AddressSanitizer: global-buffer-overflow gc.c:919 in `scan_arena`

[ee7]

(2024-07-01: edited to keep stack trace up to date with main, and add more platform details)

With:

• libcon4m https://github.com/crashappsec/libcon4m/commit/14604adf6ca68c75a08360129d71beb63571c1d1
• x86_64
• Linux 6.9.7
• clang 17.0.6 or gcc 14.1.1 20240522

ASan complains when running c4test on any file:

$ ./debug/c4test tests/basic1.c4m
address of the universe: 0x5f3d161155a0
info: Compiling: /foo/libcon4m/tests/basic1.c4m
info: Done processing: /foo/libcon4m/tests/basic1.c4m
****STARTING PROGRAM EXECUTION*****
****PROGRAM EXECUTION FINISHED*****

Passed 1 out of 1 run tests.
=================================================================
==10924==ERROR: AddressSanitizer: global-buffer-overflow on address 0x5f3d16115770 at pc 0x5f3d156b44a2 bp 0x7fffbb103b50 sp 0x7fffbb103b40
READ of size 8 at 0x5f3d16115770 thread T0
SCARINESS: 23 (8-byte-read-global-buffer-overflow)
    #0 0x5f3d156b44a1 in scan_arena ../src/con4m/gc.c:919
    #1 0x5f3d156b505e in raw_trace ../src/con4m/gc.c:1009
    #2 0x5f3d156b5599 in c4m_collect_arena ../src/con4m/gc.c:1055
    #3 0x5f3d156b6019 in c4m_gc_thread_collect ../src/con4m/gc.c:1125
    #4 0x5f3d1566f3e6 in main ../src/tests/test.c:533
    #5 0x788f20239c87  (/usr/lib/libc.so.6+0x25c87) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #6 0x788f20239d4b in __libc_start_main (/usr/lib/libc.so.6+0x25d4b) (BuildId: 32a656aa5562eece8c59a585f5eacd6cf5e2307b)
    #7 0x5f3d156628a4 in _start (libcon4m/debug/c4test+0x4998a4) (BuildId: 19489650db0e47546d8ec39a9c30f060f548f6de)

0x5f3d16115770 is located 0 bytes after global variable 'c4m_bi_types' defined in '../src/con4m/types.c:242:22' (0x5f3d161155e0) of size 400
0x5f3d16115770 is located 48 bytes before global variable 'type_node_for_list_of_type_objects' defined in '../src/con4m/types.c:245:13' (0x5f3d161157a0) of size 8
SUMMARY: AddressSanitizer: global-buffer-overflow ../src/con4m/gc.c:919 in scan_arena
Shadow bytes around the buggy address:
  0x5f3d16115480: f9 f9 f9 f9 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9
  0x5f3d16115500: 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
  0x5f3d16115580: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x5f3d16115600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x5f3d16115680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x5f3d16115700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9
  0x5f3d16115780: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9
  0x5f3d16115800: f9 f9 f9 f9 00 00 00 00 00 f9 f9 f9 f9 f9 f9 f9
  0x5f3d16115880: 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9
  0x5f3d16115900: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
  0x5f3d16115980: 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==10924==ABORTING

[viega]

No clue what this is nor can I reproduce it.

[ee7]

Is it due to the use of uninitialized values?

With 14604adf6ca68c75a08360129d71beb63571c1d1, valgrind's complaints (relevant-looking errors from context 5 onwards):

$ valgrind --leak-check=no --track-origins=yes --show-error-list=yes ./debug/c4test tests/basic1.c4m
==15029== Memcheck, a memory error detector
==15029== Copyright (C) 2002-2024, and GNU GPL'd, by Julian Seward et al.
==15029== Using Valgrind-3.23.0 and LibVEX; rerun with -h for copyright info
==15029== Command: ./debug/c4test tests/basic1.c4m
==15029== 
==15029== Warning: set address range perms: large range [0x5594000, 0x45596000) (defined)
address of the universe: 0x1cc760
info: Compiling: /foo/libcon4m/tests/basic1.c4m
[...]
info: Done processing: /foo/libcon4m/tests/basic1.c4m
****STARTING PROGRAM EXECUTION*****
****PROGRAM EXECUTION FINISHED*****

