Closed benkasminbullock closed 9 years ago
What are the other conditions when this happens? Particularly WD and y. There is no read at that line - only in the ismasked() routine. Maybe the problem is with compiler optimization inlinine too agressively. Is this AVR or linux/unix?
I'm using FreeBSD. I run the program as follows:
valgrind ./qrjpeg "butterfingers"
The valgrind output looks like this:
==41335== Memcheck, a memory error detector ==41335== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==41335== Using Valgrind-3.8.0 and LibVEX; rerun with -h for copyright info ==41335== Command: ./qrjpeg butterfingers ==41335== ==41335== Invalid read of size 1 ==41335== at 0x804C7B4: qrencode (qrencode.c:279) ==41335== by 0x8048841: main (qrjpeg.c:81) ==41335== Address 0x17c722 is not stack'd, malloc'd or (recently) free'd ==41335== ==41335== ==41335== HEAP SUMMARY: ==41335== in use at exit: 5,746 bytes in 6 blocks ==41335== total heap usage: 6 allocs, 0 frees, 5,746 bytes allocated ==41335== ==41335== LEAK SUMMARY: ==41335== definitely lost: 0 bytes in 0 blocks ==41335== indirectly lost: 0 bytes in 0 blocks ==41335== possibly lost: 0 bytes in 0 blocks ==41335== still reachable: 5,746 bytes in 6 blocks ==41335== suppressed: 0 bytes in 0 blocks ==41335== Rerun with --leak-check=full to see details of leaked memory ==41335== ==41335== For counts of detected and suppressed errors, rerun with: -v ==41335== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
When I added an assert at the line before the one in question, it said that x had a value of 255 sometimes. Add #include <stdio.h>
at the top then
if (x > WD - 1) { fprintf (stderr, "x = %d\n", x); } if (y > WD - 1) { fprintf (stderr, "y = %d\n", x); } } while (ismasked(x, y));
The result with the same above "butterfingers" input is that x = 255 is printed to stderr.
Fixed. Rootcause was after the last actual data bit was inserted into the image, it still looked for the next open bit which didn't exist so would overflow the bottom left. Write/seek was changed to If(!zeroth) seek / write.
https://github.com/tz1/qrduino/blob/master/qrencode.c#L279
Sometimes x becomes 255 and this reads from uninitialized memory.
I put a check line and
break;
if x is out of bounds.I found this with valgrind.