| Summary: | XCopyArea causes segfault with bad parameters | ||||||
|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | Sami Farin <safari-ml-freedesktop-bugzilla-kv7oy2vp4mc4jvudr6vccb7oetrzzqe7fwnhahno> | ||||
| Component: | Server/General | Assignee: | Xorg Project Team <xorg-team> | ||||
| Status: | RESOLVED FIXED | QA Contact: | Xorg Project Team <xorg-team> | ||||
| Severity: | critical | ||||||
| Priority: | high | CC: | jesserayadkins, kasper.peeters | ||||
| Version: | 6.99.99.902 (7.0 RC2) | ||||||
| Hardware: | x86 (IA32) | ||||||
| OS: | Linux (All) | ||||||
| Whiteboard: | |||||||
| i915 platform: | i915 features: | ||||||
| Attachments: |
|
||||||
Created attachment 4099 [details] XCopyArea crashtest $ gcc -O2 -o crash crash.c -lXpm -lXext -lX11 $ ./crash [ wait some seconds till the bar crashes thru the borders :-q ] Original source at ftp://ftp.fi.debian.org/pub/debian/pool/main/w/wmcpu/wmcpu_1.3.orig.tar.gz Is this the same bug as #6642? It would be good to know if the fix there resolves this problem. I might bother recompiling Xorg when Fedora releases Xorg src.rpm which contains working server, as in "no 0 MHz problems". https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188770 (Looks I have deleted server version 1.0.1 src.rpm ...) I wasted six hours playing with Fedora's latest Xorg (xorg-x11-server-1.0.99.903-1) which has fix mentioned in #6642, but I get segfault with it, too. Fedora's Xorg also gives me max 55 Hz refresh rate and latest evdev does not work, so I am back to Xorg 1.0.1. Fedora's xorg 1.1.1-55 with today's i810 modesetting branch do not crash. Sorry about the phenomenal bug spam, guys. Adding xorg-team@ to the QA contact so bugs don't get lost in future. I tried this yesterday using xserver 1.9 and Ubuntu 10.10. No crash, but I did see a message about an XIO error on app closure. This looks fixed, so I'm closing it like it is. Reopen if I'm wrong. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
I was adding my own hacks into wmcpu dock applet (which runs at size 64x64). I made a little typo in the code and Xorg segfaulted. wmcpu has this kind of code: #define copy_xpm_area(x, y, w, h, dx, dy) \ XCopyArea(display, pixmap, pixmap, gc, x, y, w, h, dx, dy) My error was with param1: copy_xpm_area(3, 75, param1, 9, xoffset + param1, 5); when it went too big, Xorg segfaulted. If you want specific test case, I think I can might bother to do that in a couple of days. But meanwhile, here were the logs: Fatal server error: Caught signal 11. Server aborting X connection to :0.0 broken (explicit kill or server shutdown). XIO: fatal IO error 104 (Connection reset by peer) on X server ":0.0" after 129790 requests (129773 known processed) with 0 events remaining. /usr/bin/xinit: connection to X server lost. X connection to :0.0 broken (explicit kill or server shutdown). ... Fatal server error: Caught signal 11. Server aborting /usr/bin/xinit: connection to X server lost. /usr/local/bin/wmaker warning: got signal 1 - exiting... xterm: fatal IO error 104 (Connection reset by peer) or KillClient on X server ":0.0" xscreensaver: SIGHUP received: restarting... xscreensaver: running as safari/safari (500/500) ... when values are "not too fscked to cause segfault", I get: /usr/local/bin/wmaker warning: internal X error: RenderBadPicture (invalid Picture parameter) Request code: 152 Request minor code: 7 Resource ID: 0x4015b2 Error serial: 93933 I run fedora's xorg-x11-server-Xorg-0.99.3-9 -i386 (--) PCI:*(1:0:0) Matrox Graphics, Inc. MGA G200 AGP rev 1, Mem @ 0xd8000000/24, 0xd4000000/14, 0xd5000000/23 ... (II) Module mga: vendor="X.Org Foundation" compiled for 6.99.99.902, module version = 1.2.1 Module class: X.Org Video Driver ABI class: X.Org Video Driver, version 0.8