[Bug 90940] xserver crash in gtk+ application
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Thu Jun 11 15:22:23 PDT 2015
https://bugs.freedesktop.org/show_bug.cgi?id=90940
--- Comment #6 from Chris Wilson <chris at chris-wilson.co.uk> ---
Definitely looks like if we overflow the rects_embedded array we would cause
that crash. Can you apply
diff --git a/src/sna/sna_tiling.c b/src/sna/sna_tiling.c
index 308efc0..e4796ec 100644
--- a/src/sna/sna_tiling.c
+++ b/src/sna/sna_tiling.c
@@ -334,6 +334,7 @@ sna_tiling_composite_spans_box(struct sna *sna,
struct sna_tile_state *tile = op->base.priv;
struct sna_tile_span *a;
+ ErrorF("%s(%d/%d)\n", __func__, tile->rect_count, tile->rect_size);
if (tile->rect_count == tile->rect_size) {
int newsize = tile->rect_size * 2;
@@ -582,6 +583,9 @@ sna_tiling_composite_spans(uint32_t op,
tile->rect_count = 0;
tile->rect_size = ARRAY_SIZE(tile->rects_embedded);
+ ErrorF("%s: sizeof(tile->rects_embedded)=%d, sizeof(span_box)=%d\n",
+ __func__, sizeof(tile->rects_embedded), sizeof(struct
sna_tile_span));
+
tmp->box = sna_tiling_composite_spans_box;
tmp->boxes = sna_tiling_composite_spans_boxes;
tmp->done = sna_tiling_composite_spans_done;
and attach the new Xorg.0.log?
--
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-gfx-bugs/attachments/20150611/9a9e4da2/attachment-0001.html>
More information about the intel-gfx-bugs
mailing list