Passed 1 out of 1 run tests.
[...]
==15029== ERROR SUMMARY: 670 errors from 48 contexts (suppressed: 0 from 0)
==15029== 
==15029== 1 errors in context 1 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x19661D: _c4m_tpat_match (../src/con4m/tree_pattern.c:187)
==15029==    by 0x16A5D7: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:163)
==15029==    by 0x16B883: c4m_file_decl_pass (../src/con4m/compiler/decl_pass.c:1473)
==15029==    by 0x1568EA: c4m_initial_load_one (../src/con4m/compiler/compile.c:625)
==15029==    by 0x15676E: c4m_perform_module_loads (../src/con4m/compiler/compile.c:741)
==15029==    by 0x156CF1: c4m_compile_from_entry_point (../src/con4m/compiler/compile.c:1053)
==15029==    by 0x116D98: test_compiler (../src/tests/test.c:425)
==15029==    by 0x11775F: main (../src/tests/test.c:515)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x169D54: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:52)
==15029== 
==15029== 
==15029== 1 errors in context 2 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x19661D: _c4m_tpat_match (../src/con4m/tree_pattern.c:187)
==15029==    by 0x16A553: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:157)
==15029==    by 0x16B883: c4m_file_decl_pass (../src/con4m/compiler/decl_pass.c:1473)
==15029==    by 0x1568EA: c4m_initial_load_one (../src/con4m/compiler/compile.c:625)
==15029==    by 0x15676E: c4m_perform_module_loads (../src/con4m/compiler/compile.c:741)
==15029==    by 0x156CF1: c4m_compile_from_entry_point (../src/con4m/compiler/compile.c:1053)
==15029==    by 0x116D98: test_compiler (../src/tests/test.c:425)
==15029==    by 0x11775F: main (../src/tests/test.c:515)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x169D54: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:52)
==15029== 
==15029== 
==15029== 1 errors in context 3 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x19661D: _c4m_tpat_match (../src/con4m/tree_pattern.c:187)
==15029==    by 0x16A4B3: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:150)
==15029==    by 0x16B883: c4m_file_decl_pass (../src/con4m/compiler/decl_pass.c:1473)
==15029==    by 0x1568EA: c4m_initial_load_one (../src/con4m/compiler/compile.c:625)
==15029==    by 0x15676E: c4m_perform_module_loads (../src/con4m/compiler/compile.c:741)
==15029==    by 0x156CF1: c4m_compile_from_entry_point (../src/con4m/compiler/compile.c:1053)
==15029==    by 0x116D98: test_compiler (../src/tests/test.c:425)
==15029==    by 0x11775F: main (../src/tests/test.c:515)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x169D54: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:52)
==15029== 
==15029== 
==15029== 1 errors in context 4 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x19661D: _c4m_tpat_match (../src/con4m/tree_pattern.c:187)
==15029==    by 0x16A436: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:144)
==15029==    by 0x16B883: c4m_file_decl_pass (../src/con4m/compiler/decl_pass.c:1473)
==15029==    by 0x1568EA: c4m_initial_load_one (../src/con4m/compiler/compile.c:625)
==15029==    by 0x15676E: c4m_perform_module_loads (../src/con4m/compiler/compile.c:741)
==15029==    by 0x156CF1: c4m_compile_from_entry_point (../src/con4m/compiler/compile.c:1053)
==15029==    by 0x116D98: test_compiler (../src/tests/test.c:425)
==15029==    by 0x11775F: main (../src/tests/test.c:515)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x169D54: setup_treematch_patterns (../src/con4m/compiler/ast_utils.c:52)
==15029== 
==15029== 
==15029== 3 errors in context 5 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C18: update_traced_pointer (../src/con4m/gc.c:648)
==15029==    by 0x1219F4: process_traced_pointer (../src/con4m/gc.c:848)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 3 errors in context 6 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C11: update_traced_pointer (../src/con4m/gc.c:647)
==15029==    by 0x1219F4: process_traced_pointer (../src/con4m/gc.c:848)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 3 errors in context 7 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121BDC: update_traced_pointer (../src/con4m/gc.c:646)
==15029==    by 0x1219F4: process_traced_pointer (../src/con4m/gc.c:848)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 8 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121C1F: update_traced_pointer (../src/con4m/gc.c:648)
==15029==    by 0x12188B: process_traced_pointer (../src/con4m/gc.c:785)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 9 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121BDF: update_traced_pointer (../src/con4m/gc.c:646)
==15029==    by 0x12188B: process_traced_pointer (../src/con4m/gc.c:785)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 10 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x12184D: process_traced_pointer (../src/con4m/gc.c:769)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 11 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121B53: process_traced_pointer (../src/con4m/gc.c:870)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 12 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121AFB: process_traced_pointer (../src/con4m/gc.c:864)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 13 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121AB8: process_traced_pointer (../src/con4m/gc.c:863)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 14 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121A71: process_traced_pointer (../src/con4m/gc.c:862)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 15 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x484FD6F: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 16 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x484FC87: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 17 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x484FC67: is_overlap (vg_replace_strmem.c:144)
==15029==    by 0x484FC67: is_overlap (vg_replace_strmem.c:131)
==15029==    by 0x484FC67: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 18 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x484FC5A: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 19 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121A1D: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 20 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C18: update_traced_pointer (../src/con4m/gc.c:648)
==15029==    by 0x12188B: process_traced_pointer (../src/con4m/gc.c:785)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 21 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C11: update_traced_pointer (../src/con4m/gc.c:647)
