Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: Valgrind Conditional Jumps  (Read 3354 times)

0 Members and 1 Guest are viewing this topic.

dabbertorres

  • Hero Member
  • *****
  • Posts: 505
    • View Profile
    • website/blog
Valgrind Conditional Jumps
« on: May 25, 2014, 08:18:19 am »
While debugging an application of mine, Valgrind threw several errors, some of which might be coming from SFML (Joystick stuff): "dependencies on uninitialized value(s)".

These may be false positives, but I was hoping someone else more familiar with this kind of stuff could have a look, just in case.

non-SFML programs do not have these errors, so it's not likely anything else.

System:
Arch Linux x86_64
Latest SFML sources

Minimal Reproduction:
Code: [Select]
#include <SFML/Graphics.hpp>
#include <SFML/Window.hpp>

int main()
{
sf::RenderWindow window;
window.create(sf::VideoMode(800, 600), "SFML");

return 0;
}


Valgrind Output:
(click to show/hide)

Looking at SFML's code, I think the errors are here and here;

Nexus

  • SFML Team
  • Hero Member
  • *****
  • Posts: 6287
  • Thor Developer
    • View Profile
    • Bromeon
Re: Valgrind Conditional Jumps
« Reply #1 on: May 25, 2014, 10:32:38 am »
Looking at SFML's code, I think the errors are here and here;
The function std::snprintf and the macro JSIOCGNAME both use the pointer as an output parameter, the C string need not be initialized.

I wonder why Valgrind claims that the standard library functions std::strlen and std::ctype::do_widen operate on uninitialized memory... They shouldn't, since we use std::snprintf and JSIOCGNAME as documented.
Zloxx II: action platformer
Thor Library: particle systems, animations, dot products, ...
SFML Game Development:

binary1248

  • SFML Team
  • Hero Member
  • *****
  • Posts: 1405
  • I am awesome.
    • View Profile
    • The server that really shouldn't be running
Re: Valgrind Conditional Jumps
« Reply #2 on: May 25, 2014, 11:15:50 am »
I think the Linux source shows us why valgrind is complaining:
case JSIOCGNAME(0):
        name = dev->name;
        if (!name)
                return 0;

        len = min_t(size_t, _IOC_SIZE(cmd), strlen(name) + 1);
        return copy_to_user(argp, name, len) ? -EFAULT : len;
 
In the case when the joystick has an empty name, it doesn't touch the output parameter in any way and just returns 0. When you initialise the string from the char joyname[128], everything in it is going to be uninitialised since not even a null was written to the first byte.

Judging from this code, I guess it is safe to assume that checking for > 0 from the ioctl call is good enough and would avoid this situation? If anything (even an empty string) was written to the output parameter, ioctl will return a positive value since strlen(name) + 1 is always positive in that case.
SFGUI # SFNUL # GLS # Wyrm <- Why do I waste my time on such a useless project? Because I am awesome (first meaning).

 

anything