Open
Bug 964827
Opened 11 years ago
Updated 2 years ago
Use of uninitialized value in 2D filtering code.
Categories
(Core :: Graphics, defect)
Tracking
()
REOPENED
People
(Reporter: ishikawa, Assigned: mstange)
References
Details
(Keywords: regression)
Noticed by running TB (C-C) under valgrind during |make mozmill| test
suite run.
"Memcheck:Value8" is caused 14 times by the use of uninitialized value is
referenced in 2D graphics code. (Many tests in |make mozmill| timed
out due to the slowdown caused by valgrind. So there could be more
such uninitialized value usage not reported here.)
The place where the usage of uninitialized value is the same in all
the reported cases (except for two known base64 issues)
DoUnpremultipcationCalculation_SSE2 is printed at the top of stack
reported by valgrind.
I quote the valgrind backtrace at the end of this message.
I have not seen this error before (say in Nov, Dec of 2013), and so I
assume this is a new bug or something. I checked the history of
source code:
I checked the source code:
DoUnpremultipcationCalculation_SSE2
is in
http://mxr.mozilla.org/comm-central/source/mozilla/gfx/2d/FilterProcessing.cpp#185
According to Blame info, it is part of patch set introduced by
Bug 924102 - Add filter processing code for many SVG filters. r=Bas
author Markus Stange <mstange@themasta.com>
Wed Nov 27 12:22:27 2013 +0100 (at Wed Nov 27 12:22:27 2013
+0100))
Note the date Nov 27, 2013. It fits the newness of the bug (!).
DoUnpremultipcationCalculation_SSE2 calls
DoUnpremultiplicationCalculation_SIMD
in
http://mxr.mozilla.org/comm-central/source/mozilla/gfx/2d/FilterProcessingSIMD-inl.h#915
This is again in the same patch set as above.
So I am fairly confident the above patch set introduced the usage of
uninitialized data.
I have not been able to examine the log in detail yet, but here is
the valgrind warning from the |make mozmill| output.
==9943== Use of uninitialised value of size 8
==9943== at 0x97A46C8: mozilla::gfx::FilterProcessing::DoUnpremultiplicationCalculation_SSE2(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, unsigned char*, int, unsigned char*, int) (emmintrin.h:593)
==9943== by 0x97C5CA8: mozilla::gfx::Unpremultiply(mozilla::gfx::DataSourceSurface*) (FilterNodeSoftware.cpp:1230)
==9943== by 0x97CAA40: mozilla::gfx::FilterNodeUnpremultiplySoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2904)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97C9C2B: mozilla::gfx::FilterNodeColorMatrixSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:1239)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97D0E6F: mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:978)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA98C: mozilla::gfx::FilterNodePremultiplySoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2874)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA686: mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2621)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C810D: mozilla::gfx::FilterNodeSoftware::Draw(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::DrawOptions const&) (FilterNodeSoftware.cpp:573)
==9943== by 0x73D3FDC: mozilla::gfx::FilterSupport::RenderFilterDescription(mozilla::gfx::DrawTarget*, mozilla::gfx::FilterDescription const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, nsTArray<mozilla::RefPtr<mozilla::gfx::SourceSurface> >&) (FilterSupport.cpp:1116)
==9943== by 0x8A915AD: nsSVGFilterInstance::Render(gfxContext*) (nsSVGFilterInstance.cpp:508)
==9943== by 0x8A8CCA4: nsSVGFilterFrame::PaintFilteredFrame(nsRenderingContext*, nsIFrame*, nsSVGFilterPaintCallback*, nsRect const*, nsIFrame*) (nsSVGFilterFrame.cpp:456)
==9943== by 0x8A9C563: nsSVGIntegrationUtils::PaintFramesWithEffects(nsRenderingContext*, nsIFrame*, nsRect const&, nsDisplayListBuilder*, mozilla::layers::LayerManager*) (nsSVGIntegrationUtils.cpp:520)
==9943== by 0x8894CF8: mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, nsIntRect const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, nsIntPoint const&, float, float, int) (FrameLayerBuilder.cpp:2182)
==9943== by 0x88956DD: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3652)
==9943== by 0x74DBFC9: mozilla::layers::BasicThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicThebesLayer.cpp:102)
==9943== by 0x74D7CBF: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:826)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D7C37: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:841)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D7C37: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:841)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D9BA5: mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:628)
==9943== by 0x88FA389: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (nsDisplayList.cpp:1232)
==9943== by 0x88FAD44: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (nsDisplayList.cpp:1076)
