Closed
Bug 910477
Opened 11 years ago
Closed 11 years ago
Valgrind detects "Conditional jump or move depends on uninitialised value(s)" with js::DecompressString on the stack
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: gkw, Unassigned)
Details
(Keywords: regression, testcase, valgrind)
Merely starting up the js opt shell on m-c changeset dc7b76fcf7e4 without any CLI arguments shows the following error: $ valgrind --smc-check=all-non-file --track-origins=yes ./js-opt-64-dm-vg-ts-linux-dc7b76fcf7e4 ==12592== Memcheck, a memory error detector ==12592== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==12592== Using Valgrind-3.9.0.SVN and LibVEX; rerun with -h for copyright info ==12592== Command: ./js-opt-64-dm-vg-ts-linux-dc7b76fcf7e4 ==12592== ==12592== Conditional jump or move depends on uninitialised value(s) ==12592== at 0x52994E0: inflateReset2 (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4) ==12592== by 0x52995D8: inflateInit2_ (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4) ==12592== by 0x62ED88: js::DecompressString(unsigned char const*, unsigned long, unsigned char*, unsigned long) (jsutil.cpp:132) ==12592== by 0x4BB457: JSRuntime::initSelfHosting(JSContext*) (SelfHosting.cpp:748) ==12592== by 0x55978C: js::NewContext(JSRuntime*, unsigned long) (jscntxt.cpp:201) ==12592== by 0x40C152: NewContext(JSRuntime*) (js.cpp:4907) ==12592== by 0x40F393: main (js.cpp:5539) ==12592== Uninitialised value was created by a heap allocation ==12592== at 0x4C2C857: malloc (vg_replace_malloc.c:291) ==12592== by 0x52995B6: inflateInit2_ (in /lib/x86_64-linux-gnu/libz.so.1.2.3.4) ==12592== by 0x62ED88: js::DecompressString(unsigned char const*, unsigned long, unsigned char*, unsigned long) (jsutil.cpp:132) ==12592== by 0x4BB457: JSRuntime::initSelfHosting(JSContext*) (SelfHosting.cpp:748) ==12592== by 0x55978C: js::NewContext(JSRuntime*, unsigned long) (jscntxt.cpp:201) ==12592== by 0x40C152: NewContext(JSRuntime*) (js.cpp:4907) ==12592== by 0x40F393: main (js.cpp:5539) ==12592== js> quit() ==12592== ==12592== HEAP SUMMARY: ==12592== in use at exit: 7,854 bytes in 81 blocks ==12592== total heap usage: 3,778 allocs, 3,697 frees, 2,354,412 bytes allocated ==12592== ==12592== LEAK SUMMARY: ==12592== definitely lost: 7 bytes in 1 blocks ==12592== indirectly lost: 0 bytes in 0 blocks ==12592== possibly lost: 0 bytes in 0 blocks ==12592== still reachable: 7,847 bytes in 80 blocks ==12592== suppressed: 0 bytes in 0 blocks ==12592== Rerun with --leak-check=full to see details of leaked memory ==12592== ==12592== For counts of detected and suppressed errors, rerun with: -v ==12592== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0) My configure flags are: sh ./configure --enable-optimize --disable-debug --enable-profiling --enable-gczeal --enable-debug-symbols --enable-methodjit --enable-type-inference --disable-tests --enable-more-deterministic --enable-valgrind --with-ccache --enable-threadsafe <NSPR flags, or use --with-system-nspr> I'm fairly sure this didn't used to happen, so setting s-s to be safe.
Comment 1•11 years ago
|
||
Might be a false positive? See http://zlib.net/zlib_faq.html#faq36
Comment 2•11 years ago
|
||
It goes on to say that zlib 1.2.4 was changed to stop V complaining, and it looks like you've got 1.2.3 involved. So, yes, probably a false positive -- one of the very rare cases where legit code fools Memcheck's definedness tracking.
Reporter | ||
Comment 3•11 years ago
|
||
Thanks Julian! Not an issue with the JS engine then. Opening up and resolving INVALID.
Group: core-security
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•