[poppler] Valgrind error with tiling patterns in Poppler (and probably XPDF)

Brad Hards bradh at frogmouth.net
Sat Nov 3 16:57:06 PDT 2007 

G'day team,

I recently [0] posted a message asking for help understanding a weird looking
Valgrind backtrace. Thanks to a hint from Krzysztof Kowalczyk, I rebuilt
poppler without optimisation, and got a better backtrace [1].

This comes from the PDF Reference, Fourth Edition, Version 1.5 [2]. This doesn't
appear to occur with the compressed version [3]. The problem page is 1012 (if 
you count zero based), 1013 (if you count 1 based), and 991 (if you ignore the 
roman numbered intro pages) - it shows Plate 8 and Plate 9.

This bug appears to have no visual impact on my system - it is just a valgrind
alarm. It really does look like an uninitialised variable though.

The problem (from the backtrace) is that we are testing the GfxState fillColor->c[0]
when it isn't initialised. After some digging, I think the problem is that we
set a default fillColor based on whichever GfxColorSpace applies, which
in this case is GfxPatternColorSpace.

This is the code that gets executed in Poppler:
void GfxPatternColorSpace::getDefaultColor(GfxColor * /*color*/) {
  // not used
}
XPDF does basically the same thing (just doesn't comment out the pointer).

That gets turned into the fillColor, which isn't initialised.

I think that we should set color to something. Suggest:
void GfxPatternColorSpace::getDefaultColor(GfxColor *color) {
  color->c[0]=0;
}

Does that look reasonable?

