[Bug 90940] xserver crash in gtk+ application

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Jun 11 15:22:23 PDT 2015


https://bugs.freedesktop.org/show_bug.cgi?id=90940

--- Comment #6 from Chris Wilson <chris at chris-wilson.co.uk> ---
Definitely looks like if we overflow the rects_embedded array we would cause
that crash. Can you apply

diff --git a/src/sna/sna_tiling.c b/src/sna/sna_tiling.c
index 308efc0..e4796ec 100644
--- a/src/sna/sna_tiling.c
+++ b/src/sna/sna_tiling.c
@@ -334,6 +334,7 @@ sna_tiling_composite_spans_box(struct sna *sna,
        struct sna_tile_state *tile = op->base.priv;
        struct sna_tile_span *a;

+       ErrorF("%s(%d/%d)\n", __func__, tile->rect_count, tile->rect_size);
        if (tile->rect_count == tile->rect_size) {
                int newsize = tile->rect_size * 2;

@@ -582,6 +583,9 @@ sna_tiling_composite_spans(uint32_t op,
        tile->rect_count = 0;
        tile->rect_size = ARRAY_SIZE(tile->rects_embedded);

+       ErrorF("%s: sizeof(tile->rects_embedded)=%d, sizeof(span_box)=%d\n",
+                       __func__, sizeof(tile->rects_embedded), sizeof(struct
sna_tile_span));
+
        tmp->box   = sna_tiling_composite_spans_box;
        tmp->boxes = sna_tiling_composite_spans_boxes;
        tmp->done  = sna_tiling_composite_spans_done;

and attach the new Xorg.0.log?

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20150611/9a9e4da2/attachment-0001.html>


More information about the intel-gfx-bugs mailing list