==15029==    by 0x12188B: process_traced_pointer (../src/con4m/gc.c:785)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 22 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121BDC: update_traced_pointer (../src/con4m/gc.c:646)
==15029==    by 0x12188B: process_traced_pointer (../src/con4m/gc.c:785)
==15029==    by 0x121E0E: update_internal_allocation_pointers (../src/con4m/gc.c:584)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 23 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121D8D: update_internal_allocation_pointers (../src/con4m/gc.c:573)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 24 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121D72: update_internal_allocation_pointers (../src/con4m/gc.c:569)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 25 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121D63: update_internal_allocation_pointers (../src/con4m/gc.c:543)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 26 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121C1F: update_traced_pointer (../src/con4m/gc.c:648)
==15029==    by 0x1219F4: process_traced_pointer (../src/con4m/gc.c:848)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 27 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121BDF: update_traced_pointer (../src/con4m/gc.c:646)
==15029==    by 0x1219F4: process_traced_pointer (../src/con4m/gc.c:848)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 28 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x1219DD: process_traced_pointer (../src/con4m/gc.c:827)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 29 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121D06: prep_allocation (../src/con4m/gc.c:720)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 30 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121CF6: prep_allocation (../src/con4m/gc.c:719)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 31 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121CDD: prep_allocation (../src/con4m/gc.c:718)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 32 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121CC4: prep_allocation (../src/con4m/gc.c:717)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 33 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C87: prep_allocation (../src/con4m/gc.c:710)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 34 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C7D: prep_allocation (../src/con4m/gc.c:699)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 35 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121C71: prep_allocation (../src/con4m/gc.c:698)
==15029==    by 0x1219B7: process_traced_pointer (../src/con4m/gc.c:824)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 4 errors in context 36 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x1218A8: process_traced_pointer (../src/con4m/gc.c:808)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 8 errors in context 37 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x12182E: process_traced_pointer (../src/con4m/gc.c:752)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 8 errors in context 38 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x12181F: process_traced_pointer (../src/con4m/gc.c:742)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 8 errors in context 39 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x1217FA: process_traced_pointer (../src/con4m/gc.c:734)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 8 errors in context 40 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x1217EC: process_traced_pointer (../src/con4m/gc.c:734)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 20 errors in context 41 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x484FD7C: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 22 errors in context 42 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121623: scan_arena (../src/con4m/gc.c:934)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x121220: raw_trace (../src/con4m/gc.c:992)
==15029== 
==15029== 
==15029== 24 errors in context 43 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x484FDA5: memmove (vg_replace_strmem.c:1414)
==15029==    by 0x121A29: process_traced_pointer (../src/con4m/gc.c:859)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 35 errors in context 44 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x121612: scan_arena (../src/con4m/gc.c:934)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x121220: raw_trace (../src/con4m/gc.c:992)
==15029== 
==15029== 
==15029== 96 errors in context 45 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121DB5: update_internal_allocation_pointers (../src/con4m/gc.c:575)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 100 errors in context 46 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x121DA5: update_internal_allocation_pointers (../src/con4m/gc.c:574)
==15029==    by 0x121A09: process_traced_pointer (../src/con4m/gc.c:858)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 106 errors in context 47 of 48:
==15029== Use of uninitialised value of size 8
==15029==    at 0x120BEE: header_scan (../src/con4m/gc.c:657)
==15029==    by 0x121815: process_traced_pointer (../src/con4m/gc.c:740)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== 
==15029== 106 errors in context 48 of 48:
==15029== Conditional jump or move depends on uninitialised value(s)
==15029==    at 0x120BE4: header_scan (../src/con4m/gc.c:656)
==15029==    by 0x121815: process_traced_pointer (../src/con4m/gc.c:740)
==15029==    by 0x121644: scan_arena (../src/con4m/gc.c:937)
==15029==    by 0x1212B2: raw_trace (../src/con4m/gc.c:1009)
==15029==    by 0x120D82: c4m_collect_arena (../src/con4m/gc.c:1055)
==15029==    by 0x12136B: c4m_gc_thread_collect (../src/con4m/gc.c:1125)
==15029==    by 0x1177CC: main (../src/tests/test.c:533)
==15029==  Uninitialised value was created by a stack allocation
==15029==    at 0x120C54: c4m_collect_arena (../src/con4m/gc.c:1023)
==15029== 
==15029== ERROR SUMMARY: 670 errors from 48 contexts (suppressed: 0 from 0)

[viega]

At this point I'm pretty sure everything from #5 down was it complaining about us doing a scan of potential junk on the stack, and then testing to see whether it's in range of the heap. This code all got rewritten to be breadth first, so it probably was a false positive, and this is a non-issue either way.

The first four seem more likely to be an actual issue, so I'm not closing this out until I have time to look at it.

[viega]

This can def be closed at this point.