Uninitialized read in build_input_gamma_table. |
||
Issue description
MSan has detected an uninitialized read in QCMS that is hit by the SimpleColorSpace.BT709toSRGBICC unit test:
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from SimpleColorSpace
[ RUN ] SimpleColorSpace.BT709toSRGBICC
==40047==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x20a8f6c in build_input_gamma_table ./out/MSan/../../third_party/qcms/src/transform_util.c:276:7
#1 0x208ccc4 in qcms_modular_transform_create_input ./out/MSan/../../third_party/qcms/src/chain.c:736:35
#2 0x20915d6 in qcms_modular_transform_create ./out/MSan/../../third_party/qcms/src/chain.c:923:10
#3 0x209108a in qcms_chain_transform ./out/MSan/../../third_party/qcms/src/chain.c:991:50
#4 0x7076ac in TestBody ./out/MSan/../../ui/gfx/color_transform_unittest.cc:349:6
#5 0x1bc00e6 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
#6 0x1bc00e6 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2474:0
#7 0x1bc3047 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2656:11
#8 0x1bc485b in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2774:28
#9 0x1be1ec1 in RunAllTests ./out/MSan/../../testing/gtest/src/gtest.cc:4647:43
#10 0x1be0eba in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
#11 0x1be0eba in Run ./out/MSan/../../testing/gtest/src/gtest.cc:4255:0
#12 0xfc4ef0 in RUN_ALL_TESTS ./out/MSan/../../testing/gtest/include/gtest/gtest.h:2237:46
#13 0xfc4ef0 in Run ./out/MSan/../../base/test/test_suite.cc:245:0
#14 0xfc98ab in Run ./out/MSan/../../base/callback.h:389:12
#15 0xfc98ab in LaunchUnitTestsInternal ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:206:0
#16 0xfc9107 in LaunchUnitTests ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:445:10
#17 0x5edf86 in main ./out/MSan/../../ui/gfx/test/run_all_unittests.cc:105:10
#18 0x7ff037dc6f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0
#19 0x48ec04 in _start ??:?
Uninitialized value was created by a heap allocation
#0 0x4b4202 in __interceptor_malloc ??:?
#1 0x209612e in curve_from_gamma ./out/MSan/../../third_party/qcms/src/iccread.c:1162:10
#2 0x209612e in qcms_profile_create_rgb_with_gamma ./out/MSan/../../third_party/qcms/src/iccread.c:1190:0
#3 0xd5e9db in GetXYZD50Profile ./out/MSan/../../ui/gfx/color_transform.cc:624:10
#4 0xd5e9db in NewColorTransform ./out/MSan/../../ui/gfx/color_transform.cc:650:0
#5 0x707609 in TestBody ./out/MSan/../../ui/gfx/color_transform_unittest.cc:345:37
#6 0x1bc00e6 in HandleExceptionsInMethodIfSupported<testing::Test, void> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
#7 0x1bc00e6 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2474:0
#8 0x1bc3047 in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2656:11
#9 0x1bc485b in Run ./out/MSan/../../testing/gtest/src/gtest.cc:2774:28
#10 0x1be1ec1 in RunAllTests ./out/MSan/../../testing/gtest/src/gtest.cc:4647:43
#11 0x1be0eba in HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool> ./out/MSan/../../testing/gtest/src/gtest.cc:2458:12
#12 0x1be0eba in Run ./out/MSan/../../testing/gtest/src/gtest.cc:4255:0
#13 0xfc4ef0 in RUN_ALL_TESTS ./out/MSan/../../testing/gtest/include/gtest/gtest.h:2237:46
#14 0xfc4ef0 in Run ./out/MSan/../../base/test/test_suite.cc:245:0
#15 0xfc98ab in Run ./out/MSan/../../base/callback.h:389:12
#16 0xfc98ab in LaunchUnitTestsInternal ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:206:0
#17 0xfc9107 in LaunchUnitTests ./out/MSan/../../base/test/launcher/unit_test_launcher.cc:445:10
#18 0x5edf86 in main ./out/MSan/../../ui/gfx/test/run_all_unittests.cc:105:10
#19 0x7ff037dc6f44 in __libc_start_main /build/eglibc-oGUzwX/eglibc-2.19/csu/libc-start.c:287:0
SUMMARY: MemorySanitizer: use-of-uninitialized-value (/src/chromium/src/out/MSan/gfx_unittests+0x20a8f6c)
Exiting
[1/1] SimpleColorSpace.BT709toSRGBICC (CRASHED)
1 test crashed:
SimpleColorSpace.BT709toSRGBICC (../../ui/gfx/color_transform_unittest.cc:339)
Tests took 0 seconds.
,
Aug 11 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5e93810213e611ef12732b62806fce4cc4ecbb15 commit 5e93810213e611ef12732b62806fce4cc4ecbb15 Author: hubbe <hubbe@chromium.org> Date: Thu Aug 11 07:30:23 2016 Fix unitialized data field in QCMS Add fuzzer to find any other uninitialized data. BUG= 635042 , 635103 Review-Url: https://codereview.chromium.org/2224023002 Cr-Commit-Position: refs/heads/master@{#411282} [modify] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/third_party/qcms/README.chromium [modify] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/third_party/qcms/src/iccread.c [modify] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/ui/gfx/BUILD.gn [add] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/ui/gfx/color_transform_fuzzer.cc [modify] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/ui/gfx/color_transform_unittest.cc [modify] https://crrev.com/5e93810213e611ef12732b62806fce4cc4ecbb15/ui/gfx/icc_profile.h
,
Aug 11 2016
|
||
►
Sign in to add a comment |
||
Comment 1 by bugdroid1@chromium.org
, Aug 5 2016