New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UNINITs in USP10.dll that likely all need per-bit granularity #493
Comments
From timurrrr@google.com on July 22, 2011 02:15:23 On MessageBox test ( issue #60 ) on XP 32-bit we've also observed: [with symbols] [w/o symbols] |
From bruen...@google.com on September 20, 2011 18:30:52 w/ no syms, somehow no symbol at all for top frame. USP10.dll!* and an instruction= line Dr. Memory version 1.4.3 build 3 built on Sep 20 2011 21:16:26 Error 0 USP10.dll!?1 USP10.dll!ScriptIsComplex2 LPK.dll!LpkGetTextExtentExPoint3 GDI32.dll!CreateICW4 GDI32.dll!GetTextExtentPointW5 GDI32.dll!GdiGetCharDimensions6 USER32.dll!CreateDialogIndirectParamAorW7 USER32.dll!CreateDialogIndirectParamAorW8 USER32.dll!CreateDialogParamW9 ?#10 ? Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkDrawTextEx7 LPK.dll!LpkDrawTextEx8 USER32.dll!CallWindowProcA9 USER32.dll!CallWindowProcA#10 USER32.dll!DrawTextExW Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkDrawTextEx7 LPK.dll!LpkDrawTextEx8 USER32.dll!CallWindowProcA9 USER32.dll!GetWindowInfo#10 USER32.dll!GetWindowInfo Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkDrawTextEx7 LPK.dll!LpkDrawTextEx8 USER32.dll!CallWindowProcA9 USER32.dll!CallWindowProcA#10 USER32.dll!GetWindowInfo Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkDrawTextEx7 LPK.dll!LpkDrawTextEx8 USER32.dll!CalcMenuBar9 USER32.dll!CalcMenuBar#10 USER32.dll!DrawTextExW Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!ImageList_Duplicate#10 COMCTL32.dll!ImageList_Duplicate Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!FreeMRUList#10 COMCTL32.dll!ImageList_Duplicate Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!FreeMRUList#10 COMCTL32.dll!FreeMRUList Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!FreeMRUList#10 COMCTL32.dll!Ordinal235 Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!ImageList_Duplicate#10 COMCTL32.dll!ImageList_Duplicate Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkInitialize7 LPK.dll!LpkGetTextExtentExPoint8 COMCTL32.dll!FreeMRUList9 COMCTL32.dll!FreeMRUList#10 COMCTL32.dll!ImageList_Duplicate Error 0 USP10.dll!?1 USP10.dll!ScriptItemize2 USP10.dll!ScriptItemize3 USP10.dll!ScriptItemize4 USP10.dll!ScriptStringAnalyse5 LPK.dll!LpkExtTextOut6 LPK.dll!LpkDrawTextEx7 LPK.dll!LpkDrawTextEx8 USER32.dll!CallWindowProcA9 USER32.dll!DestroyCursor#10 USER32.dll!DrawTextExW |
From bruen...@google.com on September 22, 2011 09:04:45 meant to label prev comment as "calc on vista" also seeing more of the cmp unfortunately: somehow my laptop is now showing instances w/o OP_test when running calc. w/ syms: plus 2 similar callstacks w/o syms: |
From bruen...@google.com on September 22, 2011 10:44:23 here's confirmation that this OP_cmp is a false positive requiring per-bit 0:003> U 751613e9-c9 751613e9+3 USP10!CUspShapingDrawingSurface::DrawGlyphs+0x155: USP10!GenericEngineDrawGlyphs: USP10!ShapingDrawGlyphs: USP10!ShlTextOut: 75163616 33c0 xor eax,eax 0:000> dd esp+4c |
From bruen...@google.com on December 07, 2011 11:20:32 Labels: FalsePos-BitLevel |
From bruen...@google.com on July 14, 2011 22:08:40
xref issue #492 I see 5 other callstacks and while I have not analyzed them to prove it I suspect that they all (with perhaps the exception of USP10.dll!CUspShapingDrawingSurface::GenericGlyphOut? needs analysis), like issue #492 , are false positives coming from unusual bit manipulations.