==9943== by 0x891AE68: nsLayoutUtils::PaintFrame(nsRenderingContext*, nsIFrame*, nsRegion const&, unsigned int, unsigned int) (nsLayoutUtils.cpp:2339)
==9943== by 0x8866D4B: PresShell::RenderDocument(nsRect const&, unsigned int, unsigned int, gfxContext*) (nsPresShell.cpp:4612)
==9943== by 0x75A4D27: mozilla::image::SVGDrawingCallback::operator()(gfxContext*, gfxRect const&, GraphicsFilter const&, gfxMatrix const&) (VectorImage.cpp:295)
==9943== by 0x74AF4D9: gfxUtils::DrawPixelSnapped(gfxContext*, gfxDrawable*, gfxMatrix const&, gfxRect const&, gfxRect const&, gfxRect const&, gfxRect const&, gfxImageFormat, GraphicsFilter, unsigned int) (gfxUtils.cpp:487)
==9943== by 0x75A5957: mozilla::image::VectorImage::CreateDrawableAndShow(mozilla::image::SVGDrawingParameters const&) (VectorImage.cpp:869)
==9943== by 0x75A6396: mozilla::image::VectorImage::Draw(gfxContext*, GraphicsFilter, gfxMatrix const&, gfxRect const&, nsIntRect const&, nsIntSize const&, mozilla::SVGImageContext const*, unsigned int, unsigned int) [clone .part.91] (VectorImage.cpp:823)
==9943== by 0x890F74C: DrawImageInternal(nsRenderingContext*, imgIContainer*, GraphicsFilter, nsRect const&, nsRect const&, nsPoint const&, nsRect const&, nsIntSize const&, mozilla::SVGImageContext const*, unsigned int) (nsLayoutUtils.cpp:4307)
==9943== by 0x891A7A0: nsLayoutUtils::DrawSingleImage(nsRenderingContext*, imgIContainer*, GraphicsFilter, nsRect const&, nsRect const&, mozilla::SVGImageContext const*, unsigned int, nsRect const*) (nsLayoutUtils.cpp:4430)
==9943== Uninitialised value was created by a heap allocation
==9943== at 0x402A914: malloc (vg_replace_malloc.c:291)
==9943== by 0x97F328B: mozilla::gfx::SourceSurfaceAlignedRawData::Init(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) (mozalloc.h:219)
==9943== by 0x97C1CED: mozilla::gfx::Factory::CreateDataSourceSurface(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) (Factory.cpp:647)
==9943== by 0x97C7144: mozilla::gfx::GetDataSurfaceInRect(mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::ConvolveMatrixEdgeMode) (FilterNodeSoftware.cpp:436)
==9943== by 0x97CEC15: mozilla::gfx::FilterNodeBlurXYSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2731)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CAA2C: mozilla::gfx::FilterNodeUnpremultiplySoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2903)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97C9C2B: mozilla::gfx::FilterNodeColorMatrixSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:1239)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97D0E6F: mozilla::gfx::FilterNodeTransformSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:978)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA98C: mozilla::gfx::FilterNodePremultiplySoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2874)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA686: mozilla::gfx::FilterNodeCompositeSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2621)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C90B6: mozilla::gfx::FilterNodeSoftware::GetInputDataSourceSurface(unsigned int, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::FilterNodeSoftware::FormatHint, mozilla::gfx::ConvolveMatrixEdgeMode, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const*) (FilterNodeSoftware.cpp:691)
==9943== by 0x97CA943: mozilla::gfx::FilterNodeCropSoftware::Render(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:2846)
==9943== by 0x97C8426: mozilla::gfx::FilterNodeSoftware::GetOutput(mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&) (FilterNodeSoftware.cpp:605)
==9943== by 0x97C810D: mozilla::gfx::FilterNodeSoftware::Draw(mozilla::gfx::DrawTarget*, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::PointTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::DrawOptions const&) (FilterNodeSoftware.cpp:573)
==9943== by 0x73D3FDC: mozilla::gfx::FilterSupport::RenderFilterDescription(mozilla::gfx::DrawTarget*, mozilla::gfx::FilterDescription const&, mozilla::gfx::RectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SourceSurface*, mozilla::gfx::IntRectTyped<mozilla::gfx::UnknownUnits> const&, nsTArray<mozilla::RefPtr<mozilla::gfx::SourceSurface> >&) (FilterSupport.cpp:1116)
==9943== by 0x8A915AD: nsSVGFilterInstance::Render(gfxContext*) (nsSVGFilterInstance.cpp:508)
==9943== by 0x8A8CCA4: nsSVGFilterFrame::PaintFilteredFrame(nsRenderingContext*, nsIFrame*, nsSVGFilterPaintCallback*, nsRect const*, nsIFrame*) (nsSVGFilterFrame.cpp:456)
==9943== by 0x8A9C563: nsSVGIntegrationUtils::PaintFramesWithEffects(nsRenderingContext*, nsIFrame*, nsRect const&, nsDisplayListBuilder*, mozilla::layers::LayerManager*) (nsSVGIntegrationUtils.cpp:520)
==9943== by 0x8894CF8: mozilla::FrameLayerBuilder::PaintItems(nsTArray<mozilla::FrameLayerBuilder::ClippedDisplayItem>&, nsIntRect const&, gfxContext*, nsRenderingContext*, nsDisplayListBuilder*, nsPresContext*, nsIntPoint const&, float, float, int) (FrameLayerBuilder.cpp:2182)
