From 96bf7a9ace990a03b8b87a7a9d7b2882210ded0c Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Sun, 21 Jan 2024 17:28:17 +0000 Subject: ofz: MemorySanitizer: use-of-uninitialized-value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x2e4597d in TreatDoubleError /src/libreoffice/sc/source/core/inc/interpre.hxx:1146:10 #1 0x2e4597d in ScInterpreter::PushDouble(double) /src/libreoffice/sc/source/core/tool/interpr4.cxx:1806:5 #2 0x2e83755 in ScInterpreter::ScExternal() /src/libreoffice/sc/source/core/tool/interpr4.cxx:3126:17 #3 0x2e94a38 in ScInterpreter::Interpret() /src/libreoffice/sc/source/core/tool/interpr4.cxx:4487:43 #4 0x27296ad in ScFormulaCell::InterpretTail(ScInterpreterContext&, ScFormulaCell::ScInterpretTailParameter) /src/libreoffice/sc/source/core/data/formulacell.cxx:1946:23 #5 0x2722f87 in ScFormulaCell::Interpret(int, int) /src/libreoffice/sc/source/core/data/formulacell.cxx:1619:13 #6 0x1e1c80f in operator() /src/libreoffice/sc/source/core/data/column.cxx:2808:16 #7 0x1e1c80f in EachElem, std::__1::__wrap_iter, mdds::detail::mtv::iterator_value_node, unsigned long>, (anonymous namespace)::CalcAllHandler> /src/libreoffice/sc/inc/mtvfunctions.hxx:130:9 #8 0x1e1c80f in ProcessElements1, mdds::mtv::noncopyable_managed_element_block<54, ScFormulaCell, mdds::mtv::delayed_delete_vector>, (anonymous namespace)::CalcAllHandler, sc::FuncElseNoOp > /src/libreoffice/sc/inc/mtvfunctions.hxx:330:9 Uninitialized value was stored to memory at #0 0x2fdee53 in operator>>= /src/libreoffice/sc/source/core/tool/rangeseq.cxx:0:14 #1 0x2fdee53 in ScApiTypeConversion::ConvertAnyToDouble(double&, com::sun::star::uno::TypeClass&, com::sun::star::uno::Any const&) /src/libreoffice/sc/source/core/tool/rangeseq.cxx:347:18 #2 0x2b1e9d4 in ScUnoAddInCall::SetResult(com::sun::star::uno::Any const&) /src/libreoffice/sc/source/core/tool/addincol.cxx:1583:17 #3 0x2b1d84f in ScUnoAddInCall::ExecuteCallWithArgs(com::sun::star::uno::Sequence&) /src/libreoffice/sc/source/core/tool/addincol.cxx:1541:9 #4 0x2b1c2ee in ScUnoAddInCall::ExecuteCall() /src/libreoffice/sc/source/core/tool/addincol.cxx:1495:9 #5 0x2e81a4b in ScInterpreter::ScExternal() /src/libreoffice/sc/source/core/tool/interpr4.cxx:3065:19 #6 0x2e94a38 in ScInterpreter::Interpret() /src/libreoffice/sc/source/core/tool/interpr4.cxx:4487:43 Uninitialized value was stored to memory at #0 0x2b1daec in swap /usr/local/include/c++/v1/__utility/swap.h:37:7 #1 0x2b1daec in operator= /src/libreoffice/include/com/sun/star/uno/Any.hxx:153:5 #2 0x2b1daec in ScUnoAddInCall::ExecuteCallWithArgs(com::sun::star::uno::Sequence&) /src/libreoffice/sc/source/core/tool/addincol.cxx:1518:14 #3 0x2b1c2ee in ScUnoAddInCall::ExecuteCall() /src/libreoffice/sc/source/core/tool/addincol.cxx:1495:9 #4 0x2e81a4b in ScInterpreter::ScExternal() /src/libreoffice/sc/source/core/tool/interpr4.cxx:3065:19 #5 0x2e94a38 in ScInterpreter::Interpret() /src/libreoffice/sc/source/core/tool/interpr4.cxx:4487:43 Uninitialized value was stored to memory at #0 0xc49bb64 in cppu::_copyConstructAnyFromData(_uno_Any*, void*, _typelib_TypeDescriptionReference*, _typelib_TypeDescription*, void (*)(void*), _uno_Mapping*) /src/libreoffice/cppu/source/uno/copy.hxx:178:49 #1 0xc497abd in cppu::_copyConstructAny(_uno_Any*, void*, _typelib_TypeDescriptionReference*, _typelib_TypeDescription*, void (*)(void*), _uno_Mapping*) /src/libreoffice/cppu/source/uno/copy.hxx:288:13 #2 0xc499443 in uno_any_constructAndConvert /src/libreoffice/cppu/source/uno/any.cxx:120:9 #3 0x174d263f in stoc_corefl::(anonymous namespace)::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence&) /src/libreoffice/stoc/source/corereflection/criface.cxx:633:13 #4 0x174d5935 in non-virtual thunk to stoc_corefl::(anonymous namespace)::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence&) /src/libreoffice/stoc/source/corereflection/criface.cxx:0 #5 0x2b1d5ce in