[PATCH] Fix write to uninitialized bytes for XCB event

Scott Kostyshak skostysh at lyx.org
Wed Feb 19 02:49:08 UTC 2020


I was trying to look into #11715 and came across the following Valgrind error:

  ==12698== Syscall param writev(vector[...]) points to uninitialised byte(s)
  ==12698==    at 0x61F578D: __writev (writev.c:26)
  ==12698==    by 0x61F578D: writev (writev.c:24)
  ==12698==    by 0x4A83BFC: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A83FD0: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A84246: ??? (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A84ACB: xcb_flush (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x17C8F06: lyx::frontend::GuiApplication::nativeEventFilter(QByteArray const&, void*, long*) (GuiApplication.cpp:3366)
  ==12698==    by 0x5AA4EEE: QAbstractEventDispatcher::filterNativeEvent(QByteArray const&, void*, long*) (qabstracteventdispatcher.cpp:484)
  ==12698==    by 0x9C37854: QXcbConnection::handleXcbEvent(xcb_generic_event_t*) (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x9C38829: QXcbConnection::processXcbEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x9C63286: ??? (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x633684C: g_main_context_dispatch (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6200.1)
  ==12698==    by 0x6336ACF: ??? (in /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.6200.1)
  ==12698==  Address 0x8b13a91 is 4,529 bytes inside a block of size 21,152 alloc'd
  ==12698==    at 0x483CD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==12698==    by 0x4A83590: xcb_connect_to_fd (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x4A876E1: xcb_connect_to_display_with_auth_info (in /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0)
  ==12698==    by 0x880BB79: _XConnectXCB (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
  ==12698==    by 0x87FC318: XOpenDisplay (in /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0)
  ==12698==    by 0x9C64B5F: QXcbBasicConnection::QXcbBasicConnection(char const*) (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x9C363C1: QXcbConnection::QXcbConnection(QXcbNativeInterface*, bool, unsigned int, char const*) (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x9C3B0F9: QXcbIntegration::QXcbIntegration(QStringList const&, int&, char**) (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.12.4)
  ==12698==    by 0x9BC2512: ??? (in /usr/lib/x86_64-linux-gnu/qt5/plugins/platforms/libqxcb.so)
  ==12698==    by 0x534C532: QPlatformIntegrationFactory::create(QString const&, QStringList const&, int&, char**, QString const&) (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.4)
  ==12698==    by 0x535A300: QGuiApplicationPrivate::createPlatformIntegration() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.4)
  ==12698==    by 0x535BD47: QGuiApplicationPrivate::createEventDispatcher() (in /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.12.4)

This Valgrind error can be triggered by just starting a new document, typing
"abc", doing "shift + <Left>" to select "c", and then quitting LyX.

Attached is a patch. I really don't know what I'm doing. The use of
calloc scares me. I just used the xcb_send_event man page and
experimented until compilation and valgrind did not complain.

Could anyone take a close look at this? If there is a better fix, please
go ahead.

related links:
https://www.x.org/releases/current/doc/man/man3/xcb_send_event.3.xhtml
https://bugreports.qt.io/browse/QTBUG-56518
https://git.sailfishos.org/mer-core/qtbase/commit/b4fc5b71e907163e075ff39cab5297c9b9bafd0d
https://gitlab.freedesktop.org/xorg/lib/libxcb/issues/18

Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-write-to-uninitialized-bytes-for-XCB-event.patch
Type: text/x-diff
Size: 2780 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20200218/6799c0bd/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.lyx.org/pipermail/lyx-devel/attachments/20200218/6799c0bd/attachment.asc>


More information about the lyx-devel mailing list