==9943== by 0x88956DD: mozilla::FrameLayerBuilder::DrawThebesLayer(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*) (FrameLayerBuilder.cpp:3652)
==9943== by 0x74DBFC9: mozilla::layers::BasicThebesLayer::PaintThebes(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicThebesLayer.cpp:102)
==9943== by 0x74D7CBF: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:826)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D7C37: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:841)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D7C37: mozilla::layers::BasicLayerManager::PaintSelfOrChildren(mozilla::layers::PaintLayerContext&, gfxContext*) (BasicLayerManager.cpp:841)
==9943== by 0x74D86C1: mozilla::layers::BasicLayerManager::PaintLayer(gfxContext*, mozilla::layers::Layer*, void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::ReadbackProcessor*) (BasicLayerManager.cpp:952)
==9943== by 0x74D9BA5: mozilla::layers::BasicLayerManager::EndTransactionInternal(void (*)(mozilla::layers::ThebesLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*), void*, mozilla::layers::LayerManager::EndTransactionFlags) (BasicLayerManager.cpp:628)
==9943== by 0x88FA389: nsDisplayList::PaintForFrame(nsDisplayListBuilder*, nsRenderingContext*, nsIFrame*, unsigned int) const (nsDisplayList.cpp:1232)
==9943== by 0x88FAD44: nsDisplayList::PaintRoot(nsDisplayListBuilder*, nsRenderingContext*, unsigned int) const (nsDisplayList.cpp:1076)
==9943==
cf. Two other cases of uninitialized usage.
I also see uninitialized value usage two times: over the last year or
so, the issues caused by
pl_base64_encode_buffer
and
pl_base64_encode_flush
are result of the following behavior of base64 encoding/decoding.
Long int is used to read/write the byte-oriented data (to be encoded
or already encoded), and storing the length of data. The base64 code
tries to pass long int array as a whole although, depending on the
byte length of data, only a portion of last long int is
initialized. But copying/reading the last whole long int seems to take
place anyway, and thus the referencing of the uninitialized portion of
the long int occurs and valgrind prints warnings.
|
Reporter | |
Comment 1•11 years ago
|
||
From what I read in the above log,
I think there is a member variable or something that is not properly initialized.
Note this part:
Uninitialised value was created by a heap allocation
==9943== at 0x402A914: malloc (vg_replace_malloc.c:291)
==9943== by 0x97F328B: mozilla::gfx::SourceSurfaceAlignedRawData::Init(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) (mozalloc.h:219)
==9943== by 0x97C1CED: mozilla::gfx::Factory::CreateDataSourceSurface(mozilla::gfx::IntSizeTyped<mozilla::gfx::UnknownUnits> const&, mozilla::gfx::SurfaceFormat) (Factory.cpp:647)
TIA
|
Assignee | |
Comment 2•11 years ago
|
||
Thank you for the report.
In this case, I think the warning can be ignored. As part of the SIMD processing, we sometimes process uninitialized data in the padding of the surface, but the result ends up in the padding of the target surface so its values don't matter because they won't actually be used. We only include those bits in the processing because we process multiple pixels at a time using SIMD instructions.
Is there a way we can tell Valgrind that this function is known to process uninitialized data, and we know that it's not harmful?
Alternatively, we could zero-initialize the alignment padding of the surface, but that may hurt performance.
|
|
Reporter | |
Comment 3•11 years ago
|
||
(In reply to Markus Stange [:mstange] from comment #2)
> Thank you for the report.
>
> In this case, I think the warning can be ignored. As part of the SIMD
> processing, we sometimes process uninitialized data in the padding of the
> surface, but the result ends up in the padding of the target surface so its
> values don't matter because they won't actually be used. We only include
> those bits in the processing because we process multiple pixels at a time
> using SIMD instructions.
>
> Is there a way we can tell Valgrind that this function is known to process
> uninitialized data, and we know that it's not harmful?
>
> Alternatively, we could zero-initialize the alignment padding of the
> surface, but that may hurt performance.
Thank you for the quick reply.
If we know that this can be safely ignored,
there is a way to tell valgrind to shut up and ignore this issue.
valgrind honors so called suppression rule and it tells valgrind about the stack signature and
the nature of the otherwise problematic behavior (in this case Memcheck:value8, the usage of uninitialized 8 byte value)
Putting something like the following in a suppression file and
tell valgrind to look at it before invocation should suppress this issue.
