Closed Bug 639317 Opened 13 years ago Closed 8 years ago

Syscall param write(buf) points to uninitialised byte(s) at nsDiskCacheMap::FlushRecords(int)

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: gkw, Unassigned)

References

Details

(Keywords: testcase, valgrind)

Attachments

(1 file)

stdout output
21.83 KB, text/plain
Details
Attached file stdout output 
I'm not sure how serious this is, but off a Mozmill fuzz test run in Valgrind off m-c changeset e56ecd8b3a68, after it ends, the Mozmill window and the browser window are closed. Immediately after the latter, this error gets hit (see the attachment.)

This isn't immediately reproducible, though.

.mozconfig:

. $topsrcdir/browser/config/mozconfig
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/valg-obj-ff-dbg-64-mc
mk_add_options MOZ_MAKE_FLAGS="-s -j6"
ac_add_options --enable-debug
ac_add_options --enable-optimize="-O"
#ac_add_options --enable-tests

ac_add_options --disable-jemalloc
ac_add_options --enable-valgrind

ac_add_options --with-ccache
Bug 378517 may be related.
See Also: → 378517
The assert in Valgrind in the log is Assertion 'tid != 0' failed, and may be http://bugs.kde.org/show_bug.cgi?id=267612
oh nice, I've seen this intermittently for *years*, but never figured out a test case.
This is the most common kind of false positive from Memcheck now.
Happens when a struct is written to a socket or file descriptor (or is
otherwise "shipped off the premises") and the struct contains
alignment holes which are uninitialised.  Problem is there is no way
(afaik) in general to Memcheck to know which uninitialised sections
correspond to alignment holes and are therefore harmless, so it
complains about any uninitialised-ness it sees.

A kludgearound is to zero out the buffer at the point of allocation
(iow, calloc it), and then if there are still complaints, be
concerned, since that would mean the data itself contained
uninitialised stuff.  That's a bit difficult here though because the
buffer is allocated by realloc, not malloc.
(In reply to comment #5)
> A kludgearound is to zero out the buffer at the point of allocation
> (iow, calloc it), and then if there are still complaints, be
> concerned, since that would mean the data itself contained
> uninitialised stuff.  That's a bit difficult here though because the
> buffer is allocated by realloc, not malloc.

So can this bug be morphed into something useful for Mozilla folks or is this still regarded as a false positive?
Keywords: testcase
(In reply to comment #6)
> So can this bug be morphed into something useful for Mozilla folks or is this
> still regarded as a false positive?

It's _probably_ a false positive.  The way to tell for sure is to memset-0
the underlying block at it's reallocation point (the error msg tells you
where that is).  If the error still appears, then it's real.
whole new cache code
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: