Description of problem: I'm trying to track down a segmentation fault in libxcb when running a plplot test. The following valgrind errors turn up as well prior to the crash. I'm not sure if they are related. ==32144== Conditional jump or move depends on uninitialised value(s) ==32144== at 0x5BFB68C: gray_set_cell (ftgrays.c:587) ==32144== by 0x5BFC20F: gray_move_to (ftgrays.c:1204) ==32144== by 0x5BA8AE8: FT_Outline_Decompose (ftoutln.c:143) ==32144== by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742) ==32144== by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825) ==32144== by 0x5BFB589: gray_raster_render (ftgrays.c:1968) ==32144== by 0x5BA9222: FT_Outline_Render (ftoutln.c:640) ==32144== by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681) ==32144== by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*, unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7C70D04: QFontEngineFT::recalcAdvances(QGlyphLayout*, QFlags<QTextEngine::ShaperFlag>) const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7B99076: ??? (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x8599B68: ??? (in /usr/lib64/libQtCore.so.4.8.7) ==32144== ==32144== Conditional jump or move depends on uninitialised value(s) ==32144== at 0x5BFB68C: gray_set_cell (ftgrays.c:587) ==32144== by 0x5BFB930: gray_render_line (ftgrays.c:969) ==32144== by 0x5BFC1D1: gray_line_to (ftgrays.c:1216) ==32144== by 0x5BA8CA7: FT_Outline_Decompose (ftoutln.c:165) ==32144== by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742) ==32144== by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825) ==32144== by 0x5BFB589: gray_raster_render (ftgrays.c:1968) ==32144== by 0x5BA9222: FT_Outline_Render (ftoutln.c:640) ==32144== by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681) ==32144== by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*, unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7C7143E: QFontEngineFT::boundingBox(unsigned int) (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7C6CA3E: QFontEngineFT::minRightBearing() const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== ==32144== Conditional jump or move depends on uninitialised value(s) ==32144== at 0x5BFB68C: gray_set_cell (ftgrays.c:587) ==32144== by 0x5BFBB41: gray_render_line (ftgrays.c:905) ==32144== by 0x5BFC1D1: gray_line_to (ftgrays.c:1216) ==32144== by 0x5BA8CA7: FT_Outline_Decompose (ftoutln.c:165) ==32144== by 0x5BA5722: gray_convert_glyph_inner (ftgrays.c:1742) ==32144== by 0x5BA58A0: gray_convert_glyph (ftgrays.c:1825) ==32144== by 0x5BFB589: gray_raster_render (ftgrays.c:1968) ==32144== by 0x5BA9222: FT_Outline_Render (ftoutln.c:640) ==32144== by 0x5BA92A1: FT_Outline_Get_Bitmap (ftoutln.c:681) ==32144== by 0x7C7056F: QFontEngineFT::loadGlyph(QFontEngineFT::QGlyphSet*, unsigned int, QFixed, QFontEngine::GlyphFormat, bool) const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7C7143E: QFontEngineFT::boundingBox(unsigned int) (in /usr/lib64/libQtGui.so.4.8.7) ==32144== by 0x7C6CA3E: QFontEngineFT::minRightBearing() const (in /usr/lib64/libQtGui.so.4.8.7) ==32144== Code is: static void gray_set_cell( RAS_ARG_ TCoord ex, TCoord ey ) { /* Move the cell pointer to a new position. We set the `invalid' */ /* flag to indicate that the cell isn't part of those we're interested */ /* in during the render phase. This means that: */ /* */ /* . the new vertical position must be within min_ey..max_ey-1. */ /* . the new horizontal position must be strictly less than max_ex */ /* */ /* Note that if a cell is to the left of the clipping region, it is */ /* actually set to the (min_ex-1) horizontal position. */ /* All cells that are on the left of the clipping region go to the */ /* min_ex - 1 horizontal position. */ if ( ex > ras.max_ex ) ex = ras.max_ex; if ( ex < ras.min_ex ) ex = ras.min_ex - 1; /* are we moving to a different cell ? */ ==> if ( ex != ras.ex || ey != ras.ey ) { /* record the current one if it is valid */ if ( !ras.invalid ) gray_record_cell( RAS_VAR ); ras.area = 0; ras.cover = 0; ras.ex = ex; ras.ey = ey; } ras.invalid = ( ey >= ras.max_ey || ey < ras.min_ey || ex >= ras.max_ex ); } So it looks like either ras.ex and/or ras.ey is not being initialized. However, this doesn't look like it matters since we just go on to set ras.ex and ras.ey. So I suppose this is a false positive of sorts. It might be nice though if ras could be initialized so that valgrind wouldn't output these errors. Version-Release number of selected component (if applicable): freetype-2.7-1.fc26.x86_64
Hi, this has been fixed by upstream recently. The commit can be found here: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=6ca54c643094800c1915dd856b9ea36276fe1e97 I've pushed the patch to rawhide as freetype-2.7-2. Feel free to reopen this bug if the warning still occurs.