uninitialized value from _JpegLoadInfo is used in get_dqt

[GoogleCodeExporter]

What steps will reproduce the problem?

run "valgrind --track-origins=yes ./out/Release/pdfium_test 23.pdf"
or build pdfium_test with msan from the chromium tree 
(http://www.chromium.org/developers/testing/memorysanitizer)
and run "./out/Release/pdfium_test 23.pdf"

==17269== WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7ff044db4aa4 in get_dqt third_party/pdfium/core/src/fxcodec/libjpeg/fpdfapi_jdmarker.c:559
    #1 0x7ff044db4aa4 in read_markers third_party/pdfium/core/src/fxcodec/libjpeg/fpdfapi_jdmarker.c:1067
    #2 0x7ff044dab11e in consume_markers third_party/pdfium/core/src/fxcodec/libjpeg/fpdfapi_jdinput.c:297
    #3 0x7ff044da962c in FPDFAPIJPEG_jpeg_consume_input third_party/pdfium/core/src/fxcodec/libjpeg/fpdfapi_jdapimin.c:302
    #4 0x7ff044da9218 in FPDFAPIJPEG_jpeg_read_header third_party/pdfium/core/src/fxcodec/libjpeg/fpdfapi_jdapimin.c:250
    #5 0x7ff044ba0e38 in _JpegLoadInfo(unsigned char const*, unsigned int, int&, int&, int&, int&, int&, unsigned char**, unsigned int*) third_party/pdfium/core/src/fxcodec/codec/fx_codec_jpeg.cpp:309
    #6 0x7ff044ba06c1 in CCodec_JpegModule::LoadInfo(unsigned char const*, unsigned int, int&, int&, int&, int&, int&, unsigned char**, unsigned int*) third_party/pdfium/core/src/fxcodec/codec/fx_codec_jpeg.cpp:569
    #7 0x7ff044ae24db in CPDF_DIBSource::CreateDecoder() third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:596
    #8 0x7ff044adc2e9 in CPDF_DIBSource::StartLoadDIBSource(CPDF_Document*, CPDF_Stream const*, int, CPDF_Dictionary*, CPDF_Dictionary*, int, unsigned int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:361
    #9 0x7ff044ac5541 in CPDF_ImageCache::StartGetCachedBitmap(CPDF_Dictionary*, CPDF_Dictionary*, int, unsigned int, int, CPDF_RenderStatus*, int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_cache.cpp:310
    #10 0x7ff044ac4ec4 in CPDF_PageRenderCache::StartGetCachedBitmap(CPDF_Stream*, int, unsigned int, int, CPDF_RenderStatus*, int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_cache.cpp:131
    #11 0x7ff044af3d7d in CPDF_ProgressiveImageLoaderHandle::Start(CPDF_ImageLoader*, CPDF_ImageObject const*, CPDF_PageRenderCache*, int, unsigned int, int, CPDF_RenderStatus*, int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:1437
    #12 0x7ff044af50f2 in CPDF_ImageLoader::StartLoadImage(CPDF_ImageObject const*, CPDF_PageRenderCache*, void*&, int, unsigned int, int, CPDF_RenderStatus*, int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp:1497
    #13 0x7ff044acc8c8 in CPDF_ImageRenderer::StartLoadDIBSource() third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_image.cpp:371
    #14 0x7ff044ac70b2 in CPDF_ImageRenderer::Start(CPDF_RenderStatus*, CPDF_PageObject const*, CFX_Matrix const*, int, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render_image.cpp:525
    #15 0x7ff044ab5017 in CPDF_RenderStatus::ContinueSingleObject(CPDF_PageObject const*, CFX_Matrix const*, IFX_Pause*) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render.cpp:350
    #16 0x7ff044ac1256 in CPDF_ProgressiveRenderer::Continue(IFX_Pause*) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1175
    #17 0x7ff044abfdbc in CPDF_ProgressiveRenderer::Start(CPDF_RenderContext*, CFX_RenderDevice*, CPDF_RenderOptions const*, IFX_Pause*, int) third_party/pdfium/core/src/fpdfapi/fpdf_render/fpdf_render.cpp:1114
    #18 0x7ff0448749db in FPDF_RenderPage_Retail(CRenderContext*, void*, int, int, int, int, int, int, int, IFSDK_PAUSE_Adapter*) third_party/pdfium/fpdfsdk/src/fpdfview.cpp:835
    #19 0x7ff044875339 in FPDF_RenderPageBitmap third_party/pdfium/fpdfsdk/src/fpdfview.cpp:633
    #20 0x7ff04486da34 in RenderPdf(char const*, char const*, unsigned long, bool) third_party/pdfium/samples/pdfium_test.cc:239
    #21 0x7ff04486efc7 in main third_party/pdfium/samples/pdfium_test.cc:300
    #22 0x7ff0432a776c in __libc_start_main /build/buildd/eglibc-2.15/csu/libc-start.c:226
    #23 0x7ff04486be8c in _start (/usr/local/google/kcc/chromium/src/out/Release/pdfium_test+0x15ae8c)

  Uninitialized value was created by an allocation of 'jerr' in the stack frame of function '_JpegLoadInfo(unsigned char const*, unsigned int, int&, int&, int&, int&, int&, unsigned char**, unsigned int*)'
    #0 0x7ff044ba0730 in _JpegLoadInfo(unsigned char const*, unsigned int, int&, int&, int&, int&, int&, unsigned char**, unsigned int*) third_party/pdfium/core/src/fxcodec/codec/fx_codec_jpeg.cpp:276

The following patch fixes the problem:
diff --git a/core/src/fxcodec/codec/fx_codec_jpeg.cpp 
b/core/src/fxcodec/codec/fx_codec_jpeg.cpp
index 5e78e13..33afcc2 100644
--- a/core/src/fxcodec/codec/fx_codec_jpeg.cpp
+++ b/core/src/fxcodec/codec/fx_codec_jpeg.cpp
@@ -282,6 +282,7 @@ static FX_BOOL _JpegLoadInfo(FX_LPCBYTE src_buf, FX_DWORD 
src_size, int& width,
     jerr.output_message = _error_do_nothing;
     jerr.format_message = _error_do_nothing2;
     jerr.reset_error_mgr = _error_do_nothing;
+    jerr.trace_level = 0;
     cinfo.err = &jerr;
     jmp_buf mark;
     cinfo.client_data = &mark;

What is the expected output? What do you see instead?

msan and valgrind should be silent

What version of the product are you using? On what operating system?

Fresh trunk on linux x86_64

Original issue reported on code.google.com by kcc@chromium.org on 4 Jun 2014 at 1:10

Attachments:

• 23.pdf

[GoogleCodeExporter]

Thanks, feel free to upload a change using "git cl" and send to one of the cc'd 
foxitsoftware.com addresses for review.

Original comment by jam@chromium.org on 4 Jun 2014 at 3:36

[GoogleCodeExporter]

I do not see the full e-mails CC-ed here (because I am not a project member?), 
so I can't CC them to https://codereview.chromium.org/312273002

Original comment by kcc@chromium.org on 5 Jun 2014 at 7:49

[GoogleCodeExporter]

Fix in f0a5576384e6def4f1fe78d6e0b12b0a9d710bf8

Original comment by bo...@foxitsoftware.com on 5 Jun 2014 at 10:02

• Changed state: Fixed