# Jesse's valgrind suppressions file for Mac Firefox # valgrind --suppressions=/Users/jruderman/fuzzing/dom/known/mozilla-central/valgrind.txt --gen-suppressions=all ~/central/debug-obj/dist/MinefieldDebug.app/Contents/MacOS/firefox-bin # http://valgrind.org/docs/manual/manual-core.html#manual-core.suppress # For "uninitialized" bugs, please use --track-origins=yes before assuming it's the library's fault! ################# # MAC LIBRARIES # ################# { putenv using uninitialized memory? --track-origins=yes says this is setenv's own fault. Memcheck:Cond fun:__setenv } { Mac OS X 10.5. Happens during Firefox startup, in CoreText.framework, possibly debug only. --track-origins=yes says this happens within the top function. Memcheck:Cond fun:_ZN13TFontFeaturesC2Em } { Mac OS X 10.6.4. CoreText. Memcheck:Cond fun:_ZN13TFontFeaturesC2EP6CGFont } { Bug 566137. During Firefox startup, probably an Apple bug. Memcheck:Param kevent(changelist) fun:kevent } { PMMutex::Lock is very deep in Mac system library PrintCore, and the allocation is in PMMutex::PMMutex. Memcheck:Cond fun:_ZN7PMMutex4LockEv fun:_ZN7PMMutex6RetainEv fun:_ZN7PMMutex6CreateEv fun:_ZN12PMDictionaryC2Ev fun:_ZN19PMMutableDictionaryC2Ev fun:_ZN10PMTemplateC2Ev fun:PMTemplateCreate fun:_ZN15OpaquePMPrinter20CreateGenericPrinterEv fun:_ZN15OpaquePMPrinterC2EPK10__CFString fun:_ZN11CUPSPrinterC2EPK10__CFString fun:PJCCreateGenericPrinter fun:_ZN18OpaquePMPageFormat20PJCDefaultPageFormatEP20OpaquePMPrintSession } { _DPSNextEvent (in Mac system library AppKit) reads its own unitialized memory, according to --track-origins=yes. See http://code.google.com/p/chromium/issues/detail?id=18215. Memcheck:Cond fun:_DPSNextEvent } { Uninitialized bytes come from img_data_lock, then various victim functions within CoreGraphics use the memory. Affects layout/reftests/svg/linked-pattern-01.svg, for example. Memcheck:Cond obj:/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics } { Ditto? Memcheck:Value8 obj:/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics } { Many of Apple's frameworks are compiled with clang, which causes false-positives. Memcheck:Cond obj:/System/Library/Frameworks/* } { Many of Apple's frameworks are compiled with clang, which causes false-positives. (Cond - single bit) Memcheck:Cond obj:/System/Library/Frameworks/* } { Many of Apple's frameworks are compiled with clang, which causes false-positives. (Value1) Memcheck:Value1 obj:/System/Library/Frameworks/* } { Many of Apple's frameworks are compiled with clang, which causes false-positives. (Value2) Memcheck:Value2 obj:/System/Library/Frameworks/* } { Many of Apple's frameworks are compiled with clang, which causes false-positives. (Value4) Memcheck:Value4 obj:/System/Library/Frameworks/* } { Many of Apple's frameworks are compiled with clang, which causes false-positives. (Value8) Memcheck:Value8 obj:/System/Library/Frameworks/* } { Uninitialized memory from TOpenTypePositioningEngine::PositionRuns is used (in /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText) Memcheck:Cond fun:_ZNK3OTL7GCommon10GetLookupsEPKmPt fun:_ZN26TOpenTypePositioningEngine12PositionRunsEPbb } { UnpackAttributeBuffer uses uninitialized memory allocated on the stack by its caller, GetVolFSAttributes Memcheck:Cond fun:_Z21UnpackAttributeBufferPK8attrlistPKvP15FSAttributeInfoP18FSVolAttributeInfoPhPmS9_hhPP4_aclPA16_hSE_ fun:_Z18GetVolFSAttributesP10VolumeInfomPKcmmP15FSAttributeInfommP18FSVolAttributeInfoPh } { uuid_is_null uses uninitialized memory allocated on the stack by its caller, GetVolFSAttributes Memcheck:Cond fun:uuid_is_null fun:_Z28CreateFileSecFromACLAndPermsP4_acljjtPA16_hS2_ fun:_Z18GetVolFSAttributesP10VolumeInfomPKcmmP15FSAttributeInfommP18FSVolAttributeInfoPh } { Mismatched free/delete in DesktopServicesPriv framework Memcheck:Free fun:_ZdlPv