<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Two subsequent display roundtrips results in sendmsg syscall with uninitialized bytes"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=94071">94071</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Two subsequent display roundtrips results in sendmsg syscall with uninitialized bytes
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Wayland
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>wayland
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>wayland-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>eyolfson@gmail.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=121636" name="attach_121636" title="The bug triggers on the second roundtrip call.">attachment 121636</a> <a href="attachment.cgi?id=121636&action=edit" title="The bug triggers on the second roundtrip call.">[details]</a></span>
The bug triggers on the second roundtrip call.

This occurs in wayland version 1.9.0 (not selectable in Bugzilla).

I'm on Linux 4.4.1 using gcc 5.3.0 and valgrind 3.11.0.

I can compile the attachment like:

<span class="quote">> gcc wayland-test.c -lwayland-client -g</span >

Then run valgrind on the resulting executable:

<span class="quote">> valgrind --track-origins=yes ./a.out </span >
==14980== Memcheck, a memory error detector
==14980== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==14980== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==14980== Command: ./a.out
==14980== 
==14980== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==14980==    at 0x512C1E0: __sendmsg_nocancel (in /usr/lib/libc-2.22.so)
==14980==    by 0x4E3AF30: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3A738: wl_display_dispatch_queue (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3AA6E: wl_display_roundtrip_queue (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x400B6A: main (wayland-test.c:47)
==14980==  Address 0x5d1324e is 4,158 bytes inside a block of size 16,424
alloc'd
==14980==    at 0x4C2A987: calloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14980==    by 0x4E3B061: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3A246: wl_display_connect_to_fd (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3A379: wl_display_connect (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x400B28: main (wayland-test.c:43)
==14980==  Uninitialised value was created by a heap allocation
==14980==    at 0x4C28C10: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==14980==    by 0x4E3C8DF: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E39E71: wl_proxy_marshal_array_constructor (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3A0F9: wl_proxy_marshal_constructor (in
/usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x400A2C: wl_registry_bind (wayland-client-protocol.h:288)
==14980==    by 0x400ABE: global (wayland-test.c:15)
==14980==    by 0x53EC1EF: ffi_call_unix64 (in /usr/lib/libffi.so.6.0.4)
==14980==    by 0x53EBC57: ffi_call (in /usr/lib/libffi.so.6.0.4)
==14980==    by 0x4E3C757: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E39A5F: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E39ADB: ??? (in /usr/lib/libwayland-client.so.0.3.0)
==14980==    by 0x4E3A7AE: wl_display_dispatch_queue (in
/usr/lib/libwayland-client.so.0.3.0)
==14980== 
==14980== 
==14980== HEAP SUMMARY:
==14980==     in use at exit: 0 bytes in 0 blocks
==14980==   total heap usage: 45 allocs, 45 frees, 24,232 bytes allocated
==14980== 
==14980== All heap blocks were freed -- no leaks are possible
==14980== 
==14980== For counts of detected and suppressed errors, rerun with: -v
==14980== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>