[mythtv-commits] Ticket #9246: lirc handling code is branching based on uninitialized data

MythTV mythtv at cvs.mythtv.org
Thu Nov 18 06:40:34 UTC 2010 

#9246: lirc handling code is branching based on uninitialized data
----------------------------------+-----------------------------------------
     Reporter:  beirdo            |       Owner:  danielk   
         Type:  Bug Report        |      Status:  new       
     Priority:  minor             |   Milestone:  unknown   
    Component:  MythTV - General  |     Version:  Trunk Head
     Severity:  low               |    Keywords:            
Ticket locked:  0                 |  
----------------------------------+-----------------------------------------
 {{{
 ==00:00:02:57.622 28658== Conditional jump or move depends on
 uninitialised value(s)
 ==00:00:02:57.622 28658==    at 0x7A1E414: LIRC::GetCodes() (lirc.cpp:526)
 ==00:00:02:57.622 28658==    by 0x7A1D81F: LIRC::run() (lirc.cpp:466)
 ==00:00:02:57.622 28658==    by 0xEDF8774: ??? (in
 /usr/lib/libQtCore.so.4.6.2)
 ==00:00:02:57.622 28658==    by 0xBC0C9C9: start_thread
 (pthread_create.c:300)
 ==00:00:02:57.622 28658==    by 0xFA9670C: clone (clone.S:112)
 ==00:00:02:57.622 28658==  Uninitialised value was created by a heap
 allocation
 ==00:00:02:57.622 28658==    at 0x4C275A2: realloc
 (vg_replace_malloc.c:525)
 ==00:00:02:57.622 28658==    by 0xEDFB599: QByteArray::realloc(int) (in
 /usr/lib/libQtCore.so.4.6.2)
 ==00:00:02:57.622 28658==    by 0xEDFB978: QByteArray::resize(int) (in
 /usr/lib/libQtCore.so.4.6.2)
 ==00:00:02:57.622 28658==    by 0x7A1E3F9: LIRC::GetCodes() (lirc.cpp:525)
 ==00:00:02:57.622 28658==    by 0x7A1D81F: LIRC::run() (lirc.cpp:466)
 ==00:00:02:57.622 28658==    by 0xEDF8774: ??? (in
 /usr/lib/libQtCore.so.4.6.2)
 ==00:00:02:57.622 28658==    by 0xBC0C9C9: start_thread
 (pthread_create.c:300)
 ==00:00:02:57.622 28658==    by 0xFA9670C: clone (clone.S:112)
 }}}

 The code in question is:
 {{{

     buf.resize(buf_offset);
     ret = buf.split('\n');
     buf.resize(tmpc);
     if (buf.endsWith('\n'))
 }}}

 Line 526 is the "endsWith".  The issue here is that when you increase the
 size of a QByteArray with resize(), the new capacity is composed of
 uninitialized bytes, not zeroed out.

 I was considering fixing this, but I'm not 100% sure what is intended
 here, so I thought I'd punt it back to the author.

-- 
Ticket URL: <http://svn.mythtv.org/trac/ticket/9246>
MythTV <http://www.mythtv.org/>
MythTV Media Center

More information about the mythtv-commits mailing list