SFML community forums

General => General discussions => Topic started by: dabbertorres on May 25, 2014, 08:18:19 am

Title: Valgrind Conditional Jumps
Post by: dabbertorres on May 25, 2014, 08:18:19 am

While debugging an application of mine, Valgrind threw several errors, some of which might be coming from SFML (Joystick stuff): "dependencies on uninitialized value(s)".

These may be false positives, but I was hoping someone else more familiar with this kind of stuff could have a look, just in case.

non-SFML programs do not have these errors, so it's not likely anything else.

System:
Arch Linux x86_64
Latest SFML sources

Minimal Reproduction:

Code: [Select]

#include <SFML/Graphics.hpp>
#include <SFML/Window.hpp>

int main()
{
sf::RenderWindow window;
window.create(sf::VideoMode(800, 600), "SFML");

return 0;
}


Valgrind Output:

(click to show/hide)

==11127== Conditional jump or move depends on uninitialised value(s)
==11127==    at 0x4C2BB89: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11127==    by 0x5557660: std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (in /usr/lib/libstdc++.so.6.0.20)
==11127==    by 0x4E43EED: sf::priv::JoystickImpl::getJoystickName(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E4461A: sf::priv::JoystickImpl::open(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3B07C: sf::priv::JoystickManager::update() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3E768: sf::priv::WindowImpl::WindowImpl() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E42461: sf::priv::WindowImplX11::WindowImplX11(sf::VideoMode, sf::String const&, unsigned long, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3D1A2: sf::priv::WindowImpl::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3CF04: sf::Window::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x40102E: main (in /home/alec/Code/testSFMLleaks/a.out)
==11127==  Uninitialised value was created by a stack allocation
==11127==    at 0x4E43EBE: sf::priv::JoystickImpl::getJoystickName(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==
==11127== Conditional jump or move depends on uninitialised value(s)
==11127==    at 0x4C2BB98: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==11127==    by 0x5557660: std::basic_string<char, std::char_traits<char>, std::allocator<char> >::basic_string(char const*, std::allocator<char> const&) (in /usr/lib/libstdc++.so.6.0.20)
==11127==    by 0x4E43EED: sf::priv::JoystickImpl::getJoystickName(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E4461A: sf::priv::JoystickImpl::open(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3B07C: sf::priv::JoystickManager::update() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3E768: sf::priv::WindowImpl::WindowImpl() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E42461: sf::priv::WindowImplX11::WindowImplX11(sf::VideoMode, sf::String const&, unsigned long, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3D1A2: sf::priv::WindowImpl::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3CF04: sf::Window::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x40102E: main (in /home/alec/Code/testSFMLleaks/a.out)
==11127==  Uninitialised value was created by a stack allocation
==11127==    at 0x4E43EBE: sf::priv::JoystickImpl::getJoystickName(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==
==11127== Use of uninitialised value of size 8
==11127==    at 0x550EDA4: std::ctype<wchar_t>::do_widen(char) const (in /usr/lib/libstdc++.so.6.0.20)
==11127==    by 0x5291830: sf::String::String(std::string const&, std::locale const&) (in /usr/lib/libsfml-system.so.2.1)
==11127==    by 0x4E4462D: sf::priv::JoystickImpl::open(unsigned int) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3B07C: sf::priv::JoystickManager::update() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3E768: sf::priv::WindowImpl::WindowImpl() (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E42461: sf::priv::WindowImplX11::WindowImplX11(sf::VideoMode, sf::String const&, unsigned long, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3D1A2: sf::priv::WindowImpl::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x4E3CF04: sf::Window::create(sf::VideoMode, sf::String const&, unsigned int, sf::ContextSettings const&) (in /usr/lib/libsfml-window.so.2.1)
==11127==    by 0x40102E: main (in /home/alec/Code/testSFMLleaks/a.out)
==11127==  Uninitialised value was created by a stack allocation
==11127==    at 0x4E43EBE: sf::priv::JoystickImpl::getJoystickName(unsigned int) (in /usr/lib/libsfml-window.so.2.1)

Looking at SFML's code, I think the errors are here (https://github.com/SFML/SFML/blob/6b2a4c27db867fe4921aeeed1a9250af27c5fc2c/src/SFML/Window/Unix/JoystickImpl.cpp#L288) and here (https://github.com/SFML/SFML/blob/6b2a4c27db867fe4921aeeed1a9250af27c5fc2c/src/SFML/Window/Unix/JoystickImpl.cpp#L154);

Title: Re: Valgrind Conditional Jumps
Post by: Nexus on May 25, 2014, 10:32:38 am

Quote from: dabbertorres on May 25, 2014, 08:18:19 am

Looking at SFML's code, I think the errors are here (https://github.com/SFML/SFML/blob/6b2a4c27db867fe4921aeeed1a9250af27c5fc2c/src/SFML/Window/Unix/JoystickImpl.cpp#L288) and here (https://github.com/SFML/SFML/blob/6b2a4c27db867fe4921aeeed1a9250af27c5fc2c/src/SFML/Window/Unix/JoystickImpl.cpp#L154);

The function std::snprintf (http://en.cppreference.com/w/cpp/io/c/fprintf) and the macro JSIOCGNAME (https://www.kernel.org/doc/Documentation/input/joystick-api.txt) both use the pointer as an output parameter, the C string need not be initialized.

I wonder why Valgrind claims that the standard library functions std::strlen and std::ctype::do_widen operate on uninitialized memory... They shouldn't, since we use std::snprintf and JSIOCGNAME as documented.

Title: Re: Valgrind Conditional Jumps
Post by: binary1248 on May 25, 2014, 11:15:50 am

I think the Linux source (http://code.woboq.org/linux/linux/drivers/input/joydev.c.html#582) shows us why valgrind is complaining:

case JSIOCGNAME(0):
        name = dev->name;
        if (!name)
                return 0;

        len = min_t(size_t, _IOC_SIZE(cmd), strlen(name) + 1);
        return copy_to_user(argp, name, len) ? -EFAULT : len;
 

In the case when the joystick has an empty name, it doesn't touch the output parameter in any way and just returns 0. When you initialise the string from the char joyname[128], everything in it is going to be uninitialised since not even a null was written to the first byte.

Judging from this code, I guess it is safe to assume that checking for > 0 from the ioctl call is good enough and would avoid this situation? If anything (even an empty string) was written to the output parameter, ioctl will return a positive value since strlen(name) + 1 is always positive in that case.