ScUnoAddInCall::ExecuteCallWithArgs(com::sun::star::uno::Sequence&) /src/libreoffice/sc/source/core/tool/addincol.cxx:1518:27 #6 0x2b1c2ee in ScUnoAddInCall::ExecuteCall() /src/libreoffice/sc/source/core/tool/addincol.cxx:1495:9 #7 0x2e81a4b in ScInterpreter::ScExternal() /src/libreoffice/sc/source/core/tool/interpr4.cxx:3065:19 #8 0x2e94a38 in ScInterpreter::Interpret() /src/libreoffice/sc/source/core/tool/interpr4.cxx:4487:43 Uninitialized value was stored to memory at #0 0xcd10714 in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) /src/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:157:51 #1 0xcd0cd78 in cpp_call(bridges::cpp_uno::shared::UnoInterfaceProxy*, bridges::cpp_uno::shared::VtableSlot, _typelib_TypeDescriptionReference*, int, _typelib_MethodParameter*, void*, void**, _uno_Any**) /src/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:233:13 #2 0xcd0a9fa in unoInterfaceProxyDispatch /src/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/uno2cpp.cxx:0 #3 0x174d1f01 in stoc_corefl::(anonymous namespace)::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence&) /src/libreoffice/stoc/source/corereflection/criface.cxx:590:9 #4 0x174d5935 in non-virtual thunk to stoc_corefl::(anonymous namespace)::IdlInterfaceMethodImpl::invoke(com::sun::star::uno::Any const&, com::sun::star::uno::Sequence&) /src/libreoffice/stoc/source/corereflection/criface.cxx:0 #5 0x2b1d5ce in ScUnoAddInCall::ExecuteCallWithArgs(com::sun::star::uno::Sequence&) /src/libreoffice/sc/source/core/tool/addincol.cxx:1518:27 #6 0x2b1c2ee in ScUnoAddInCall::ExecuteCall() /src/libreoffice/sc/source/core/tool/addincol.cxx:1495:9 #7 0x2e81a4b in ScInterpreter::ScExternal() /src/libreoffice/sc/source/core/tool/interpr4.cxx:3065:19 #8 0x2e94a38 in ScInterpreter::Interpret() /src/libreoffice/sc/source/core/tool/interpr4.cxx:4487:43 Uninitialized value was created by an allocation of 'data' in the stack frame of function '_ZN4gcc317callVirtualMethodEPvjS0_P33_typelib_TypeDescriptionReferencebPmjS3_Pd' #0 0xcd0f1d0 in gcc3::callVirtualMethod(void*, unsigned int, void*, _typelib_TypeDescriptionReference*, bool, unsigned long*, unsigned int, unsigned long*, double*) /src/libreoffice/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx:50 The double really comes from AnalysisAddIn::getConvert and when adding code to switch off it there and msan is happy before it returns that it is initialized, the problem arises when extracting that return value in the bridge code. Its curious that this only appears now when we've been running msan for years and only for double (so far) and not the other types. Change-Id: I8f381a9faf4fe9d4a02b77b241ab33de8eb3bce2 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/162348 Tested-by: Jenkins Reviewed-by: Caolán McNamara --- .../source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'bridges') diff --git a/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx b/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx index 04dd2dc6a5f6..bf3e7f388108 100644 --- a/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx +++ b/bridges/source/cpp_uno/gcc3_linux_x86-64/callvirtualmethod.cxx @@ -27,6 +27,13 @@ #include "abi.hxx" #include "callvirtualmethod.hxx" +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) +# include +# define MEMORY_SANITIZER +# endif +#endif + // The call instruction within the asm block of callVirtualMethod may throw // exceptions. At least GCC 4.7.0 with -O0 would create (unnecessary) // .gcc_exception_table call-site table entries around all other calls in this @@ -154,6 +161,10 @@ void CPPU_CURRENT_NAMESPACE::callVirtualMethod( *static_cast(pRegisterReturn) = *reinterpret_cast(&data.xmm0); break; case typelib_TypeClass_DOUBLE: +#if defined(MEMORY_SANITIZER) + // In the absence of a better idea just unpoison this + __msan_unpoison(&data.xmm0, sizeof(data.xmm0)); +#endif *static_cast( pRegisterReturn ) = data.xmm0; break; default: -- cgit