Project

General

Profile

Actions

Bug #2236

open

ofono: Fix valgrind issues

Added by pespin almost 7 years ago. Updated about 4 years ago.

Status:
New
Priority:
Low
Assignee:
-
Target version:
-
Start date:
05/05/2017
Due date:
% Done:

0%

Spec Reference:

Description

Runninf ofonod 1.20 with the following cmd line provided some issues. Looking at these may provide hints to fix ofono crashes we are seeing.

valgrind --tool=memcheck --leak-check=yes --track-origins=yes /usr/local/sbin/ofonod -d -n

A:

ofonod[2870]: drivers/qmimodem/sim.c:query_pin_retries_cb()
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4C2ED31: __memcmp_sse4_1 (vg_replace_strmem.c:972)
==2870==    by 0x4F451A: sim_pin_retries_query_cb (sim.c:462)
==2870==    by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870==    by 0x45544A: service_send_callback (qmi.c:2143)
==2870==    by 0x452D00: handle_packet (qmi.c:815)
==2870==    by 0x452E85: received_data (qmi.c:863)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4F451D: sim_pin_retries_query_cb (sim.c:462)
==2870==    by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870==    by 0x45544A: service_send_callback (qmi.c:2143)
==2870==    by 0x452D00: handle_packet (qmi.c:815)
==2870==    by 0x452E85: received_data (qmi.c:863)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4F3DFB: get_pin_retries (sim.c:278)
==2870==    by 0x4F4553: sim_pin_retries_query_cb (sim.c:467)
==2870==    by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870==    by 0x45544A: service_send_callback (qmi.c:2143)
==2870==    by 0x452D00: handle_packet (qmi.c:815)
==2870==    by 0x452E85: received_data (qmi.c:863)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4F3E65: get_pin_retries (sim.c:288)
==2870==    by 0x4F4553: sim_pin_retries_query_cb (sim.c:467)
==2870==    by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870==    by 0x45544A: service_send_callback (qmi.c:2143)
==2870==    by 0x452D00: handle_packet (qmi.c:815)
==2870==    by 0x452E85: received_data (qmi.c:863)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Syscall param sendmsg(msg.msg_iov[1]) points to uninitialised byte(s)
==2870==    at 0x5888690: __sendmsg_nocancel (syscall-template.S:81)
==2870==    by 0x537F309: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5378CF5: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5378F60: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5377CA7: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5361073: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5361162: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5362437: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x53B3AC: g_dbus_send_message (object.c:1503)
==2870==    by 0x4CCED9: ofono_dbus_signal_dict_property_changed (dbus.c:275)
==2870==    by 0x4F457A: sim_pin_retries_query_cb (sim.c:468)
==2870==    by 0x459BDD: query_pin_retries_cb (sim.c:544)
==2870==  Address 0x69ff052 is 50 bytes inside a block of size 320 alloc'd
==2870==    at 0x4C2AF2E: realloc (vg_replace_malloc.c:692)
==2870==    by 0x537CFBC: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x537D5DF: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5368D03: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5368E33: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x536D867: dbus_message_iter_open_container (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x4CC954: append_array_variant (dbus.c:104)
==2870==    by 0x4CCA34: ofono_dbus_dict_append_array (dbus.c:126)
==2870==    by 0x4C8B96: __ofono_modem_append_properties (modem.c:840)
==2870==    by 0x4C8CA3: modem_get_properties (modem.c:869)
==2870==    by 0x538C59: process_message (object.c:259)
==2870==    by 0x53A737: generic_message (object.c:1070)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==

B:

ofonod[2870]: plugins/gobi.c:shutdown_cb()
ofonod[2870]: src/modem.c:modem_change_state() old state: 0, new state: 0
==2870== Invalid read of size 8
==2870==    at 0x453ADE: shutdown_destroy (qmi.c:1254)
==2870==    by 0x508A717: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DB8B: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Address 0x6a07518 is 152 bytes inside a block of size 168 free'd
==2870==    at 0x4C29E90: free (vg_replace_malloc.c:473)
==2870==    by 0x4532FF: qmi_device_unref (qmi.c:1003)
==2870==    by 0x45E09B: shutdown_cb (gobi.c:120)
==2870==    by 0x453B68: shutdown_callback (qmi.c:1268)
==2870==    by 0x508E612: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==
==2870== Invalid write of size 4
==2870==    at 0x453B09: shutdown_destroy (qmi.c:1257)
==2870==    by 0x508A717: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DB8B: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Address 0x6a07520 is 160 bytes inside a block of size 168 free'd
==2870==    at 0x4C29E90: free (vg_replace_malloc.c:473)
==2870==    by 0x4532FF: qmi_device_unref (qmi.c:1003)
==2870==    by 0x45E09B: shutdown_cb (gobi.c:120)
==2870==    by 0x453B68: shutdown_callback (qmi.c:1268)
==2870==    by 0x508E612: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==