*** TODO UNINIT in USP10.dll!CStackAllocator::Free
in calc:
Error
#2
: UNINITIALIZED READ: reading register cl@0:03:21.153 in thread 2940
0x770b7448 <USP10.dll+0x17448> USP10.dll!CStackAllocator::Free
0x770d0891 <USP10.dll+0x30891> USP10.dll!CUspShapingCacheWriter::SubmitCacheSlot
0x770d5244 <USP10.dll+0x35244> USP10.dll!ShapingCreateFontCacheData
0x770ada3b <USP10.dll+0xda3b> USP10.dll!ShlLoadFont
0x770adf74 <USP10.dll+0xdf74> USP10.dll!LoadFont
0x770a9b07 <USP10.dll+0x9b07> USP10.dll!FindOrCreateFaceCache
0x75256bc8 f6 c1 01 test %cl $0x01
hit on gui-inject also though w/ a different callstack:
Error
#1
: UNINITIALIZED READ: reading register cl@0:00:01.867 in thread 1984
0x75256bc8 <USP10.dll+0x16bc8> USP10.dll!CStackAllocator::Free
0x75285e0d <USP10.dll+0x45e0d> USP10.dll!GenericEngineGetBreakingProperties
0x752752b9 <USP10.dll+0x352b9> USP10.dll!ShapingGetBreakingProperties
0x75272630 <USP10.dll+0x32630> USP10.dll!ShlBreak
0x75256bc8 f6 c1 01 test %cl $0x01
0:000> dt shadow_registers_t 7efdd000+ec4
+0x000 eax : 0 ''
+0x001 ecx : 0xff ''
+0x002 edx : 0 ''
+0x003 ebx : 0 ''
+0x004 esp : 0 ''
+0x005 ebp : 0 ''
+0x006 esi : 0 ''
+0x007 edi : 0 ''
+0x008 eflags : 0 ''
USP10!CStackAllocator::Free+0x13:
75256bc3 8d41f4 lea eax,[ecx-0xc]
75256bc6 8b08 mov ecx,[eax]
75256bc8 f6c101 test cl,0x1
eax = 0x22a4804
0:000> dyb @@(((char *)shadow_table[0x022a]) + (0x022a4804/4)) L8
76543210 76543210 76543210 76543210
-------- -------- -------- --------
2721d4a9 11111111 00000000 00000000 00000011 ff 00 00 03
2721d4ad 00000011 00000011 00000011 00000011 03 03 03 03
no syms:
0x75256bc8 <USP10.dll+0x16bc8> USP10.dll!UspFreeMem
0x75285e0d <USP10.dll+0x45e0d> USP10.dll!ScriptPositionSingleGlyph
0x752752b9 <USP10.dll+0x352b9> USP10.dll!ScriptPositionSingleGlyph
*** TODO UNINIT in USP10.dll!GenericEngineGetBreakingProperties
Error
#1
: UNINITIALIZED READ: reading register bl@0:00:01.867 in thread 2200
0x75285d60 <USP10.dll+0x45d60> USP10.dll!GenericEngineGetBreakingProperties
0x752752b9 <USP10.dll+0x352b9> USP10.dll!ShapingGetBreakingProperties
0x75272630 <USP10.dll+0x32630> USP10.dll!ShlBreak
0x75246937 <USP10.dll+0x6937> USP10.dll!ScriptBreak
0x752542c4 <USP10.dll+0x142c4> USP10.dll!ScriptStringAnalyzeBreaks
0x76265465 <LPK.dll+0x5465> LPK.dll!LpkStringAnalyse
0x76264dba <LPK.dll+0x4dba> LPK.dll!LpkGetNextWord
0x76261425 <LPK.dll+0x1425> LPK.dll!LpkDrawTextEx
0x76d142c8 <USER32.dll+0x242c8> USER32.dll!GetNextWordbreak
0x76d12423 <USER32.dll+0x22423> USER32.dll!DT_GetLineBreak
0x76d1237a <USER32.dll+0x2237a> USER32.dll!DrawTextExWorker
0x76d114bc <USER32.dll+0x214bc> USER32.dll!DrawTextExW
75285ccd 57 push edi
75285cce 8b7df4 mov edi,[ebp-0xc]
75285cd1 57 push edi
75285cd2 56 push esi
75285cd3 53 push ebx
75285cd4 e807210000 call USP10!GetCharClassification (75287de0)
75285cd9 8bf0 mov esi,eax
75285cdb 85f6 test esi,esi
75285cdd 741a jz USP10!GenericEngineGetBreakingProperties+0x89 (75285cf9)
75285cf9 33f6 xor esi,esi
75285cfb 397510 cmp [ebp+0x10],esi
75285cfe 0f8efa000000 jle USP10!GenericEngineGetBreakingProperties+0x18e (75285dfe)
75285d04 8b4df4 mov ecx,[ebp-0xc]
75285d07 8b04b1 mov eax,[ecx+esi*4]
75285d0a 8bd8 mov ebx,eax
75285d0c 33ff xor edi,edi
75285d0e c1eb04 shr ebx,0x4
75285d11 85f6 test esi,esi
75285d13 7e49 jle USP10!GenericEngineGetBreakingProperties+0xee (75285d5e)
75285d5e 33c0 xor eax,eax
75285d60 f6c310 test bl,0x10
75285d63 7420 jz USP10!GenericEngineGetBreakingProperties+0x115 (75285d85)
ecx = 0x2484810
0:000> dyb @@(((char *)shadow_table[0x0248]) + (0x02484810/4)) L8
76543210 76543210 76543210 76543210
-------- -------- -------- --------
1d1ed4ac 00000011 00000011 00000011 00000011 03 03 03 03
1d1ed4b0 00000011 11111111 11111111 11111111 03 ff ff ff
the shr by 4 isn't enough to push the whole bottom uninit byte: but I
wonder if this is another one that needs per-bit.
