[compiz] Crash in blur.c (SIGSEGV)

[David Reveman]

On Sat, 2007-05-19 at 12:14 +0200, Artur Uszyński wrote:
> Hello.
> 
> System info:
> OS: FC6 x86_64
> video: Nvidia GF 7900 GT, driver version 97.55
> compiz version: git
> config backend used: ccp
> 
> I can reproduce this crash every time on my system. When blur plugin is active and I try to access any right-click menu, regular application menu or drop-down list, compiz crashes. Backtrace produced by crashhandler plugin shows crash in blur.c in function blurWindowResizeNotify, in the following line:
> 
>         if (bw->state[BLUR_STATE_CLIENT].threshold ||
> 
> The values of bw seem to be wrong and IMO indicate classic problem with null or uninitialized pointer (although I'm not a programmer):
> 
>         bw = (BlurWindow *) 0x0
> 
> Sometimes instead of 0x0 I get values like 0x40 or 0x33373b3338393932, which don't seem to be right either.
> 
> After restarting compiz and immediately accessing exactly the same object (for example repeating right-click on desktop) crash does not happen, but then accessing other similar object crashes compiz again.
> 
> After commenting out the whole "if" statement mentioned above compiz no longer crashes, but probably graphics glitches are introduced instead.
> 
> There was a report including similar description sent on Wed Feb 21 04:34:20 PST 2007:
> 
> > > When I start blurdemo, that works too.  The problem is that sometimes
> > > changing the filter type crashes compiz.  If I run it under a debugger
> > > it starts working again.  All the filter types work with blurdemo.
> 
> "changing the filter type" might be a symptom of the same problem (accessing drop-down list).

This crash is likely caused by decoration and blur plugins calling
wrapped functions from initWindow. I just pushed out some code that
solves this by adding a new WindowAddNotify function that these plugins
now hooks into. I'm pretty sure that this will fix your crash. Give the
latest code a try and let me know.

Thanks,

-David