Bug 14162

Summary: XKB Configuration Causing Segfaults In the X Server
Product: xorg Reporter: David Nusinow <dnusinow>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: brice.goglin, bryce, esigra, jan, mn
Version: git   
Hardware: Other   
OS: All   
URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=461783
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 10101    

Description David Nusinow 2008-01-20 15:48:23 UTC 
As reported by Matthias Berndt in the Debian bug tracker, XKB appears to be causing segfaults in the X server. The version of the server he's using is from the 1.4.1 branch, along with the recent security fixes. As mentioned in the bug report, when he regenerated a new config file that's more minimal, he no longer got segfaults. A backtrace is attached to the original bug.
Comment 1 Julien Cristau 2008-01-21 05:28:53 UTC 
According to the reporter this started happening with the server-1.4-branch snapshot from 20080118, and didn't happen with the one from 20080105.  The only xkb-related change between both versions seems to be 8a3acd3ec41b887b4aeaa0b2932265522c1e2836.
Comment 2 Brice Goglin 2008-01-22 02:02:52 UTC 
FWIW, I've also seen 2 users with problems like this until they remove XkbModel "latitude" from their xorg.conf.
Comment 3 Brice Goglin 2008-01-29 21:53:05 UTC 
Ken Bloom reported a similar backtrace in Debian bug #463194. He was doing

  setxkbmap -I$HOME \
     -layout us,.hebrew \
     -option grp:toggle,grp_led:scroll \
  -print | xkbcomp -I$HOME - :0

with .hebrew file available at http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=.hebrew;att=2;bug=463194
Comment 4 Brice Goglin 2008-02-12 13:03:10 UTC 
Could this be fixed by 7018f280406eb0ef899a4046de274cfdd582881b ?


author  Peter Hutterer <peter@cs.unisa.edu.au>
        Thu, 7 Feb 2008 05:18:04 +0000 (15:18 +1030)

xkb: when copying the keymap, make sure the structs default to 0/NULL.

It actually does help if a pointer is NULL rather than pointing to nirvana
when you're trying to free it lateron. Who would have thought?
Comment 5 Jan de Groot 2008-03-23 05:57:40 UTC 
That commit fixes the crashes completely here.
Comment 6 Timo Aaltonen 2008-04-21 23:32:40 UTC 
*** Bug 15250 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.