<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - NULL deref in busy_cursor_grab_focus causes SEGV"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=64689">64689</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>wayland-bugs@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>NULL deref in busy_cursor_grab_focus causes SEGV
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>ullysses.a.eoff@intel.com
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>weston
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Wayland
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=79444" name="attach_79444" title="weston gdb backtrace">attachment 79444</a> <a href="attachment.cgi?id=79444&action=edit" title="weston gdb backtrace">[details]</a></span>
weston gdb backtrace

Weston crashes due to a NULL deref in busy_cursor_grab_focus() on
"grab->shsurf" (see attached gdb backtrace).  This is triggered with various
clutter and efl client test cases that I've tried.  If you run the following
clutter conform test, you can trigger the crash about 95% of the time:

./test-conformance -k --verbose -p /conform/actor/actor_pick  

When weston crashes, it prints the following message to the console:

[15:12:54.169] caught signal: 11
[15:12:54.170]   [000000000040e176]  --  (weston)
[15:12:54.170]   [000000000040e25e]  --  (weston)
[15:12:54.170]   [00007f70b2a03fe0]  --  (/lib64/libpthread.so.0)
[15:12:54.170]   [00007f70ad63b00c]  -- 
(/home/uartie/Work/intel/wayland/install/lib/weston/desktop-shell.so)
[15:12:54.170]   [000000000040f67d]  --  (weston)
[15:12:54.170]   [000000000040a86a]  --  (weston)
[15:12:54.170]   [000000000040b834]  --  (weston)
[15:12:54.170]   [000000000040ba1d]  weston_output_finish_frame  (weston)
[15:12:54.170]   [00007f70b0fdd438]  -- 
(/home/uartie/Work/intel/wayland/install/lib/weston/x11-backend.so)
[15:12:54.170]   [00007f70b0fdd736]  -- 
(/home/uartie/Work/intel/wayland/install/lib/weston/x11-backend.so)
[15:12:54.170]   [00007f70b349d29b]  -- 
(/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0)
[15:12:54.170]   [00007f70b349dba4]  wl_event_loop_dispatch 
(/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0)
[15:12:54.170]   [00007f70b349b673]  wl_display_run 
(/home/uartie/Work/intel/wayland/install/lib/libwayland-server.so.0)
[15:12:54.170]   [000000000040ee88]  --  (weston)
[15:12:54.170]   [0000003763221735]  __libc_start_main  (/lib64/libc.so.6)
[15:12:54.170]   [0000000000407659]  --  (weston)

It appears that the client-side crashes before the server-side.

First bad Weston commit is be6403ed5c4fdab884d391778e2572aae109f1a0</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>