fun:_ZN15THFSPlusCatalogD2Ev } { Another mismatched free/delete in DesktopServicesPriv framework Memcheck:Free fun:_ZdlPv fun:_ZN10TCopyQueueD2Ev } { Mac OS X 10.6.4. rdar://8145289. "new[]" paired with "delete" in the DesktopServicesPriv framework. Memcheck:Free fun:_ZdlPv fun:_ZN5TChar18RemovePtrReferenceEv } { Mac OS X 10.6.4. rdar://8145318. Uninitialized memory from HIMenuBarView::MeasureAppMenus is used in HIMenuBarView::SetAdjustTextTitleBoundsAtIndex. Memcheck:Cond fun:_ZN13HIMenuBarView31SetAdjustTextTitleBoundsAtIndexEih fun:_ZN13HIMenuBarView15MeasureAppMenusEv } { Mac OS X 10.6.4. rdar://8209726. Uninitialized memory from BuildMacEncTable is used in AddEncHash (all in libType1Scaler.dylib). Memcheck:Cond fun:_ZL10AddEncHashP12EncHashTablePKhij fun:_Z16BuildMacEncTablev } { Mac OS X 10.6.4. rdar://8212792 and bug 580351. Reads 8 bytes, 4 of which are past the end of the array. Memcheck:Addr8 fun:resample_byte_h_4cpp_vector } { Mac OS X 10.6.4. I'm guessing this is a Valgrind bug. Memcheck:Param __semwait_signal(ts) fun:__semwait_signal } { TCopyWriter::UpdateTimeRemaining uses uninitilaized memory from stack allocation in TCopyWriter::WriteTaskProc Memcheck:Cond fun:_ZN11TCopyWriter19UpdateTimeRemainingEm fun:_ZN11TCopyWriter12ReportStatusEb fun:_ZN11TCopyWriter5WriteEv fun:_ZN11TCopyWriter13WriteTaskProcEPv } { Uninitialized values from CUIRenderer::DrawListBox (CoreUI.framework) used in many ways. Memcheck:Cond ... fun:_ZN11CUIRenderer11DrawListBoxEPK10CUIContext } { Uninitialized values used in /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox. didn't try --track-origins=yes. Memcheck:Cond fun:CreateEventWithCGEvent } { Mac OS X 10.6.4. This happened once during Firefox shutdown. I couldn't reproduce, but there's no Firefox on the stack so I don't care about it. Memcheck:Param mach_msg("send_size") fun:mach_msg_trap fun:dispatch_mig_server fun:_dispatch_source_invoke fun:_dispatch_queue_invoke fun:_dispatch_queue_drain fun:_dispatch_queue_invoke fun:_dispatch_worker_thread2 fun:_pthread_wqthread fun:start_wqthread } # Ignore everything in AppKit. For example, _DPSNextEvent uses its own uninitialized memory. { Memcheck:Cond obj:/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit } { Lots of uses of uninitialized values. Haven't tried --track-origins. Memcheck:Value4 ... obj:/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics } { TCopyWriter::WriteTaskProc (in /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv) leaves something uninitialized. Memcheck:Cond ... fun:_ZN11TCopyWriter19UpdateTimeRemainingEm } { Apple rdar://7557211 -- use of uninitilalized memory in AudioConverterChain::Reset /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox allocated in the same library. Affects content/media/test/crashtests/459439-1.html. Memcheck:Cond fun:_ZN19AudioConverterChain5ResetEv } { Uninitialized memory comes all the way from /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit (bottom frames) (layout/xul/base/src/crashtests/menulist-focused.xhtml) Memcheck:Cond fun:rips_f_DrawRing fun:rips_f_BltImage fun:ripc_RenderImage fun:ripc_EndLayer fun:CGContextEndTransparencyLayer fun:_ZN11CUIRenderer8EndFocusElP9CGContext fun:_ZN11CUIRenderer10DrawPopperEPK10CUIContextll fun:_ZN11CUIRenderer4DrawE6CGRectP9CGContextPK14__CFDictionaryPS5_ fun:-[NSButtonCell _coreUIDrawBezelWithFrame:inView:] fun:-[NSPopUpButtonCell drawBezelWithFrame:inView:] fun:-[NSPopUpButtonCell drawBorderAndBackgroundWithFrame:inView:] fun:-[NSMenuItemCell drawWithFrame:inView:] } { More generally... Memcheck:Cond fun:rips_f_DrawRing fun:rips_f_BltImage fun:ripc_RenderImage } { Uninitialized memory allocated and used in /System/Library/Extensions/GeForceGLDriver.bundle/Contents/MacOS/GeForceGLDriver Memcheck:Cond ... fun:glrCompCreateStream } { Uninitialized memory allocated