[PATCH] dix: In MakeWindowOptional: Fix crash if parentOptional->cursor is NULL.
Kim Woelders
kim at woelders.dk
Sun Sep 27 12:16:00 PDT 2009
On Fri, 25 Sep 2009 03:11:59 +0200, Peter Hutterer
<peter.hutterer at who-t.net> wrote:
> On Fri, Sep 25, 2009 at 12:05:35AM +0200, Kim Woelders wrote:
>>
>> Signed-off-by: Kim Woelders <kim at woelders.dk>
>> ---
>> dix/window.c | 3 ++-
>> 1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/dix/window.c b/dix/window.c
>> index caff1cb..d4bc41c 100644
>> --- a/dix/window.c
>> +++ b/dix/window.c
>> @@ -3470,7 +3470,8 @@ MakeWindowOptional (WindowPtr pWin)
>> if (!pWin->cursorIsNone)
>> {
>> optional->cursor = parentOptional->cursor;
>> - optional->cursor->refcnt++;
>> + if (optional->cursor)
>> + optional->cursor->refcnt++;
>> }
>> else
>> {
>> --
>> 1.6.4.4
> Out of interest, what's the test scenario for that?
>
> I've looked at the code and can't find the trigger. If
> (!pWin->cursorIsNone),
> the window has to have a cursor set (and thus already have a
> WindowOptional).
> If the parent had a cursor and it was inherited here, then setting the
> parent to a NoneCursor should patch up the child accordingly anyway.
> So right now, I'm not sure about the actual flow to trigger that and
> worry
> that it may be part of a larger screwup.
>
Yeah, I was suspecting that this might not be a proper fix, and I must
admit I cannot reproduce the crash.
There definitely is something wrong though, I have the server crashing on
me in about ten different ways, and I'm suspecting some kind of memory
corruption.
One crash I can reproduce reliably is this:
Start server. Start xterm. Kill xterm. Server dies:
~# gdb /usr/bin/X
GNU gdb (GDB) Fedora (6.8.91.20090925-2.fc12)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/X...Reading symbols from
/usr/lib/debug/usr/bin/Xorg.debug...done.
done.
(gdb) r :0
Starting program: /usr/bin/X :0
[Thread debugging using libthread_db enabled]
X.Org X Server 1.6.99.902 (1.7.0 RC 2)
Release Date: 2009-9-22
X Protocol Version 11, Revision 0
Build Operating System: 2.6.18-164.el5
Current Operating System: Linux kwport2.wwnet 2.6.31.1-48.fc12.i686 #1 SMP
Fri Sep 25 17:13:30 EDT 2009 i686
Kernel command line: ro root=/dev/VolGroup00/LogVol00 selinux=0
SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=dk rd_plytheme=charge
Build Date: 22 September 2009 02:06:09AM
Build ID: xorg-x11-server 1.6.99.902-1.fc12
Current version of pixman: 0.16.0
Before reporting problems, check http://bodhi.fedoraproject.org/
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sun Sep 27 19:30:40 2009
(==) Using default built-in configuration (30 lines)
[tcsetpgrp failed in terminal_inferior: Operation not permitted]
Detaching after fork from child process 5432.
FATAL: Module fbcon not found.
Setting master
SELinux: Disabled on system, not enabling in X server
record: RECORD extension enabled at configure time.
record: This extension is known to be broken, disabling extension now..
record: http://bugs.freedesktop.org/show_bug.cgi?id=20500
Detaching after fork from child process 5433.
Detaching after fork from child process 5434.
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
> Ignoring extra symbols
Errors from xkbcomp are not fatal to the X server
Detaching after fork from child process 5435.
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning: Type "ONE_LEVEL" has 1 levels, but <RALT> has 2 symbols
> Ignoring extra symbols
Errors from xkbcomp are not fatal to the X server
Dropping master
Program received signal SIGSEGV, Segmentation fault.
0x00de42d2 in drm_intel_bo_alloc (bufmgr=0x0, name=0xabcd9c "ARGB cursor",
size=16384, alignment=4096) at intel_bufmgr.c:51
51 return bufmgr->bo_alloc(bufmgr, name, size, alignment);
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-7.i686
freetype-2.3.9-6.fc12.i686 keyutils-libs-1.2-6.fc12.i686
krb5-libs-1.7-8.fc12.i686 libattr-2.4.43-4.fc12.i686
libcap-2.16-5.fc12.i686 libcom_err-1.41.9-3.fc12.i686
libfontenc-1.0.5-2.fc12.i686 libgcc-4.4.1-17.i686 libudev-145-9.fc12.i686
mesa-dri-drivers-7.6-0.13.fc12.i686
xorg-x11-drv-evdev-2.2.99-8.20090923.fc12.i686
xorg-x11-drv-fbdev-0.4.1-1.fc12.i686
xorg-x11-drv-intel-2.8.0-16.20090909.fc12.i686
xorg-x11-drv-synaptics-1.1.99-7.20090907.fc12.i686
xorg-x11-drv-vesa-2.2.1-1.fc12.i686
(gdb) bt
#0 0x00de42d2 in drm_intel_bo_alloc (bufmgr=0x0, name=0xabcd9c "ARGB
cursor",
size=16384, alignment=4096) at intel_bufmgr.c:51
#1 0x00a8610b in fbComposite () at fbpict.c:159
#2 0x00a86bcb in fbComposite () at fbpict.c:159
#3 0x00a7bd06 in fbComposite () at fbpict.c:159
#4 0x00a80437 in fbComposite () at fbpict.c:159
#5 0x080689c8 in AddScreen (pfnInit=<value optimized out>,
argc=<value optimized out>, argv=<value optimized out>) at
dispatch.c:4068
#6 0x080b6b50 in InitOutput (pScreenInfo=<value optimized out>,
argc=<value optimized out>, argv=<value optimized out>) at
xf86Init.c:1054
#7 0x080626a0 in main (argc=<value optimized out>, argv=<value optimized
out>,
envp=<value optimized out>) at main.c:204
(gdb)
xterm could be any other x app. It looks like the server crashes when the
last client exits.
Xorg.0.log is attached.
/Kim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Xorg.0.log
Type: application/octet-stream
Size: 21044 bytes
Desc: not available
Url : http://lists.x.org/archives/xorg-devel/attachments/20090927/5b22bede/attachment-0001.obj
More information about the xorg-devel
mailing list