[Bug 80157] Buffer Overflow in xf86-video-intel

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Wed Jun 18 11:25:08 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=80157

--- Comment #9 from typingtothemaxbuyer at gmail.com ---
Thanks for the build fix. I'm experiencing the following segfault while using
git head (273c82a) with full debug and valgrind. I will link to the full xorg
logs below, but here are the last few lines before the segfault:

...
[  2844.716] sna_dri2_immediate_blit: emitting immediate blit, throttling
client, synced? 0, chained? 0, send-event? 1
[  2844.716] sna_dri2_immediate_blit: no pending blit, starting chain
[  2844.716] is_clipped: region[0]x(5, 5),(5, 5) against drawable 1366x768
[  2844.716] __sna_dri2_copy_region: draw=(5, 5), delta=(0, 0), draw=(5,
5),(1371, 773), clip.extents=(5, 5), (5, 5)
[  2844.716] __sna_dri2_copy_region: all clipped
[  2844.716] sna_dri2_immediate_blit: fake triple buffering, unblocking client
[  2844.716] frame_swap_complete: draw=17194960, pipe=0, frame=125511
[msc=125511], tv=2844.701337
[  2844.716] sna_accel_flush: flush?=0, dirty?=0
[  2844.716] sna_dri2_immediate_blit: continue? 0
[  2844.716] sna_dri2_event_free
[  2844.716] sna_dri2_remove_event: remove[0x10a0680] from window 23068673)
[  2844.716] _sna_dri2_destroy_buffer: 0x105d930 [handle=44] -- refcnt=7,
pixmap=3
[  2844.716] _sna_dri2_destroy_buffer: 0x1065f30 [handle=71] -- refcnt=2,
pixmap=0
[  2844.716] sna_accel_flush: flush?=0, dirty?=0
[  2844.716] sna_accel_flush: flush?=0, dirty?=0
[  2844.716] sna_accel_flush: flush?=0, dirty?=0
[  2844.716] sna_accel_flush: flush?=0, dirty?=0
[  2844.716] sna_block_handler (tv=114.646000)
[  2844.716] sna_accel_do_throttle -- no pending activity
[  2844.717] sna_wakeup_handler
[  2844.717] sna_accel_wakeup_handler: nbatch=0, need_retire=0, need_purge=0
[  2844.717] sna_mode_wakeup: len=32
[  2844.717] sna_mode_wakeup: removing handle=25 from scanout, installing
handle=44
[  2844.717] sna_mode_wakeup: flip complete, pending? 1
[  2844.717] sna_dri2_flip_handler: sequence=125512
[  2844.717] sna_dri2_flip_event(pipe=0, event=5)
[  2844.717] sna_dri2_flip_event: triple buffer swap complete, unblocking
client
[  2844.717] frame_swap_complete: draw=17446864, pipe=0, frame=125512
[msc=125512], tv=2844.718028
[  2844.717] sna_accel_flush: flush?=0, dirty?=0
[  2844.717] sigtrap_handler(sig=11) sigtrap=0
[  2844.717] (EE) 
[  2844.717] (EE) Backtrace:
[  2844.718] (EE) 0: /usr/bin/X (xorg_backtrace+0x56) [0x58f0c6]
[  2844.719] (EE) 1: /usr/bin/X (0x400000+0x192f09) [0x592f09]
[  2844.719] (EE) 2: /usr/lib/libpthread.so.0 (0x7f59637b1000+0xf4b0)
[0x7f59637c04b0]
[  2844.719] (EE) 3: /usr/bin/X (AttendClient+0x8) [0x591198]
[  2844.719] (EE) 4: /usr/bin/X (DRI2SwapComplete+0x145) [0x55fe15]
[  2844.719] (EE) 5: /usr/lib/xorg/modules/drivers/intel_drv.so
(0x7f595dd35000+0x1811f5) [0x7f595deb61f5]
[  2844.719] (EE) 6: /usr/lib/xorg/modules/drivers/intel_drv.so
(0x7f595dd35000+0x18269f) [0x7f595deb769f]
[  2844.719] (EE) 7: /usr/lib/xorg/modules/drivers/intel_drv.so
(0x7f595dd35000+0x17f76a) [0x7f595deb476a]
[  2844.719] (EE) 8: /usr/lib/xorg/modules/drivers/intel_drv.so
(0x7f595dd35000+0xb7321) [0x7f595ddec321]
[  2844.719] (EE) 9: /usr/lib/xorg/modules/drivers/intel_drv.so
(0x7f595dd35000+0xba7ca) [0x7f595ddef7ca]
[  2844.719] (EE) 10: /usr/bin/X (WakeupHandler+0xaa) [0x43b78a]
[  2844.719] (EE) 11: /usr/bin/X (WaitForSomething+0x1c7) [0x58c4f7]
[  2844.719] (EE) 12: /usr/bin/X (0x400000+0x36841) [0x436841]
[  2844.719] (EE) 13: /usr/bin/X (0x400000+0x3ac06) [0x43ac06]
[  2844.719] (EE) 14: /usr/lib/libc.so.6 (__libc_start_main+0xf0)
[0x7f596241e000]
[  2844.719] (EE) 15: /usr/bin/X (0x400000+0x24fee) [0x424fee]
[  2844.719] (EE) 
[  2844.719] (EE) Segmentation fault at address 0x0
[  2844.719] (EE) 
Fatal server error:
[  2844.719] (EE) Caught signal 11 (Segmentation fault). Server aborting
[  2844.719] (EE) 
[  2844.719] (EE) 


Full xorg.0.log:
https://drive.google.com/file/d/0B65Vz2P-Uk37Y0ZxU012NFgwR0E/edit?usp=sharing

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20140618/62f2c7ff/attachment.html>

More information about the intel-gfx-bugs mailing list