Bug 6842

Summary: Segfault in fbSolid() on vt switch
Product: xorg Reporter: Dan Williams <dcbw>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED WORKSFORME QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: high    
Version: 7.1 (2006.05)   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 8888, 10101    

Description Dan Williams 2006-05-05 06:41:37 UTC 
When at gdm, log in, and after the gdm screen goes away, switch to a vt.  X
segfaults.

Program received signal SIGSEGV, Segmentation fault.
fbSolid (dst=0x0, dstStride=704, dstX=Variable "dstX" is not available.
) at fbsolid.c:73
73                      *dst++ = xor;
(gdb) bt
#0  fbSolid (dst=0x0, dstStride=704, dstX=Variable "dstX" is not available.
) at fbsolid.c:73
#1  0x001a238b in fbFillRegionSolid (pDrawable=0x851ad10, pRegion=0x8548980,
    and=0, xor=560537961) at fbwindow.c:224
#2  0x001a2473 in fbPaintWindow (pWin=0x851ad10, pRegion=0x8548980, what=0)
    at fbwindow.c:332
#3  0x005b0a20 in XAAPaintWindow (pWin=0x851ad10, prgn=0x8548980, what=0)
    at xaaPaintWin.c:194
#4  0x0815596e in cwPaintWindowBackground (pWin=0x851ad10, pRegion=0x8548980,
    what=0) at cw.c:461
#5  0x08151111 in damagePaintWindow (pWindow=0x851ad10, prgn=0x8548980, what=0)
    at damage.c:1593
#6  0x0818f77d in compPaintWindowBackground (pWin=0x851ad10,
    pRegion=0x8548980, what=0) at compwindow.c:254
#7  0x0810630a in miWindowExposures (pWin=0x851ad10, prgn=0x8548980,
    other_exposed=0x0) at miexpose.c:568
#8  0x003c4879 in DRIWindowExposures (pWin=0x851ad10, prgn=0x8548980,
    bsreg=0x0) at dri.c:1588
#9  0x080ca57a in xf86XVWindowExposures (pWin=0x851ad10, reg1=0x8548980,
    reg2=0x0) at xf86xv.c:1066
#10 0x0811e038 in miHandleValidateExposures (pWin=0x851ad10) at miwindow.c:472
#11 0x080c23cf in xf86SetRootClip (pScreen=0x84cc0a0, enable=1)
    at xf86Helper.c:1225
#12 0x0059a3f3 in XAAEnableDisableFBAccess (index=0, enable=1) at xaaInit.c:779
---Type <return> to continue, or q <return> to quit---
#13 0x00548fdc in xf86CursorEnableDisableFBAccess (index=0, enable=1)
    at xf86Cursor.c:210
#14 0x080d44ac in xf86RandRSetMode (pScreen=0x84cc0a0, mode=0x84dc230,
    useVirtual=0, mmWidth=Variable "mmWidth" is not available.
) at xf86RandR.c:208
#15 0x080d46e3 in xf86RandRSetConfig (pScreen=0x84cc0a0, rotation=1, rate=0,
    pSize=0x8548778) at xf86RandR.c:266
#16 0x0814e352 in ProcRRSetScreenConfig (client=0x854ae90) at randr.c:840
#17 0x080869da in Dispatch () at dispatch.c:459
#18 0x0806e405 in main (argc=9, argv=0xbfb69db4, envp=Cannot access memory at
address 0x2c4
) at main.c:447
(gdb) list
68                  dst++;
69              }
70              n = nmiddle;
71              if (!and)
72                  while (n--)
73                      *dst++ = xor;
74              else
75                  while (n--)
76                  {
77                      *dst = FbDoRRop (*dst, and, xor);

xorg-x11-server-Xorg-1.0.99.902-1
Comment 1 Dan Williams 2006-05-05 06:46:56 UTC 
In fbFillRegionSolid(), turns out that:

fbSolid (dst + (pbox->y1 + dstYoff) * dstStride,

dst = 0x0
pbox->y1 = 0
dstYoff = 0
dstStride = 704

(gdb) print *pbox
$10 = {x1 = 0, y1 = 0, x2 = 1400, y2 = 1050}
Comment 2 Daniel Stone 2007-02-27 01:31:59 UTC 
Sorry about the phenomenal bug spam, guys.  Adding xorg-team@ to the QA contact so bugs don't get lost in future.
Comment 3 Adam Jackson 2007-04-08 13:37:23 UTC 
Move to 7.3 tracker.
Comment 4 Dan Williams 2008-03-13 07:20:08 UTC 
bug is pretty old; feel free to close if you can't reproduce easily.  Machine was a dual Xeon P4 2.4 with a FireGL card using open drivers.
Comment 5 Adam Jackson 2008-05-06 10:12:24 UTC 
Closing per comment #4.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.