valgrind caught something in DrawImage (draw.c:2754)

[mi]

Here is the snippet of valgrind's output:

Code: Select all

==1329== 
==1329== Use of uninitialised value of size 8
==1329==    at 0x3C2C7E8A: DrawImage (draw.c:2754)
==1329==    by 0x3C25F0B3: ??? (annotate.c:1612)
==1329==    by 0x3C25D7F8: ??? (annotate.c:1075)
==1329==    by 0x3C25C453: AnnotateImage (annotate.c:422)
==1329== 
==1329== Use of uninitialised value of size 8
==1329==    at 0x3C2C7EA4: DrawImage (draw.c:2755)
==1329==    by 0x3C25F0B3: ??? (annotate.c:1612)
==1329==    by 0x3C25D7F8: ??? (annotate.c:1075)
==1329==    by 0x3C25C453: AnnotateImage (annotate.c:422)
==1329== 
==1329== Use of uninitialised value of size 8
==1329==    at 0x3C2C7EBF: DrawImage (draw.c:2756)
==1329==    by 0x3C25F0B3: ??? (annotate.c:1612)
==1329==    by 0x3C25D7F8: ??? (annotate.c:1075)
==1329==    by 0x3C25C453: AnnotateImage (annotate.c:422)
==1329== 
==1329== Use of uninitialised value of size 8
==1329==    at 0x3C2C7ED9: DrawImage (draw.c:2757)
==1329==    by 0x3C25F0B3: ??? (annotate.c:1612)
==1329==    by 0x3C25D7F8: ??? (annotate.c:1075)
==1329==    by 0x3C25C453: AnnotateImage (annotate.c:422)

These are the following four lines in 6.3.5-3:

Code: Select all

    bounds.x1=primitive_info[j].point.x;
    bounds.y1=primitive_info[j].point.y;
    bounds.x2=primitive_info[j].point.x;
    bounds.y2=primitive_info[j].point.y;
 

In a quick glance, the just-allocated primitive_info does not, indeed, have its point sub-structure initialized...

[magick]

We need to reproduce the problem you posted. What program were you running to produce an unintialized value?

[mi]

We need to reproduce the problem you posted. What program were you running to produce an unintialized value?

I built TclMagick, and am running its self-tests under valgrind as:

Code: Select all

valgrind --tool=memcheck tclsh8.4 test-wand.tcl

This is on FreeBSD/i386, because there is no valgrind for FreeBSD/amd64 (there is for Linux/amd64).

[magick]

We have a patch for the problem you reported. It will be available in ImageMagick 6.3.5-3 Beta sometime tommorrow.

[mi]

That's great news! Please, consider running that beta through `make check' though

Here is another nit picked by valgrind on the same test-wand.tcl script:

Code: Select all

==1329== 
==1329== Use of uninitialised value of size 4
==1329==    at 0x3C276227: ??? (pixel-private.h:72)
==1329==    by 0x3C275D05: ??? (color.c:541)
==1329==    by 0x3C277F73: GetNumberColors (color.c:1621)
==1329==    by 0x3C4C0FE7: MagickGetImageColors (magick-image.c:3590)

The index-pointer, passed to the SetMagickPixelPacket() (in pixel-private.h) by ClassifyImageColors() (in color.c), is pointing to uninitialized memory, it seems.

[mi]

And another one... Maybe, the regression tests should all be run under valgrind or Purify, if available on the platform?

Code: Select all

==2108== Invalid read of size 1
==2108==    at 0x7535E00E: CopyMagickString (string.c:729)
==2108==    by 0x7535D0CE: AcquireString (string.c:145)
==2108==    by 0x75DF31EB: ??? (mvg.c:201)
==2108==    by 0x7528D9C2: ReadImage (constitute.c:388)
==2108==    by 0x75F6B6D0: ??? (svg.c:2851)
==2108==    by 0x7528D9C2: ReadImage (constitute.c:388)
==2108==    by 0x75260343: BlobToImage (blob.c:353)
==2108==  Address 0x7521313F is not stack'd, malloc'd or (recently) free'd

[magick]

We do run the regression tests under valgrind and in some cases determine that a report by valgrind is not a bug. We will review the valgrind problems you posted and determine if a patch is warranted.