Page MenuHomeWildfire Games
Paste P170

Conditional jump or move depends on uninitialised value IGUIObject::SendEvent IXmppClient::create JS_CallFunctionValue
ActivePublic
Actions

Authored by elexis on Sep 9 2019, 7:08 PM.
Tags
None
Referenced Files
F1070081: raw.txt
Sep 9 2019, 7:08 PM
Subscribers
Stan
==336190== Conditional jump or move depends on uninitialised value(s)
==336190== at 0x511AF5D: GetValueType (TypeInference-inl.h:168)
==336190== by 0x511AF5D: js::TypeMonitorResult(JSContext*, JSScript*, unsigned char*, JS::Value const&) (TypeInference.cpp:3251)
==336190== by 0x4C9FFB3: Monitor (TypeInference-inl.h:556)
==336190== by 0x4C9FFB3: js::jit::DoCallFallback(JSContext*, js::jit::BaselineFrame*, js::jit::ICCall_Fallback*, unsigned int, JS::Value*, JS::MutableHandle<JS::Value>) (BaselineIC.cpp:6166)
==336190== by 0x484F0D9: ???
==336190== by 0xE3CD19F: ???
==336190== by 0x4847809: ???
==336190== by 0x4C73A5A: EnterBaseline(JSContext*, js::jit::EnterJitData&) (BaselineJIT.cpp:145)
==336190== by 0x4C76F92: js::jit::EnterBaselineAtBranch(JSContext*, js::InterpreterFrame*, unsigned char*) (BaselineJIT.cpp:256)
==336190== by 0x509547F: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:1787)
==336190== by 0x5095656: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:391)
==336190== by 0x509591C: js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (Interpreter.cpp:462)
==336190== by 0x50962FB: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) (Interpreter.cpp:496)
==336190== by 0x4EF44B8: JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (jsapi.cpp:2790)
==336190== Uninitialised value was created by a heap allocation
==336190== at 0x4838DEF: operator new(unsigned long) (vg_replace_malloc.c:334)
==336190== by 0x6FA6FB: IXmppClient::create(ScriptInterface const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, bool) (XmppClient.cpp:66)
==336190== by 0x6F66DD: JSI_Lobby::StartXmppClient(ScriptInterface::CxPrivate*, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> > const&, int) (JSInterface_Lobby.cpp:96)
==336190== by 0x6F83D3: call<void(ScriptInterface::CxPrivate*, const std::__cxx11::basic_string<wchar_t>&, const std::__cxx11::basic_string<wchar_t>&, const std::__cxx11::basic_string<wchar_t>&, const std::__cxx11::basic_string<wchar_t>&, int), std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, int> (NativeWrapperDefns.h:85)
==336190== by 0x6F83D3: bool ScriptInterface::call<void, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, std::__cxx11::basic_string<wchar_t, std::char_traits<wchar_t>, std::allocator<wchar_t> >, int, &JSI_Lobby::StartXmppClient>(JSContext*, unsigned int, JS::Value*) (NativeWrapperDefns.h:124)
==336190== by 0x50959E7: CallJSNative (jscntxtinlines.h:235)
==336190== by 0x50959E7: js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (Interpreter.cpp:444)
==336190== by 0x508B4DB: Interpret(JSContext*, js::RunState&) (Interpreter.cpp:2766)
==336190== by 0x5095656: js::RunScript(JSContext*, js::RunState&) (Interpreter.cpp:391)
==336190== by 0x509591C: js::Invoke(JSContext*, JS::CallArgs const&, js::MaybeConstruct) (Interpreter.cpp:462)
==336190== by 0x50962FB: js::Invoke(JSContext*, JS::Value const&, JS::Value const&, unsigned int, JS::Value const*, JS::MutableHandle<JS::Value>) (Interpreter.cpp:496)
==336190== by 0x4EF44B8: JS_CallFunctionValue(JSContext*, JS::Handle<JSObject*>, JS::Handle<JS::Value>, JS::HandleValueArray const&, JS::MutableHandle<JS::Value>) (jsapi.cpp:2790)
==336190== by 0x6544DF: IGUIObject::ScriptEvent(CStr8 const&) (IGUIObject.cpp:421)
==336190== by 0x652CB7: IGUIObject::SendEvent(EGUIMessageType, CStr8 const&) (IGUIObject.cpp:391)

Event Timeline

elexis created this paste.Sep 9 2019, 7:08 PM
elexis changed the visibility from "All Users" to "Public (No Login Required)".Sep 9 2019, 7:29 PM
Stan added a subscriber: Stan.Sep 9 2019, 7:59 PM

https://github.com/0ad/0ad/blob/master/source/lobby/XmppClient.cpp

Offending code ?

IXmppClient* IXmppClient::create(const ScriptInterface* scriptInterface, const std::string& sUsername, const std::string& sPassword, const std::string& sRoom, const std::string& sNick, const int historyRequestSize,bool regOpt)
{
	return new XmppClient(scriptInterface, sUsername, sPassword, sRoom, sNick, historyRequestSize, regOpt);
}
elexis added a comment.Sep 9 2019, 8:03 PM

Affected JS_CallFunctionValue in IGUIObject::ScriptEvent:

	JS::AutoValueVector paramData(cx);
	paramData.append(mouse);
	JS::RootedObject obj(cx, GetJSObject());
	JS::RootedValue handlerVal(cx, JS::ObjectValue(*it->second));
	JS::RootedValue result(cx, JS::UndefinedValue());
	if (!JS_CallFunctionValue(cx, obj, handlerVal, paramData, &result))
	{
		// We have no way to propagate the script exception, so just ignore it
		// and hope the caller checks JS_IsExceptionPending
	}
elexis added a comment.Sep 9 2019, 8:35 PM

After commenting out the create XmppClient call, the conditional jump warning is gone.

So it seems IGUIObject itself is innocent.

elexis added a comment.Sep 9 2019, 9:31 PM

It seems this is my fault for not initializing XmppClient primitive members m_certStatus and m_PresenceUpdate in rP21901 and rP22855...
Good news is that valgrind reveals stupidity systematically.
The conditional jump warning is gone after initializing all members of XmppClient properly.

elexis mentioned this in D2278: Fix uninitialized XmppClient members.Sep 9 2019, 9:40 PM
elexis added a comment.Sep 9 2019, 10:20 PM

Nope, that still doesn't fix the conditional jump.

Same as in D2223, that error message occurs only with clang but not gcc.

The valgrind track-origin option was already enabled, so I don't know what it wants.

elexis mentioned this in rP22879: Fix missing XmppClient m_certStatus and m_PresenceUpdate member initialization….Sep 9 2019, 10:50 PM
Wildfire Games · Phabricator