Brad


[0] http://lists.freedesktop.org/archives/poppler/2007-November/003084.html

[1] 
==25269== Conditional jump or move depends on uninitialised value(s)
==25269==    at 0x40A38C3: clip01(int) (GfxState.cc:29)
==25269==    by 0x40A3D26: GfxDeviceGrayColorSpace::getGray(GfxColor*, int*) (GfxState.cc:242)
==25269==    by 0x40623EB: GfxState::getFillGray(int*) (GfxState.h:1065)
==25269==    by 0x405C54D: SplashOutputDev::updateFillColor(GfxState*) (SplashOutputDev.cc:848)
==25269==    by 0x40940A8: Gfx::doTilingPatternFill(GfxTilingPattern*, int, int) (Gfx.cc:1701)
==25269==    by 0x4094B7E: Gfx::doPatternFill(int) (Gfx.cc:1588)
==25269==    by 0x4094FA8: Gfx::opFillStroke(Object*, int) (Gfx.cc:1498)
==25269==    by 0x4090523: Gfx::execOp(Object*, Object*, int) (Gfx.cc:717)
==25269==    by 0x40906AF: Gfx::go(int) (Gfx.cc:588)
==25269==    by 0x4090C68: Gfx::display(Object*, int) (Gfx.cc:557)
==25269==    by 0x40DEAE2: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:406)
==25269==    by 0x40E2EDE: PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, int, int, int, int, int, int, int, int (*)(void*), void*, int (*)(Annot*, void*), void*) (PDFDoc.cc:396)
==25269==
==25269== Conditional jump or move depends on uninitialised value(s)
==25269==    at 0x40A38D2: clip01(int) (GfxState.cc:29)
==25269==    by 0x40A3D26: GfxDeviceGrayColorSpace::getGray(GfxColor*, int*) (GfxState.cc:242)
==25269==    by 0x40623EB: GfxState::getFillGray(int*) (GfxState.h:1065)
==25269==    by 0x405C54D: SplashOutputDev::updateFillColor(GfxState*) (SplashOutputDev.cc:848)
==25269==    by 0x40940A8: Gfx::doTilingPatternFill(GfxTilingPattern*, int, int) (Gfx.cc:1701)
==25269==    by 0x4094B7E: Gfx::doPatternFill(int) (Gfx.cc:1588)
==25269==    by 0x4094FA8: Gfx::opFillStroke(Object*, int) (Gfx.cc:1498)
==25269==    by 0x4090523: Gfx::execOp(Object*, Object*, int) (Gfx.cc:717)
==25269==    by 0x40906AF: Gfx::go(int) (Gfx.cc:588)
==25269==    by 0x4090C68: Gfx::display(Object*, int) (Gfx.cc:557)
==25269==    by 0x40DEAE2: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:406)
==25269==    by 0x40E2EDE: PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, int, int, int, int, int, int, int, int (*)(void*), void*, int (*)(Annot*, void*), void*) (PDFDoc.cc:396)
==25269==
==25269== Conditional jump or move depends on uninitialised value(s)
==25269==    at 0x40A38C3: clip01(int) (GfxState.cc:29)
==25269==    by 0x40A3D3C: GfxDeviceGrayColorSpace::getRGB(GfxColor*, GfxRGB*) (GfxState.cc:250)
==25269==    by 0x406245B: GfxState::getFillRGB(GfxRGB*) (GfxState.h:1069)
==25269==    by 0x405C55F: SplashOutputDev::updateFillColor(GfxState*) (SplashOutputDev.cc:849)
==25269==    by 0x40940A8: Gfx::doTilingPatternFill(GfxTilingPattern*, int, int) (Gfx.cc:1701)
==25269==    by 0x4094B7E: Gfx::doPatternFill(int) (Gfx.cc:1588)
==25269==    by 0x4094FA8: Gfx::opFillStroke(Object*, int) (Gfx.cc:1498)
==25269==    by 0x4090523: Gfx::execOp(Object*, Object*, int) (Gfx.cc:717)
==25269==    by 0x40906AF: Gfx::go(int) (Gfx.cc:588)
==25269==    by 0x4090C68: Gfx::display(Object*, int) (Gfx.cc:557)
==25269==    by 0x40DEAE2: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:406)
==25269==    by 0x40E2EDE: PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, int, int, int, int, int, int, int, int (*)(void*), void*, int (*)(Annot*, void*), void*) (PDFDoc.cc:396)
==25269==
==25269== Conditional jump or move depends on uninitialised value(s)
==25269==    at 0x40A38D2: clip01(int) (GfxState.cc:29)
==25269==    by 0x40A3D3C: GfxDeviceGrayColorSpace::getRGB(GfxColor*, GfxRGB*) (GfxState.cc:250)
==25269==    by 0x406245B: GfxState::getFillRGB(GfxRGB*) (GfxState.h:1069)
==25269==    by 0x405C55F: SplashOutputDev::updateFillColor(GfxState*) (SplashOutputDev.cc:849)
==25269==    by 0x40940A8: Gfx::doTilingPatternFill(GfxTilingPattern*, int, int) (Gfx.cc:1701)
==25269==    by 0x4094B7E: Gfx::doPatternFill(int) (Gfx.cc:1588)
==25269==    by 0x4094FA8: Gfx::opFillStroke(Object*, int) (Gfx.cc:1498)
==25269==    by 0x4090523: Gfx::execOp(Object*, Object*, int) (Gfx.cc:717)
==25269==    by 0x40906AF: Gfx::go(int) (Gfx.cc:588)
==25269==    by 0x4090C68: Gfx::display(Object*, int) (Gfx.cc:557)
==25269==    by 0x40DEAE2: Page::displaySlice(OutputDev*, double, double, int, int, int, int, int, int, int, int, Catalog*, int (*)(void*), void*, int (*)(Annot*, void*), void*) (Page.cc:406)
==25269==    by 0x40E2EDE: PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, int, int, int, int, int, int, int, int (*)(void*), void*, int (*)(Annot*, void*), void*) (PDFDoc.cc:396)


[2] http://www.adobe.com/devnet/pdf/pdfs/PDFReference15_v5.pdf

[3] http://www.adobe.com/devnet/pdf/pdfs/PDFReference15_v6.pdf

More information about the poppler mailing list