Details
-
Bug
-
Resolution: Cannot Reproduce
-
P3: Somewhat important
-
4.7.3
-
Linux
Description
Valgrind is reporting a UMR in the checkbox rendering code of a custom QStyle subclass. The error can be reproduced similar code in a standalone simple testcase which does not use a custom style.
The error is in the following section of the BLEND_SOURCE_OVER_ARGB32_SSSE3 macro, in src/gui/painting/qdrawhelper_ssse3.cpp:
} else if ((length - x) >= 8) {
/* We use two vectors to extract the src: prevLoaded for the first pixels, lastLoaded for the current pixels. */
>>> _m128i srcVectorPrevLoaded = _mm_load_si128((_m128i *)
At this point, length is 13 (it's painting a 13x13 QPixmap), x is 0 (initialized to 0 at beginning of macro, not yet altered), and minusOffsetToAlignSrcOn16Bytes is 2 (CPU is Xeon X5570, RHEL4 update 7, compiled with g++ 4.4.4 in 32bit mode - there's no error in 64bit builds). Thus, the following snippet indexes 2 elements, which is 8 bytes ('src' is a pointer to an array of quint32 items, so 2*4bytes) before the beginning of the 'src' pixel array:
&src[x - minusOffsetToAlignSrcOn16Bytes]);
=
&src[ 0 - 2]
(It actually wasn't always reproducible, so hopefully you'll be able to tell from reading the code that this situation can arise.)
Attached is the valgrind stack showing the process accessing 8 bytes before the memory allocated by XGetImage. The log in the attached testcase is slightly different, as valgrind reports it as being 8 bytes from the end of a known data structure, rather than 8 bytes before a known data structure, but it looks like the same bug.