Valgrind Messages
This page is a dump of all the valgrind messages I see:
Linux
In psclient
in libX11
Syscall param writev(vector[...]) points to uninitialised byte(s) at 0xD31B78: writev (in /lib/libc-2.5.so) by 0x15098D: (within /usr/lib/libX11.so.6.2.0) by 0x15077E: _X11TransWritev (in /usr/lib/libX11.so.6.2.0) by 0x156468: _XSend (in /usr/lib/libX11.so.6.2.0) by 0x14738A: XQueryExtension (in /usr/lib/libX11.so.6.2.0) by 0x13BCAA: XInitExtension (in /usr/lib/libX11.so.6.2.0) by 0x254AD4: XRenderFindDisplay (in /usr/lib/libXrender.so.1.3.0) by 0x25589C: XRenderQueryExtension (in /usr/lib/libXrender.so.1.3.0) by 0x550DC1: _XcursorGetDisplayInfo (in /usr/lib/libXcursor.so.1.0.2) by 0x5514EC: XcursorSupportsARGB (in /usr/lib/libXcursor.so.1.0.2) by 0x553C1B: XcursorNoticeCreateBitmap (in /usr/lib/libXcursor.so.1.0.2) by 0x12FB24: _XNoticeCreateBitmap (in /usr/lib/libX11.so.6.2.0) Address 0x443D95D is 165 bytes inside a block of size 16,384 alloc'd at 0x400473F: calloc (vg_replace_malloc.c:279) by 0x141406: XOpenDisplay (in /usr/lib/libX11.so.6.2.0) by 0x46C32C0: csXWindow::Initialize(iObjectRegistry*) (xwindow.cpp:139) by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203) by 0x4610110: csPtr<iXWindow> csLoadPlugin<iXWindow>(iPluginManager*, char const*) (plugin.h:152) by 0x460EB29: csGraphics2DGLX::Initialize(iObjectRegistry*) (glx2d.cpp:107) by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203) by 0x4575E20: csPtr<iGraphics2D> csLoadPlugin<iGraphics2D>(iPluginManager*, char const*) (plugin.h:152) by 0x45578B8: csGLGraphics3D::Initialize(iObjectRegistry*) (gl_render3d.cpp:3513) by 0x8129DCB: csPluginManager::LoadPlugin(char const*, bool) (plugmgr.cpp:203) by 0x8139F71: csPluginLoader::LoadPlugins() (plugldr.cpp:357) by 0x8104ADE: csInitializer::RequestPlugins(iObjectRegistry*, csArray<csPluginRequest, csArrayElementHandler<csPl uginRequest>, CS::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (initapp.cpp:403)
I don't know what this message total means, it is not in PlaneShift or CrystalSpace and a variable unitalized passed to writev() shouldn't really be an error becasue it is writing memory to this location and not reading from it. It happens on starup.
nvidia
Conditional jump or move depends on uninitialised value(s) at 0x2FF9C7C: (within /usr/lib/nvidia/libGLcore.so.1.0.9755) Conditional jump or move depends on uninitialised value(s) at 0x2EC073F: (within /usr/lib/nvidia/libGLcore.so.1.0.9755) Conditional jump or move depends on uninitialised value(s) at 0x2ECFDF4: (within /usr/lib/nvidia/libGLcore.so.1.0.9755) Conditional jump or move depends on uninitialised value(s) at 0x2B98B9B: (within /usr/lib/nvidia/libGLcore.so.1.0.9755) Conditional jump or move depends on uninitialised value(s) at 0x2B98BAE: (within /usr/lib/nvidia/libGLcore.so.1.0.9755) Invalid read of size 4 at 0x493725: (within /usr/lib/nvidia/libGL.so.1.0.9755) by 0x27AE56: _dl_close (in /lib/ld-2.5.so) by 0xDABDA3: dlclose_doit (in /lib/libdl-2.5.so) by 0x275C05: _dl_catch_error (in /lib/ld-2.5.so) by 0xDAC38B: _dlerror_run (in /lib/libdl-2.5.so) by 0xDABDD9: dlclose (in /lib/libdl-2.5.so) by 0x816B638: csUnloadLibrary(void*) (loadlib.cpp:85) by 0x81489E4: scfSharedLibrary::~scfSharedLibrary() (scf.cpp:278) by 0x8149726: csPDelArrayElementHandler<scfSharedLibrary*>::Destroy(scfSharedLibrary**) (parray.h:47) by 0x814BA96: csArray<scfSharedLibrary*, csPDelArrayElementHandler<scfSharedLibrary*>, CS::Memory::AllocatorMallo c, csArrayCapacityDefault>::DeleteIndex(unsigned) (array.h:1001) by 0x814BB3A: scfSharedLibrary::TryUnload() (scf.cpp:222) by 0x814642D: csSCF::UnloadUnusedModules() (scf.cpp:918) Address 0x4CC2FC8 is 0 bytes inside a block of size 36 free'd at 0x400501A: free (vg_replace_malloc.c:233) by 0x49388D: (within /usr/lib/nvidia/libGL.so.1.0.9755)
There are some errors in nvidia. Not much can be done here...
