[Xcb] Problem with dock windows and libxcb-icccm

David Coppa dcoppa at gmail.com
Wed Mar 10 02:55:39 PST 2010

Hi all,

There's a problem with dock windows under i3.

These type of windows have xcb_get_property_value_length(reply) = 0,
while all other windows have 72.

This causes a floating-point exception in the
xcb_get_wm_size_hints_from_reply function, making i3 crash.

This is reproducible by launching:

$ while true ; do date && sleep 1 ; done | dzen2 -dock -ta r

This command always makes i3 crash under OpenBSD 4.7 (OpenBSD -current),
which is my test system, but I had occasional crashes under linux too
(up-to-date Arch Linux).

I suggest this patch:

diff --git a/icccm/icccm.c b/icccm/icccm.c
index 0206e4b..b86f4e1 100644
--- a/icccm/icccm.c
+++ b/icccm/icccm.c
@@ -441,7 +441,7 @@ xcb_get_wm_size_hints_from_reply(xcb_size_hints_t *hints, xcb_get_property_reply
   uint32_t flags;
-  if(!reply)
+  if(!reply || xcb_get_property_value_length(reply) == 0)
     return 0;
   int length = xcb_get_property_value_length(reply) / (reply->format / 8);

I'd like to have some feedback on this...
Please have also a look at the following gdb backtrace:

GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd4.7"...
Core was generated by `i3'.
Program terminated with signal 8, Arithmetic exception.


#0  0x0f5635a4 in xcb_get_wm_size_hints_from_reply (hints=0xcfbc8070, 
    reply=0x8593fc20) at /usr/xenocara/dist/xcb-util/icccm/icccm.c:442
442	  length = xcb_get_property_value_length(reply) / (reply->format / 8);
(gdb) bt
#0  0x0f5635a4 in xcb_get_wm_size_hints_from_reply (hints=0xcfbc8070, 
    reply=0x8593fc20) at /usr/xenocara/dist/xcb-util/icccm/icccm.c:442
#1  0x1c00e236 in handle_normal_hints (data=0x0, conn=0x7c847000, 
    state=0 '\0', window=8388613, name=40, reply=0x8593fc20)
    at src/handlers.c:844
#2  0x0fb0dbe4 in call_handler (c=0x7c847000, state=0 '\0', window=8388613, 
    atom=40, h=0x8593f188)
    at /usr/xenocara/dist/xcb-util/property/property.c:63
#3  0x0fb0dc6a in xcb_property_changed (prophs=0xcfbc8374, state=0 '\0', 
    window=8388613, atom=40)
    at /usr/xenocara/dist/xcb-util/property/property.c:79
#4  0x1c012d25 in manage_window (prophs=0xcfbc8374, conn=0x7c847000, 
    window=8388613, cookie={sequence = 261}, needs_to_be_mapped=false)
    at src/manage.c:108
#5  0x1c00ca5d in handle_map_request (prophs=0xcfbc8374, conn=0x7c847000, 
    event=0x854616c0) at src/handlers.c:290
#6  0x0c228129 in xcb_event_handle (evenths=0x3c010f40, event=0x854616c0)
    at /usr/xenocara/dist/xcb-util/event/event.c:77
#7  0x1c011299 in xcb_check_cb (loop=0x874ebc00, w=0x8593fd20, revents=32768)
    at src/mainx.c:111
#8  0x02ee95f4 in ev_invoke_pending () from /usr/local/lib/libev.so.0.0
#9  0x02ee9b89 in ev_loop () from /usr/local/lib/libev.so.0.0
#10 0x1c01293d in main (argc=1, argv=0xcfbc8430, env=0xcfbc8438)
    at src/mainx.c:479

David Coppa

More information about the Xcb mailing list