[Nouveau] [Bug 10927] New: segmentation fault in NVUploadToScreen, called from exaPutImage

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Sat May 12 08:05:30 PDT 2007 

http://bugs.freedesktop.org/show_bug.cgi?id=10927

           Summary: segmentation fault in NVUploadToScreen, called from
                    exaPutImage
           Product: xorg
           Version: git
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Driver/nouveau
        AssignedTo: nouveau at lists.freedesktop.org
        ReportedBy: pq at iki.fi
         QAContact: xorg-team at lists.x.org


Using Xorg 7.2 with xorg-server 1.3 (also 1.2) and Nouveau DRM and DDX from git
May 12th 2007, starting sylpheed-claws leads to a deterministic segfault with
the following backtrace:

#0  0x00002b7f8689c237 in NVUploadToScreen (pDst=0xb782b0, x=0, y=0, w=16,
    h=5, src=0x2b7f8e293440 "žžÌÿžžÌÿžžÌÿ\005", src_pitch=6144) at
nv_exa.c:351
#1  0x00002b7f883b94b1 in exaPutImage (pDrawable=0xb782b0, pGC=0x7c8300,
    depth=<value optimized out>, x=-784, y=-48, w=<value optimized out>, h=64,
    leftPad=0, format=2, bits=0x2b7f8e23a000 "") at exa_accel.c:206
#2  0x0000000000522fdb in damagePutImage (pDrawable=0xb782b0, pGC=0x7c8300,
    depth=32, x=-784, y=-48, w=1536, h=64, leftPad=0, format=2,
    pImage=0x2b7f8e23a000 "") at damage.c:786
#3  0x00000000004f7232 in miShmPutImage (dst=0xb77e00, pGC=0xb28030, depth=32,
    format=2, w=1536, h=64, sx=-784, sy=48, sw=16, sh=16, dx=0, dy=0,
    data=0x2b7f8e23a000 "") at shm.c:520
#4  0x00000000004f83af in ProcShmPutImage (client=0x9bfda0) at shm.c:881
#5  0x00000000004f91ac in ProcShmDispatch (client=0x2b7f8c4c7bc0) at shm.c:1114
#6  0x0000000000449ffa in Dispatch () at dispatch.c:457
#7  0x000000000043320b in main (argc=7, argv=0x7fff2585fb88,
    envp=<value optimized out>) at main.c:445

The offending line nv_exa.c:351:
memcpy(pNv->AGPScratch->map, src, nlines*src_pitch);

Apparently this memcpy is inlined as:
0x00002b7f8689c237 <NVUploadToScreen+295>:      rep movsb %ds:(%rsi),%es:(%rdi)

%ds = 0x0
%es = 0x0
%rsi = 0x2b7f8e29a000
%rdi = 0x2b7f8c4c7bc0
src = 0x2b7f8e293440
pNv->AGPScratch->map = 0x2b7f8c4c1000

Computing from these, SEGV triggers on the 5th line at byte 3008 (or byte 27584
in total). I have not verified these numbers are the same every time, but the
backtrace is the same.

This bug appeared when I updated from Xorg 7.1 to Xorg 7.2.

Using Option "EXANoUploadToScreen" "true" in Device section does circumvent
this, but the desktop becomes very sluggish, and then I can hit another bug,
which does not seem Nouveau related.


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Nouveau mailing list