C:
ofonod2870: drivers/qmimodem/network-registration.c:qmi_register_manual()
2870 Syscall param write(buf) points to uninitialised byte(s)
2870 at 0x587AC00: __write_nocancel (syscall-template.S:81)
2870 by 0x4527E1: can_write_data (qmi.c:642)
2870 by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
2870 by 0x508DF47: ? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
2870 by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
2870 by 0x4C680B: main (main.c:256)
2870 Address 0x63a7fa8 is 24 bytes inside a block of size 25 alloc'd
2870 at 0x4C28C20: malloc (vg_replace_malloc.c:296)
2870 by 0x451B97: __request_alloc (qmi.c:176)
2870 by 0x45559D: qmi_service_send (qmi.c:2178)
2870 by 0x4574D2: qmi_register_manual (network-registration.c:364)
2870 by 0x4D047B: network_operator_register (network.c:610)
2870 by 0x538C59: process_message (object.c:259)
2870 by 0x53A737: generic_message (object.c:1070)
2870 by 0x537160E: ?
(in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
2870 by 0x5363193: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
2870 by 0x536647: message_dispatch (mainloop.c:72)
2870 by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
2870 by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
2870 Uninitialised value was created by a stack allocation
2870 at 0x452D18: received_data (qmi.c:822)
2870

D:

ofonod[2870]: drivers/qmimodem/sim.c:get_file_attributes_cb()
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4F3DFB: get_pin_retries (sim.c:278)
==2870==    by 0x4F4447: sim_get_properties (sim.c:435)
==2870==    by 0x538C59: process_message (object.c:259)
==2870==    by 0x53A737: generic_message (object.c:1070)
==2870==    by 0x537160E: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5363193: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x536647: message_dispatch (mainloop.c:72)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==
==2870== Conditional jump or move depends on uninitialised value(s)
==2870==    at 0x4F3E65: get_pin_retries (sim.c:288)
==2870==    by 0x4F4447: sim_get_properties (sim.c:435)
==2870==    by 0x538C59: process_message (object.c:259)
==2870==    by 0x53A737: generic_message (object.c:1070)
==2870==    by 0x537160E: ??? (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x5363193: dbus_connection_dispatch (in /lib/x86_64-linux-gnu/libdbus-1.so.3.8.13)
==2870==    by 0x536647: message_dispatch (mainloop.c:72)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==  Uninitialised value was created by a stack allocation
==2870==    at 0x459B1A: query_pin_retries_cb (sim.c:531)
==2870==

E:

ofonod[2870]: Exit
==2870==
==2870== HEAP SUMMARY:
==2870==     in use at exit: 66,564 bytes in 315 blocks
==2870==   total heap usage: 61,281 allocs, 60,966 frees, 29,562,024 bytes allocated
==2870==
==2870== 8 bytes in 4 blocks are definitely lost in loss record 19 of 173
==2870==    at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==2870==    by 0x58209D9: strndup (strndup.c:45)
==2870==    by 0x454740: qmi_result_get_string (qmi.c:1672)
==2870==    by 0x455F6A: get_ids_cb (devinfo.c:129)
==2870==    by 0x45544A: service_send_callback (qmi.c:2143)
==2870==    by 0x452D00: handle_packet (qmi.c:815)
==2870==    by 0x452E85: received_data (qmi.c:863)
==2870==    by 0x508DB6C: g_main_context_dispatch (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508DF47: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x508E271: g_main_loop_run (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.1)
==2870==    by 0x4C680B: main (main.c:256)
==2870==
==2870== LEAK SUMMARY:
==2870==    definitely lost: 8 bytes in 4 blocks
==2870==    indirectly lost: 0 bytes in 0 blocks
==2870==      possibly lost: 0 bytes in 0 blocks
==2870==    still reachable: 66,556 bytes in 311 blocks
==2870==         suppressed: 0 bytes in 0 blocks
==2870== Reachable blocks (those to which a pointer was found) are not shown.
==2870== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==2870==
==2870== For counts of detected and suppressed errors, rerun with: -v
==2870== ERROR SUMMARY: 161 errors from 12 contexts (suppressed: 0 from 0)

Actions

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 48.8 MB)