will take some analysis: not doing it now.
no symbols:
Error
#1
: UNINITIALIZED READ: reading register bl0x75285d60 <USP10.dll+0x45d60> USP10.dll!ScriptPositionSingleGlyph
0x752752b9 <USP10.dll+0x352b9> USP10.dll!ScriptPositionSingleGlyph
0x75272630 <USP10.dll+0x32630> USP10.dll!ScriptPositionSingleGlyph
*** TODO more UNINITs in USP10.dll
Error
#2
: UNINITIALIZED READ: reading register al@0:00:04.073 in thread 4180
0x752860ea <USP10.dll+0x460ea> USP10.dll!GenericEngineGetGlyphs
0x7527512a <USP10.dll+0x3512a> USP10.dll!ShapingGetGlyphs
0x7527221f <USP10.dll+0x3221f> USP10.dll!ShlShape
0x75245c6f <USP10.dll+0x5c6f> USP10.dll!ScriptShape
0x752518af <USP10.dll+0x118af> USP10.dll!RenderItemNoFallback
0x75252ab4 <USP10.dll+0x12ab4> USP10.dll!RenderItemWithFallback
0x75252d42 <USP10.dll+0x12d42> USP10.dll!RenderItem
0x752540f9 <USP10.dll+0x140f9> USP10.dll!ScriptStringAnalyzeGlyphs
0x75247a14 <USP10.dll+0x7a14> USP10.dll!ScriptStringAnalyse
0x76265465 <LPK.dll+0x5465> LPK.dll!LpkStringAnalyse
0x76265172 <LPK.dll+0x5172> LPK.dll!LpkCharsetDraw
0x76261410 <LPK.dll+0x1410> LPK.dll!LpkDrawTextEx
0x752860ea a8 01 test %al $0x01
Error
#4
: UNINITIALIZED READ: reading register al@0:01:59.496 in thread 4180
0x75275675 <USP10.dll+0x35675> USP10.dll!ShapingGetGlyphPositions
0x7527286a <USP10.dll+0x3286a> USP10.dll!ShlPlace
0x75245e45 <USP10.dll+0x5e45> USP10.dll!ScriptPlace
0x7525181d <USP10.dll+0x1181d> USP10.dll!RenderItemNoFallback
0x75252ab4 <USP10.dll+0x12ab4> USP10.dll!RenderItemWithFallback
0x75252d42 <USP10.dll+0x12d42> USP10.dll!RenderItem
0x752540f9 <USP10.dll+0x140f9> USP10.dll!ScriptStringAnalyzeGlyphs
0x75247a14 <USP10.dll+0x7a14> USP10.dll!ScriptStringAnalyse
0x76265465 <LPK.dll+0x5465> LPK.dll!LpkStringAnalyse
0x76265172 <LPK.dll+0x5172> LPK.dll!LpkCharsetDraw
0x76261410 <LPK.dll+0x1410> LPK.dll!LpkDrawTextEx
0x76d11898 <USER32.dll+0x21898> USER32.dll!DT_DrawStr
0x75275675 a8 01 test %al $0x01
Error
#3
: UNINITIALIZED READ: reading 0x0018ea4c-0x0018ea4d 1 byte(s) within 0x0018ea4c-0x0018ea50@0:00:45.099 in thread 1232
0x75270a79 <USP10.dll+0x30a79> USP10.dll!CUspShapingDrawingSurface::GenericGlyphOut
0x75270124 <USP10.dll+0x30124> USP10.dll!CUspShapingDrawingSurface::DrawGlyphs
0x7528573b <USP10.dll+0x4573b> USP10.dll!GenericEngineDrawGlyphs
0x752759fa <USP10.dll+0x359fa> USP10.dll!ShapingDrawGlyphs
0x75272efd <USP10.dll+0x32efd> USP10.dll!ShlTextOut
0x75246122 <USP10.dll+0x6122> USP10.dll!ScriptTextOut
0x75255af9 <USP10.dll+0x15af9> USP10.dll!InternalStringOut
0x752483be <USP10.dll+0x83be> USP10.dll!ScriptStringOut
0x762651a9 <LPK.dll+0x51a9> LPK.dll!LpkCharsetDraw
0x76261410 <LPK.dll+0x1410> LPK.dll!LpkDrawTextEx
0x76d11898 <USER32.dll+0x21898> USER32.dll!DT_DrawStr
0x76d1182a <USER32.dll+0x2182a> USER32.dll!DT_DrawJustifiedLine
0x75270a79 39 4d 1c cmp 0x1c(%ebp) %ecx
Original issue: http://code.google.com/p/drmemory/issues/detail?id=493
The text was updated successfully, but these errors were encountered: