[Xcb] [Bug 71507] New: ABI breakage: Qt segfaults when run against libxcb 1.9.3

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Nov 11 10:42:36 PST 2013 

https://bugs.freedesktop.org/show_bug.cgi?id=71507

          Priority: medium
            Bug ID: 71507
          Assignee: xcb at lists.freedesktop.org
           Summary: ABI breakage: Qt segfaults when run against libxcb
                    1.9.3
        QA Contact: xcb at lists.freedesktop.org
          Severity: blocker
    Classification: Unclassified
                OS: All
          Reporter: psychon at znc.in
          Hardware: Other
            Status: NEW
           Version: unspecified
         Component: Library
           Product: XCB

As seen elsewhere[0], Qt5 segfaults when run against the latest xcb release.

Thanks to Tommalla from #qt-labs, I got the following backtrace for this crash:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff0ae2120 in QXcbKeyboard::updateVModMapping() () from
/usr/lib64/qt5/plugins/platforms/libqxcb.so
(gdb) bt
#0  0x00007ffff0ae2120 in QXcbKeyboard::updateVModMapping() () from
/usr/lib64/qt5/plugins/platforms/libqxcb.so
#1  0x00007ffff0ae25e8 in QXcbKeyboard::QXcbKeyboard(QXcbConnection*) () from
/usr/lib64/qt5/plugins/platforms/libqxcb.so
#2  0x00007ffff0adef90 in QXcbConnection::QXcbConnection(QXcbNativeInterface*,
bool, char const*) () from /usr/lib64/qt5/plugins/platforms/libqxcb.so
#3  0x00007ffff0ae11ba in QXcbIntegration::QXcbIntegration(QStringList const&,
int&, char**) () from /usr/lib64/qt5/plugins/platforms/libqxcb.so
#4  0x00007ffff0af1790 in QXcbIntegrationPlugin::create(QString const&,
QStringList const&, int&, char**) () from
/usr/lib64/qt5/plugins/platforms/libqxcb.so
[...]

I asked him to tell gdb to "disassemble" and got the following snippet:

   0x00007ffff0ae2118 <+232>:   and    %eax,%r15d
   0x00007ffff0ae211b <+235>:   mov    0x78(%rsp),%rax
=> 0x00007ffff0ae2120 <+240>:   mov    (%rax,%rdx,4),%edx
   0x00007ffff0ae2123 <+243>:   callq  0x7ffff0ade5c0
<_ZN14QXcbConnection8atomNameEj>

So this segfaults right before calling QXcbConnection::atomName(unsigned
int)[1].

The relevant code is here: [2]

Because it segfaults right before calling atomName(), it must be dying in line
1064 where it just indexes into the result of
xcb_xkb_get_names_value_list_unpack().

If you want me to guess, then the size of this struct changed because of commit
37d0f55392d68d0a05dcf5d793d729e49108f1b7. This introduced a new alignment_pad
field and thus shifted all the following members around by four byte. (Having
just written this sentence, I am pretty sure that this is the reason for the
crash).

[0]:
https://bugreports.qt-project.org/browse/QTBUG-34748
https://bbs.archlinux.org/viewtopic.php?id=172746
https://bugs.freedesktop.org/show_bug.cgi?id=71502

[1]:
$ c++filt _ZN14QXcbConnection8atomNameEj
QXcbConnection::atomName(unsigned int)

[2]:
https://qt.gitorious.org/qt/qtbase/source/fd619946be51784dc709363324897be6af144c52:src/plugins/platforms/xcb/qxcbkeyboard.cpp#L1019

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/xcb/attachments/20131111/b50b42f2/attachment.html>

More information about the Xcb mailing list