and used in /System/Library/Extensions/GeForceGLDriver.bundle/Contents/MacOS/GeForceGLDriver Memcheck:Value8 ... fun:glrCompCreateStream } ################### # LINUX LIBRARIES # ################### { Finding it hard to care about system libraries that leak Memcheck:Leak ... obj:/usr/lib/* } { Saving to the environment intentionally leaks a string. Memcheck:Leak ... fun:_ZL9SaveToEnvPKc } { Another environment variable set Memcheck:Leak ... fun:_Z12ToNewCStringRK19nsACString_internal fun:_ZN13CrashReporter14SetupExtraDataEP12nsILocalFileRK19nsACString_internal } { Dynamic linking itself linking doesn't bother me. Memcheck:Leak ... fun:dl_open_worker } { Dynamic linking itself linking doesn't bother me. Memcheck:Leak fun:malloc fun:strdup fun:PR_LoadLibraryWithFlags } { This leak comes with a totally busted stack. Weird. Memcheck:Leak ... obj:/lib/libselinux.so.1 } { Some plugins allocate memory for this API call, or something. Memcheck:Leak ... fun:_ZN7mozilla15PluginPRLibrary21NP_GetMIMEDescriptionEPPKc } { (libz.so) Memcheck:Cond fun:inflateReset2 } { Uninitialized value from gtk_paint_expander (/usr/lib/libgtk-x11-2.0.so.0.2200.0) Memcheck:Cond ... fun:moz_gtk_widget_paint } ################ # FLASH PLAYER # ################ # Ignore everything in Flash Player { Ignore everything in Flash Player Memcheck:Addr1 ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Addr2 ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Addr4 ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Addr8 ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Cond ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Value4 ... obj:*/Flash Player } { Ignore everything in Flash Player Memcheck:Param ... obj:*/Flash Player } ####### # NSS # ####### # NSS bugs are hard to reproduce and not what I'm trying to test. { Ignore everything in freebl, which doesn't even give me symbols. Memcheck:Addr4 obj:*/libfreebl3.dylib } { Ignore everything in nssutil3 (Mac). Memcheck:Cond obj:*/libnssutil3.dylib } { Ignore everything in nssutil3 (Linux). Memcheck:Cond obj:*/libnssutil3.so } ###################### # Known Firefox bugs # ###################### { Bug 499704 Memcheck:Cond fun:strchr fun:_ZN15nsCookieService17GetCookieInternalEP6nsIURIP10nsIChanneliPPc } { zlib longest_match intentionally uses uninitialized memory (see https://bugzilla.mozilla.org/show_bug.cgi?id=407860#c1 or https://bugzilla.mozilla.org/show_bug.cgi?id=549224#c2) Memcheck:Cond fun:longest_match } { Apple GCC 4.2 bug (see https://bugzilla.mozilla.org/show_bug.cgi?id=566168) Memcheck:Overlap fun:memcpy fun:_Z17SetBackgroundListI18nsCSSValuePairListN17nsStyleBackground4SizeEEvP14nsStyleContextPKT_R12nsAutoTArrayINS1_5LayerELj1EERKSA_MS9_T0_SE_jRjSG_RiSH_ } { Apple GCC 4.2 bug (see https://bugzilla.mozilla.org/show_bug.cgi?id=566168) - ignore it with a hammer. Memcheck:Overlap fun:memcpy } { Bug 571758 Memcheck:Cond fun:_ZN12nsXULElement11IsFocusableEPii } { Bug 573190 -- string doesn't get GC'd; Valgrind isn't the best tool for tracking the issue down Memcheck:Leak ... fun:js_GetStringBytes } { Bug 573192 Memcheck:Leak ... fun:pt_SetMethods } { Bug 573688 Memcheck:Leak fun:malloc fun:sqlite3MemMalloc } { Bug 602447 Memcheck:Param socketcall.sendmsg(msg.msg_iov[i]) ... fun:_ZN3IPC7Channel11ChannelImpl23ProcessOutgoingMessagesEv } { The "arena free list" means the allocation callsite is not especially likely to be the one who caused the leak. Memcheck:Leak fun:malloc fun:PR_Malloc fun:PL_ArenaAllocate } { Cairo leaks at random :( Memcheck:Leak ... fun:_ZNK19nsThebesFontMetrics10GetMetricsEv } { Cairo leaks at random :( Memcheck:Leak ... fun:_ZN14gfxFT2FontBase10GetMetricsEv } { Cairo leaks at random :( Memcheck:Leak ... fun:_ZN9gfxFcFont13GetOrMakeFontEP10_FcPattern } { Cairo leaks at random :( Memcheck:Leak ... fun:_cairo_array_grow_by }