[poppler] Poppler provided printf() functions on Windows not language compliant
William Bader
williambader at hotmail.com
Sat Mar 5 03:02:12 UTC 2016
> To: poppler at lists.freedesktop.org
> Date: Fri, 4 Mar 2016 17:51:24 -0800
> From: mathog at caltech.edu
> Subject: Re: [poppler] Poppler provided printf() functions on Windows not language compliant
>
> On 04-Mar-2016 15:27, William Bader wrote:
> > Do you have any tools to track down bad memory accesses similar to
> > valgrind on Linux?
>
> Well, I had tried Dr. Memory previously on Inkscape and it died a
> horrible death trying to handle all of those memory structures. However
> this test program is tiny, so let's go with that.
>
> Installs current release of Dr. Memory on 32 bit XP machine.
>
> In DOS shell
>
> mingwenv
> mingw32-g++ -O0 -ggdb -static-libgcc -static-libstdc++ -o printf_bug
> printf_bug.c -Lc:\progs\devlibs61/lib -lpoppler
> "C:\Program Files\Dr. Memory\bin\drmemory.exe" -logdir C:/temp/logs --
> printf_bug
>
> This logged several errors in libpoppler
>
> or
>
> mingw32-g++ -O0 -ggdb -static-libgcc -static-libstdc++ -o printf_bug
> printf_bug.c
> "C:\Program Files\Dr. Memory\bin\drmemory.exe" -logdir C:/temp/logs --
> printf_bug
>
> this logged no errors.
>
>
> Jason Crain suggested stepping in with a debugger. Tried that and it
> didn't help, the libpoppler is not compiled with -g, there are no
> symbols.
>
> These are the errors from the first run mentioned above. It is not very
> helpful because libpoppler is built without debugging symbols. Sorry,
> this will probably wrap:
>
> Dr. Memory version 1.9.0 build 4 built on Oct 2 2015 13:13:14
> Dr. Memory results for pid 2056: "printf_bug.exe"
> Application cmdline: "printf_bug"
> Recorded 116 suppression(s) from default C:\Program files\Dr.
> Memory\bin\suppress-default.txt
>
> Error #1: UNINITIALIZED READ: reading 0x00220378-0x0022037a 2 byte(s)
> within 0x00220370-0x0022037a
> # 0 libpoppler-58.dll!__pformat_cvt [../../mingw/include/math.h:361]
> # 1 libpoppler-58.dll!__pformat_float
> [../../mingw/mingwex/stdio/pformat.c:800]
> # 2 libpoppler-58.dll!__mingw_pformat
> [../../mingw/mingwex/stdio/pformat.c:2047]
> # 3 libpoppler-58.dll!__mingw_vprintf
> [../../mingw/mingwex/stdio/vprintf.c:61]
> # 4 libpoppler-58.dll!printf
> [../../../../src/gcc-4.6.1/libgcc/../gcc/config/i386/cygwin.asm:125]
> # 5 main
> [C:\progs\inkscape_trunk/printf_bug.c:8]
> Note: @0:00:01.328 in thread 3760
> Note: instruction: fld 0x20(%esp) -> %st0
>
> Error #2: UNINITIALIZED READ: reading 0x00220374-0x0022037a 6 byte(s)
> within 0x00220370-0x0022037a
> # 0 libpoppler-58.dll!__pformat_cvt [../../mingw/include/math.h:361]
> # 1 libpoppler-58.dll!__pformat_float
> [../../mingw/mingwex/stdio/pformat.c:800]
> # 2 libpoppler-58.dll!__mingw_pformat
> [../../mingw/mingwex/stdio/pformat.c:2047]
> # 3 libpoppler-58.dll!__mingw_vprintf
> [../../mingw/mingwex/stdio/vprintf.c:61]
> # 4 libpoppler-58.dll!printf
> [../../../../src/gcc-4.6.1/libgcc/../gcc/config/i386/cygwin.asm:125]
> # 5 main
> [C:\progs\inkscape_trunk/printf_bug.c:10]
> Note: @0:00:01.437 in thread 3760
> Note: instruction: fld 0x20(%esp) -> %st0
>
> ===========================================================================
> FINAL SUMMARY:
>
> DUPLICATE ERROR COUNTS:
> Error # 2: 2
>
> SUPPRESSIONS USED:
>
> ERRORS FOUND:
> 0 unique, 0 total unaddressable access(es)
> 2 unique, 3 total uninitialized access(es)
> 0 unique, 0 total invalid heap argument(s)
> 0 unique, 0 total GDI usage error(s)
> 0 unique, 0 total handle leak(s)
> 0 unique, 0 total warning(s)
> 0 unique, 0 total, 0 byte(s) of leak(s)
> 0 unique, 0 total, 0 byte(s) of possible leak(s)
> ERRORS IGNORED:
> 4 unique, 5 total, 11360 byte(s) of still-reachable
> allocation(s)
> (re-run with "-show_reachable" for details)
> Details: c:\temp\logs\DrMemory-printf_bug.exe.2056.000\results.txt
>
> Guess I should report it as a bug. Although I am not sure if it is a
> devlibs61 problem or an underlying issue in poppler.
>
> Thanks,
>
> David Mathog
> mathog at caltech.edu
> Manager, Sequence Analysis Facility, Biology Division, Caltech
I think that the log above does not show the error that caused the crash.
"Uninitialized access" warnings are common false positives in memory checkers. They can happen when you copy a structure that has not had every byte of every field initialized. Dr. Memory even comments on that at http://drmemory.org/docs/page_uninit.html
An access to an invalid address can cause a crash, but reading an uninitialized variable should not directly cause a crash. If the uninitialized variable was a length or a pointer, using the value could lead to an invalid access, and that could cause a crash, but through an an invalid access, and the log does not show any "unaddressable access" errors.
Also, the stack trace shows pformat.c and vprintf.c. Those are not part of poppler. Poppler is C++, and almost all of the files with code are .cc not .c. You can also verify that by searching in the poppler source.
Did the person who built the poppler dll add parts of the C stdio library into the poppler dll?
William
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler/attachments/20160304/39bde7ea/attachment.html>
More information about the poppler
mailing list