(We don't need the full stacktrace as below, probably top 5 or 10 on the top of the stack
should do, though. But I am showing the full version that matches the log explained in the original post.
{
Ignore_known_2d_filtering_padding_issue
Memcheck:Value8
fun:_ZN7mozilla3gfx16FilterProcessing37DoUnpremultiplicationCalculation_SSE2ERKNS0_12IntSizeTypedINS0_12UnknownUnitsEEEPhiS7_i
fun:_ZN7mozilla3gfxL13UnpremultiplyEPNS0_17DataSourceSurfaceE
fun:_ZN7mozilla3gfx31FilterNodeUnpremultiplySoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx29FilterNodeColorMatrixSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx22FilterNodeCropSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx27FilterNodeTransformSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx22FilterNodeCropSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx29FilterNodePremultiplySoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx27FilterNodeCompositeSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware9GetOutputERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
fun:_ZN7mozilla3gfx18FilterNodeSoftware25GetInputDataSourceSurfaceEjRKNS0_12IntRectTypedINS0_12UnknownUnitsEEENS1_10FormatHintENS0_22ConvolveMatrixEdgeModeEPS5_
fun:_ZN7mozilla3gfx22FilterNodeCropSoftware6RenderERKNS0_12IntRectTypedINS0_12UnknownUnitsEEE
}
Thank you again for the quick response.
I am putting FIXED in the Status field.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 4•11 years ago
|
||
Do we have a central valgrind ignore list for mozilla-central?
Nicholas, can you comment on whether this is the right thing to do?
(I'm changing the resolution from FIXED to INVALID because FIXED means that a patch landed to address the issue, and INVALID means "this is not a bug".)
Resolution: FIXED → INVALID
|
||
Comment 5•11 years ago
|
||
> Do we have a central valgrind ignore list for mozilla-central?
There are some *.sup files in build/valgrind/ but they're mostly aimed at |mach valgrind-test|, and this code isn't executed by that, so there's not much point adding a suppression.
> Nicholas, can you comment on whether this is the right thing to do?
I'd initialize to zero with a |#ifdef MOZ_VALGRIND| block, and write a comment explaining why you're doing it.
But before you do that: are you *really* sure that nothing bad is happening here? Valgrind is very careful to only complain when an undefined value is used in a way that could affect the execution of the program, e.g. if you use an undefined value in the condition of a conditional branch, or as a pointer, or as a system call input. It won't, for example, complain if you just do arithmetic with undefined values. Furthermore, it tracks undefinedness at the bit level so it handles partially-defined values appropriately.
|
|
Assignee | |
Comment 6•11 years ago
|
||
(In reply to Nicholas Nethercote [:njn] from comment #5)
> > Nicholas, can you comment on whether this is the right thing to do?
>
> I'd initialize to zero with a |#ifdef MOZ_VALGRIND| block, and write a
> comment explaining why you're doing it.
Good idea!
> But before you do that: are you *really* sure that nothing bad is happening
> here? Valgrind is very careful to only complain when an undefined value is
> used in a way that could affect the execution of the program, e.g. if you
> use an undefined value in the condition of a conditional branch, or as a
> pointer, or as a system call input. It won't, for example, complain if you
> just do arithmetic with undefined values. Furthermore, it tracks
> undefinedness at the bit level so it handles partially-defined values
> appropriately.
Wow, that is impressive. In that case I'm going to have a closer look at it, maybe I really am doing something wrong.
Assignee: nobody → mstange
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
Reporter | |
Comment 7•11 years ago
|
||
(In reply to Markus Stange [:mstange] from comment #6)
> (In reply to Nicholas Nethercote [:njn] from comment #5)
> > > Nicholas, can you comment on whether this is the right thing to do?
> >
> > I'd initialize to zero with a |#ifdef MOZ_VALGRIND| block, and write a
> > comment explaining why you're doing it.
>
> Good idea!
>
When you produce the zero-ing patch, please post it here.
I will check the operation under valgrind and see if it would eliminate
the issue (it should, of course, but it does not hurt to check).
TIA
|
||
Updated•11 years ago
|
Blocks: 924102
Keywords: regression
|
||
Updated•8 years ago
|
Version: unspecified → 28 Branch
|
||
Comment 8•8 years ago
|
||
I wish I had a small test case for this. I suspect what is happening
is that Valgrind/Memcheck doesn't understand that
0 * undefined = defined-0 -- instead it applies the more general rule
that anything * undefined = undefined. And I suspect it is in SIMD
multiplication that this is a problem.
I could conceivably special-case this -- there are other similar
tweaks already in there.
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•