crystal space
Invalid read of size 1 at 0x462227E: csGLFontCache::CopyGlyphData(iFont*, unsigned, unsigned, csBitmapMetrics const&, csRect const&, iDa taBuffer*, iDataBuffer*) (glfontcache.cpp:447) by 0x4622EC8: csGLFontCache::InternalCacheGlyph(csFontCache::KnownFont*, unsigned, unsigned) (glfontcache.cpp:336 ) by 0x4665B8E: csFontCache::CacheGlyphUnsafe(csFontCache::KnownFont*, unsigned, unsigned) (fontcache.cpp:423) by 0x462161F: csGLFontCache::WriteString(iFont*, int, int, int, int, void const*, bool, unsigned) (glfontcache.cp p:696) by 0x466AAE8: csGraphics2D::Write(iFont*, int, int, int, int, char const*, unsigned) (graph2d.cpp:827) by 0x837FA24: psEffectObjText::DrawTextElement(psEffectTextElement const&) (pseffectobjtext.cpp:305) by 0x83807D1: psEffectObjText::SetText(csArray<psEffectTextElement, csArrayElementHandler<psEffectTextElement>, C S::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (pseffectobjtext.cpp:121) by 0x8380A88: psEffectObjText::SetText(int, ...) (pseffectobjtext.cpp:205) by 0x80CD0EF: psEntityLabels::SetObjectText(GEMClientObject*) (entitylabels.cpp:272) by 0x80CD3EE: psEntityLabels::CreateLabelOfObject(GEMClientObject*) (entitylabels.cpp:300) by 0x80CD526: psEntityLabels::OnObjectArrived(GEMClientObject*) (entitylabels.cpp:332) by 0x808EDEE: GEMClientActor::GEMClientActor(psCelClient*, psPersistActor&) (pscelclient.cpp:1046) Address 0x56EA769 is 0 bytes after a block of size 497 alloc'd at 0x4005835: operator new[](unsigned) (vg_replace_malloc.c:195) by 0x44B739A: CS::Plugin::FreeFont2::csFreeType2Font::GetGlyphBitmap(unsigned, csBitmapMetrics&) (freefnt2.cpp:44 0) by 0x4508BAF: CS::Plugin::FontPlex::csFontPlexer::GetGlyphBitmap(unsigned, csBitmapMetrics&) (fontplex.cpp:461) by 0x46226E2: csGLFontCache::InternalCacheGlyph(csFontCache::KnownFont*, unsigned, unsigned) (glfontcache.cpp:229 ) by 0x4665B8E: csFontCache::CacheGlyphUnsafe(csFontCache::KnownFont*, unsigned, unsigned) (fontcache.cpp:423) by 0x462161F: csGLFontCache::WriteString(iFont*, int, int, int, int, void const*, bool, unsigned) (glfontcache.cp p:696) by 0x466AAE8: csGraphics2D::Write(iFont*, int, int, int, int, char const*, unsigned) (graph2d.cpp:827) by 0x837FA24: psEffectObjText::DrawTextElement(psEffectTextElement const&) (pseffectobjtext.cpp:305) by 0x83807D1: psEffectObjText::SetText(csArray<psEffectTextElement, csArrayElementHandler<psEffectTextElement>, C S::Memory::AllocatorMalloc, csArrayCapacityDefault> const&) (pseffectobjtext.cpp:121) by 0x8380A88: psEffectObjText::SetText(int, ...) (pseffectobjtext.cpp:205) by 0x80CD0EF: psEntityLabels::SetObjectText(GEMClientObject*) (entitylabels.cpp:272) by 0x80CD3EE: psEntityLabels::CreateLabelOfObject(GEMClientObject*) (entitylabels.cpp:300)
This is a bug in crystal space's code in glfontcache.cpp line 447 csGLFontCache::CopyGlyphData(). Crystal space ticket 314.
The for loop reads a line ahead at the end of the loop, and assigns it to dest value on the next iteration. The problem is when it reaches the end of the array, the memory reads ahead to a non allocated area in memory. Here is what people in #crystalspace said.
