• The output currently contains a large number of false-positives and — AFAICT —
no actual issues.
• Upstream shows little interest in addressing the long-standing issues with the
TAILQ macros, so the false-positive situation probably won’t change soon:
https://bugs.llvm.org/show_bug.cgi?id=18222
Currently, we largely spend travis CPU cycles on this, for no additional value.
For opaque text, SOURCE is not any different from OVER. However, when
drawing color glyphs (which consist of RGBA pixels instead of strokes)
SOURCE's handling of alpha is not what we want.
I stumbled across this because cairo 1.15.8 seems to clear the surface
before drawing color emoji if the operator is SOURCE, deleting every-
thing drawn before. Arguably, the area outside the glyph bounds should
not be touched, but even if this is a cairo bug the problem of alpha
within the glyph remains.
The code in handle_signal() wasn't clearing the struct sigaction before passing it to sigaction().
This meant that we would block a random set of signals while executing the default handler, or jump to the uninitialized __sa_sigaction__ (instead of sa_handler).
Initialize properly as we do in setup_signal_handler().
If conn == NULL or display == NULL, init_dpi() jumps to init_dpi_end
before (declaring and) initializing resource. In init_dpi_end, there
is a free(resource) call conditionally on resource != NULL, so this
may lead to a bogus free. Found by clang -Wsometimes-uninitialized.
This fixes the following issue when having an error early in the config file:
==1562==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6220000180ff at pc 0x55c837edb1d3 bp 0x7ffee7534650 sp 0x7ffee7534648
READ of size 1 at 0x6220000180ff thread T0
#0 0x55c837edb1d2 in start_of_line ../../i3/src/config_parser.c:238
#1 0x55c837edc96f in parse_config ../../i3/src/config_parser.c:493
#2 0x55c837edf527 in parse_file ../../i3/src/config_parser.c:1091
#3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65
#4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230
#5 0x55c837f0a8d0 in main ../../i3/src/main.c:539
#6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#7 0x55c837e95eb9 in _start (/home/michael/i3/build/i3+0x4beb9)
0x6220000180ff is located 1 bytes to the left of 5165-byte region [0x622000018100,0x62200001952d)
allocated by thread T0 here:
#0 0x7fb63e590cf8 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1cf8)
#1 0x55c837f59aa6 in smalloc ../../i3/libi3/safewrappers.c:24
#2 0x55c837edef45 in parse_file ../../i3/src/config_parser.c:1029
#3 0x55c837ecf14b in parse_configuration ../../i3/src/config.c:65
#4 0x55c837ed1ef4 in load_configuration ../../i3/src/config.c:230
#5 0x55c837f0a8d0 in main ../../i3/src/main.c:539
#6 0x7fb63ae042b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
Vladimir Panteleev