jerror.c: Silence MSan uninitialized value warning

If an error manager instance is passed to jpeg_std_error(), then its format_message() method will point to the format_message() function in jerror.c. The format_message() function passes all eight values from the jpeg_error_mgr::msg_parm.i[] array as arguments to snprintf()/_snprintf_s(), even if the format string doesn't use all of those values. Subsequently invoking one of the ERREXIT[1-6]() macros will leave the unused values uninitialized, and if the -fsanitize-memory-param-retval option (introduced in Clang 14) is enabled (which it is by default in Clang 16 and later), then MSan will complain when the format_message() function tries to pass the uninitialized-but-unused values as function arguments. This commit modifies jpeg_std_error() so that it zeroes out the error manager instance passed to it, thus working around the warning as well as simplifying the code. Closes #761
libjpeg-turbo · May 6, 2024 · 7fa4b5b · 7fa4b5b
1 parent 3f43bb3
commit 7fa4b5b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 9 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -174,7 +174,7 @@ jobs:
         run: |
           mkdir build
           pushd build
-          cmake -G"Unix Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS_RELWITHDEBINFO="-O0 -g -fsanitize=memory -fno-sanitize-recover=all -fPIE" -DWITH_SIMD=0 ..
+          cmake -G"Unix Makefiles" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_C_FLAGS_RELWITHDEBINFO="-O0 -g -fsanitize=memory -fsanitize-memory-param-retval -fno-sanitize-recover=all -fPIE" -DWITH_SIMD=0 ..
           export NUMCPUS=`grep -c '^processor' /proc/cpuinfo`
           make -j$NUMCPUS --load-average=$NUMCPUS
           make test

diff --git a/jerror.c b/jerror.c
@@ -229,23 +229,17 @@ reset_error_mgr(j_common_ptr cinfo)
 GLOBAL(struct jpeg_error_mgr *)
 jpeg_std_error(struct jpeg_error_mgr *err)
 {
+  memset(err, 0, sizeof(struct jpeg_error_mgr));
+
   err->error_exit = error_exit;
   err->emit_message = emit_message;
   err->output_message = output_message;
   err->format_message = format_message;
   err->reset_error_mgr = reset_error_mgr;
 
-  err->trace_level = 0;         /* default = no tracing */
-  err->num_warnings = 0;        /* no warnings emitted yet */
-  err->msg_code = 0;            /* may be useful as a flag for "no error" */
-
   /* Initialize message table pointers */
   err->jpeg_message_table = jpeg_std_message_table;
   err->last_jpeg_message = (int)JMSG_LASTMSGCODE - 1;
 
-  err->addon_message_table = NULL;
-  err->first_addon_message = 0; /* for safety */
-  err->last_addon_message = 0;
-
   return err;
 }