc(void*) (nsThread.cpp:254) by 0x12C352: _pt_root (ptthread.c:228) by 0xCBA094: _pthread_start (in /usr/lib/libSystem.B.dylib) Uninitialised value was created by a stack allocation at 0x221F825E: oggz_seek_end (oggz_seek.c:797) Conditional jump or move depends on uninitialised value(s) at 0x221F9258: oggz_vector_find_with (oggz_vector.c:186) by 0x221F0A4C: oggz_get_stream (oggz.c:331) by 0x221F11C1: oggz_get_unit (oggz.c:588) by 0x221F8318: oggz_seek_end (oggz_seek.c:813) by 0x221F8619: oggz_seek_units (oggz_seek.c:891) by 0x221E81B7: oggplay_get_duration (oggplay.c:861) by 0x221D659E: nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (nsOggDecoder.cpp:1830) by 0x221DA708: nsOggDecodeStateMachine::Run() (nsOggDecoder.cpp:1430) by 0x55EFFF: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:516) by 0x4E3E15: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:230) by 0x55F20E: nsThread::ThreadFunc(void*) (nsThread.cpp:254) by 0x12C352: _pt_root (ptthread.c:228) Uninitialised value was created by a stack allocation at 0x221F825E: oggz_seek_end (oggz_seek.c:797) 392 (12 direct, 380 indirect) bytes in 1 blocks are definitely lost in loss record 1,523 of 1,938 at 0x140F7: calloc (vg_replace_malloc.c:414) by 0x221EB472: oggplay_seek_cleanup (oggplay_seek.c:150) by 0x221E81FD: oggplay_get_duration (oggplay.c:863) by 0x221D659E: nsOggDecodeStateMachine::LoadOggHeaders(nsChannelReader*) (nsOggDecoder.cpp:1830) by 0x221DA708: nsOggDecodeStateMachine::Run() (nsOggDecoder.cpp:1430) by 0x55EFFF: nsThread::ProcessNextEvent(int, int*) (nsThread.cpp:516) by 0x4E3E15: NS_ProcessNextEvent_P(nsIThread*, int) (nsThreadUtils.cpp:230) by 0x55F20E: nsThread::ThreadFunc(void*) (nsThread.cpp:254) by 0x12C352: _pt_root (ptthread.c:228) by 0xCBA094: _pthread_start (in /usr/lib/libSystem.B.dylib) by 0xCB9F51: thread_start (in /usr/lib/libSystem.B.dylib)
> at 0x221F114F: oggz_get_unit (oggz.c:581) > by 0x221F8318: oggz_seek_end (oggz_seek.c:813) > by 0x221F8619: oggz_seek_units (oggz_seek.c:891) oggz_get_unit checks 'granulepos' for a value. The value of this variable is passed in from oggz_seek_end where it's created unintialized and a pointer to it passed to oggz_get_prev_start_page to initialize it. oggz_get_prev_start_page is bailing out with an error and so not initializing 'granulepos'. The error value is not checked and granulepos is used uninitialized.
Annodex trac ticket 486 created for issue in comment 3: https://trac.annodex.net/ticket/486
Annodex trac ticket 488 raised for memory leak in comment 2: https://trac.annodex.net/ticket/488 oggplay_seek_cleanup allocates memory and stores it in a 'trash' field: trash = oggplay_calloc(1, sizeof(OggPlaySeekTrash?)); This is never free'd. It can be reproduced using 'oggplayer' by adding the following line after load_metadata is called: oggplay_seek(player.get(), 1.0); Running oggplayer under valgrind will then show the leak above.
(In reply to comment #4) > Annodex trac ticket 486 created for issue in comment 3: > > https://trac.annodex.net/ticket/486 Fixed in liboggz master: commit dbd3537af2e76094144921868e8bda89357c41a6 Author: Conrad Parker <conrad@metadecks.org> Date: Mon Jun 22 12:40:05 2009 +0900 Mozilla #499604, annodex #486: avoid uninitialized variable, bail out of oggz_seek_end() immediatly if get_prev_start_page() fails.
I retested in Firefox trunk, and all the issues in this bug report seem to be fixed.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: