Crash in wayland-scanner-0.99.0

Kristian Høgsberg krh at bitplanet.net
Sun Oct 21 12:21:41 PDT 2012 

On Sat, Oct 20, 2012 at 9:00 AM, Jan Engelhardt <jengelh at inai.de> wrote:
>
> Seen on wayland-0.99.0 in a openSUSE 12.1 environment, a crash can
> happen during building:
>
> $ make
>   GEN    wayland-client-protocol.h
> /bin/sh: line 1: 20393 Segmentation fault      (core dumped) ../src/wayland-scanner client-header < ../protocol/wayland.xml > wayland-client-protocol.h
> make: *** [wayland-client-protocol.h] Error 139
>
> $ valgrind ./wayland-scanner client-header <../protocol/wayland.xml >FOO
> ==20493== Memcheck, a memory error detector
> ==20493== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
> ==20493== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
> ==20493== Command: ./wayland-scanner client-header
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x4022E4: start_element (scanner.c:442)
> ==20493==    by 0x4E3AAF5: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3BBC0: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E38A9B: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3A42A: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3D9D1: XML_ParseBuffer (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x404164: main (scanner.c:1155)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x402303: start_element (scanner.c:444)
> ==20493==    by 0x4E3AAF5: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3BBC0: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E38A9B: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3A42A: ??? (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x4E3D9D1: XML_ParseBuffer (in /lib64/libexpat.so.1.5.2)
> ==20493==    by 0x404164: main (scanner.c:1155)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x403497: emit_structs (scanner.c:824)
> ==20493==    by 0x4038C8: emit_header (scanner.c:924)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x402911: emit_stubs (scanner.c:595)
> ==20493==    by 0x4038F6: emit_header (scanner.c:926)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x4029B3: emit_stubs (scanner.c:608)
> ==20493==    by 0x4038F6: emit_header (scanner.c:926)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x402A7D: emit_stubs (scanner.c:626)
> ==20493==    by 0x4038F6: emit_header (scanner.c:926)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x402B1D: emit_stubs (scanner.c:644)
> ==20493==    by 0x4038F6: emit_header (scanner.c:926)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493== Conditional jump or move depends on uninitialised value(s)
> ==20493==    at 0x402BC7: emit_stubs (scanner.c:656)
> ==20493==    by 0x4038F6: emit_header (scanner.c:926)
> ==20493==    by 0x4041C7: main (scanner.c:1162)
> ==20493==
> ==20493==
> ==20493== HEAP SUMMARY:
> ==20493==     in use at exit: 53,176 bytes in 1,207 blocks
> ==20493==   total heap usage: 1,242 allocs, 35 frees, 70,880 bytes allocated
> ==20493==
> ==20493== LEAK SUMMARY:
> ==20493==    definitely lost: 1,379 bytes in 4 blocks
> ==20493==    indirectly lost: 51,797 bytes in 1,203 blocks
> ==20493==      possibly lost: 0 bytes in 0 blocks
> ==20493==    still reachable: 0 bytes in 0 blocks
> ==20493==         suppressed: 0 bytes in 0 blocks
> ==20493== Rerun with --leak-check=full to see details of leaked memory
> ==20493==
> ==20493== For counts of detected and suppressed errors, rerun with: -v
> ==20493== Use --track-origins=yes to see where uninitialised values come from
> ==20493== ERROR SUMMARY: 8 errors from 8 contexts (suppressed: 6 from 6)
>
> $ gdb wayland-scanner
> [...]
> (gdb) b emit_type
> [...]
> (gdb) r client-header <../protocol.xml
> Starting program: /home/abuild/rpmbuild/BUILD/wayland-0.99.0/src/wayland-scanner client-header <../protocol/wayland.xml
> Breakpoint 1, emit_type (a=0x60b880) at scanner.c:511
> 511             switch (a->type) {
> (gdb) p *a
> $1 = {name = 0x60b8c0 "object_id", type = OBJECT, nullable = 0,
>   interface_name = 0xbabababababababa <Address 0xbabababababababa out of bounds>, link = {prev = 0x60b740, next = 0x60b8f8}, summary = 0x0}
> (gdb) up
> #1  0x00000000004034e9 in emit_structs (message_list=0x60af98,
>     interface=0x60af70) at scanner.c:830
> 830                                     emit_type(a);
>
>
> (So as an added bonus, it's the first element in the list.)

I ran it through valgrind myself and fixed a few missing
initializations, now pushed to master.  Thanks for reporting the
problem.

Kristian

More information about the wayland-devel mailing list