<res2k> brandon_rioja: after a row of pixels is processed it reads the first byte of the next row, even for the last one. <brandon_rioja> does that make an invalid read at the end? <res2k> yes <brandon_rioja> and can causing a crash if it reads out side it's allocated buffer? <res2k> why shouldn't it? <thebolt> in very rare circumstances, yes <res2k> I mean, a read beyond bounds is a read beyond bounds :P <brandon_rioja> i am trying to chase down why one person is seeing a crash in planeshift.. is it ok to add 1 byte to new[] in freefnt2.cpp? <res2k> arguably the read beyond bounds shouldn'th appen <thebolt> shouldn't be too hard to avoid it for the last row? <res2k> besides, freefnt2 is not the only font server
in cal3d
==6802== Mismatched free() / delete / delete [] ==6802== at 0x4004D31: operator delete(void*) (vg_replace_malloc.c:244) ==6802== by 0x7BBF1A4: CalCoreMaterial::~CalCoreMaterial() (corematerial.h:40) ==6802== by 0x7BB8635: cal3d::RefCounted::decRef() (refcounted.h:69) ==6802== by 0x7BB8658: cal3d::explicitDecRef(cal3d::RefCounted*) (refcounted.h:99) ==6802== by 0x7BB86F7: cal3d::RefPtr<CalCoreMaterial>::~RefPtr() (refptr.h:32) ==6802== by 0x7BC88E0: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial> >(cal3d::RefPtr<CalCoreMaterial>*) (stl_construct .h:107) ==6802== by 0x7BC89B0: void std::__destroy_aux<cal3d::RefPtr<CalCoreMaterial>*>(cal3d::RefPtr<CalCoreMaterial>*, cal3d::Re fPtr<CalCoreMaterial>*, __false_type) (stl_construct.h:122) ==6802== by 0x7BC89EF: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial>*>(cal3d::RefPtr<CalCoreMaterial>*, cal3d::RefPtr< CalCoreMaterial>*) (stl_construct.h:155) ==6802== by 0x7BC8A19: void std::_Destroy<cal3d::RefPtr<CalCoreMaterial>*, cal3d::RefPtr<CalCoreMaterial> >(cal3d::RefPtr< CalCoreMaterial>*, cal3d::RefPtr<CalCoreMaterial>*, std::allocator<cal3d::RefPtr<CalCoreMaterial> >) (stl_construct.h:182) ==6802== by 0x7BCBE8E: std::vector<cal3d::RefPtr<CalCoreMaterial>, std::allocator<cal3d::RefPtr<CalCoreMaterial> > >::~vec tor() (stl_vector.h:272) ==6802== by 0x7BC20BA: CalCoreModel::~CalCoreModel() (coremodel.cpp:58) ==6802== by 0x7AC8696: CS::Plugin::SprCal3d::csSpriteCal3DMeshObjectFactory::~csSpriteCal3DMeshObjectFactory() (sprcal3d.c pp:192) ==6802== Address 0x40A6630 is 0 bytes inside a block of size 48 alloc'd ==6802== at 0x4005400: malloc (vg_replace_malloc.c:149) ==6802== by 0x7AE69C0: operator new(unsigned, CS::AllocPlatform const&) (platform_new.cpp:45) ==6802== by 0x7AC62E2: CS::Plugin::SprCal3d::csSpriteCal3DMeshObjectFactory::AddCoreMaterial(iMaterialWrapper*) (sprcal3d. cpp:568) ==6802== by 0x7A8D6F3: CS::Plugins::SprCal3dLoader::csSpriteCal3DFactoryLoader::LoadMaterialTag(iSpriteCal3DFactoryState*, iDocumentNode*, iLoaderContext*, char const*, char const*) (sprcal3dldr.cpp:485) ==6802== by 0x7A8F89C: CS::Plugins::SprCal3dLoader::csSpriteCal3DFactoryLoader::Parse(iDocumentNode*, iStreamSource*, iLoa derContext*, iBase*) (sprcal3dldr.cpp:332) ==6802== by 0x4A432DF: csLoader::LoadMeshObjectFactory(iLoaderContext*, iMeshFactoryWrapper*, iMeshFactoryWrapper*, iDocum entNode*, csReversibleTransform*, iStreamSource*) (csloader.cpp:2121) ==6802== by 0x4A4C3DB: csLoader::Load(iDocumentNode*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const*, iMissing LoaderData*) (csloader.cpp:776) ==6802== by 0x4A3B88C: csLoader::Load(iDataBuffer*, char const*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const *, iMissingLoaderData*) (csloader.cpp:682) ==6802== by 0x4A3BD75: csLoader::Load(char const*, iBase*&, iRegion*, bool, bool, iStreamSource*, char const*, iMissingLoa derData*) (csloader.cpp:742) ==6802== by 0x804E66A: ClientCacheManager::LoadNewFactory(char const*) (clientcachemanager.cpp:91) ==6802== by 0x8068E44: psEngine::PreloadModels() (psengine.cpp:1360) ==6802== by 0x805DE26: psEngine::HandleEvent(iEvent&) (psengine.cpp:712) ==6802==
In sprcal3d.cpp line 568. Memory allocated with a custom "new" can't be deallocated with a delete. The fix is to delete the custom part of new. This is crystal space issue 315.