New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
uninits in calc on xp32 #1149
Comments
From bruen...@google.com on February 22, 2013 16:16:42 I'm attaching 1.5.1 on startup/shutdown Attachment: results.txt |
From bruen...@google.com on February 24, 2013 22:13:06 calc on win7x86 has 15 uninits: should look at that as well |
From SDenbo...@gmail.com on April 12, 2013 15:11:54 Owner: SDenbo...@gmail.com |
From zhao...@google.com on August 26, 2013 15:10:49 Investigating on 0 UxTheme.dll!GetThemeBackgroundContentRect +0x95 (0x5ad73f1f <UxTheme.dll+0x3f1f>)1 UxTheme.dll!DrawThemeText +0xce2 (0x5ad73cdb <UxTheme.dll+0x3cdb>)2 UxTheme.dll!DrawThemeText +0xd21 (0x5ad73d1a <UxTheme.dll+0x3d1a>)3 UxTheme.dll!GetThemeBackgroundContentRect +0x80 (0x5ad73f0b <UxTheme.dll+0x3f0b>)4 COMCTL32.dll!Ordinal384 +0xc60f (0x773f84cb <COMCTL32.dll+0x284cb>)5 COMCTL32.dll!Ordinal384 +0xc8f5 (0x773f87b1 <COMCTL32.dll+0x287b1>)6 COMCTL32.dll!Ordinal384 +0xcf3f (0x773f8dfb <COMCTL32.dll+0x28dfb>)7 COMCTL32.dll!Ordinal384 +0xd274 (0x773f9130 <COMCTL32.dll+0x29130>)8 USER32.dll!GetDC +0x6c (0x7e418734 <USER32.dll+0x8734>)9 USER32.dll!GetDC +0x14e (0x7e418816 <USER32.dll+0x8816>)#10 USER32.dll!DefWindowProcW +0x17f (0x7e428ea0 <USER32.dll+0x18ea0>) 0x5ad73f1f: cmp [eax],edx The caller function: There is no initialization on the caller. It seems there is no init code for that memory in callee either. ebp = 0x7f95c It seems more likely to be a real uninit read error. |
From bruen...@google.com on August 26, 2013 17:25:44 xref real uninit bugs in calc.exe already discovered: issue #495 , issue #496 |
From zhao...@google.com on August 27, 2013 11:31:47 split c#4 to issue #1316 |
From zhao...@google.com on August 27, 2013 12:52:26 Another uninit error: Error 0 MSCTF.dll!TF_CreateCicLoadMutex +0x6056 (0x7473d041 <MSCTF.dll+0x1d041>)1 MSCTF.dll!TF_CheckThreadInputIdle +0x34f6 (0x74742e6c <MSCTF.dll+0x22e6c>)2 MSCTF.dll!TF_CheckThreadInputIdle +0x443 (0x7473fdb9 <MSCTF.dll+0x1fdb9>)3 MSCTF.dll!TF_CheckThreadInputIdle +0xa09 (0x7474037f <MSCTF.dll+0x2037f>)4 USER32.dll!GetDC +0x6c (0x7e418734 <USER32.dll+0x8734>)5 USER32.dll!GetDC +0x14e (0x7e418816 <USER32.dll+0x8816>)6 USER32.dll!GetWindowLongW +0x126 (0x7e4189cd <USER32.dll+0x89cd>)7 USER32.dll!DispatchMessageW +0xe (0x7e418a10 <USER32.dll+0x8a10>)8 calc.exe!? +0x0 (0x010021a7 <calc.exe+0x21a7>)9 calc.exe!? +0x0 (0x010125e9 <calc.exe+0x125e9>)#10 KERNEL32.dll!RegisterWaitForInputIdle +0x48 (0x7c817077 <KERNEL32.dll+0x17077>) 0:000> dt sz 0:000> dt container_end 0:000> dt mc 0:000> dd 0x00b7cf38 0:000> dd 0xb75344 From the value, it looks like the the memory are initialized. 7473d036 8b7d10 mov edi,[ebp+0x10] The edi comes from the caller's 3rd parameter, 74742e0d e8ecf7fdff call MSCTF!DllCanUnloadNow+0x7ae (747225fe) |
From zhao...@google.com on August 27, 2013 14:55:18 It seems the data is initialized by the code after 74742e0d e8ecf7fdff call MSCTF!DllCanUnloadNow+0x7ae (747225fe) <== allocate buffer so the data came from buffer pointed by esi, which is [edx+edi+0x8], where the edi came from caller ([ebp+0xc]), Look around, did not see system calls, not sure what really cause the problem, rep movsd handling? |
From zhao...@google.com on August 28, 2013 10:55:24 with more symbols: Error 0 MSCTF.dll!CLangBarItemMgr::GetItemsStatus1 MSCTF.dll!CStubITfLangBarItemMgr::stub_GetItemsStatus2 MSCTF.dll!HandleSendReceiveMsg3 MSCTF.dll!CicMarshalWndProc4 USER32.dll!InternalCallWinProc5 USER32.dll!UserCallWinProcCheckWow6 USER32.dll!DispatchMessageWorker7 USER32.dll!DispatchMessageW8 WinMain |
From bruen...@google.com on February 22, 2013 19:14:36
xp32, surprisingly, has more uninits than xp64 or win7:
start up and shut down:
1.5.0:
ERRORS FOUND:
0 unique, 0 total unaddressable access(es)
6 unique, 29 total uninitialized access(es)
0 unique, 0 total invalid heap argument(s)
4 unique, 61 total GDI usage error(s)
0 unique, 0 total warning(s)
31 unique, 31 total, 2668 byte(s) of leak(s)
0 unique, 0 total, 0 byte(s) of possible leak(s)
1.5.1:
ERRORS FOUND:
0 unique, 0 total unaddressable access(es)
6 unique, 46 total uninitialized access(es)
0 unique, 0 total invalid heap argument(s)
5 unique, 71 total GDI usage error(s)
0 unique, 0 total warning(s)
31 unique, 31 total, 2668 byte(s) of leak(s)
0 unique, 0 total, 0 byte(s) of possible leak(s)
but Qin hit a bunch of button and got xp32 calc up to:
0 unique, 0 total unaddressable access(es)
174 unique, 434 total uninitialized access(es)
this is another issue filed for "try to get to zero false positive uninits"
Original issue: http://code.google.com/p/drmemory/issues/detail?id=1149
The text was updated successfully, but these errors were encountered: