Bug 8776

Summary: xorg-x11 crashes when closing laptop lid
Product: xorg Reporter: Bram Verweij <amverweij>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: high CC: colin, joshuabaergen, wendallc
Version: 7.1 (2006.05)   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 6666    
Attachments:
Description Flags
Check zero-pointer result of strtok in lnx_acpi.c
none
new patch that fixes real problem none

Description Bram Verweij 2006-10-26 07:37:03 UTC
When I run an X session, and I close the lid of my laptop, my session terminates.
Here's a stack trace from a crashed session:
Backtrace:
0: /usr/bin/X(xf86SigHandler+0x96) [0x80b9248]
1: [0xffffe420]
2: /lib/libc.so.6(strtoul+0x3e) [0xb7d4966e]
3: /usr/bin/X [0x80c8f66]
4: /usr/bin/X(xf86HandlePMEvents+0x2f) [0x80a644b]
5: /usr/bin/X(xf86Wakeup+0x131) [0x80ba1cc]
6: /usr/bin/X(WakeupHandler+0x41) [0x8083f48]
7: /usr/bin/X(WaitForSomething+0x21c) [0x815054c]
8: /usr/bin/X(Dispatch+0x7f) [0x8080f64]
9: /usr/bin/X(main+0x4cb) [0x806e668]
10: /lib/libc.so.6(__libc_start_main+0xd8) [0xb7d32878]
11: /usr/bin/X(FontFileCompleteXLFD+0xa1) [0x806dad1]
I believe the same problem has been reported upon in,
https://bugs.freedesktop.org/show_bug.cgi?id=5140, as the backtrace is similar.
 However bug 5140 suggests that it is sloved in 7.1.

I've recompiled my X server in debug and produced a core. With the core, it was
clear that on lines 76 and 82 the file hw/xfree86/os-support/linux/lnx_acpi.c,
the result of strtok is not checked to be non-null. Hence a null-pointer is
passed to strtoul, which crashes strtoul and the X server. Indeed, checking the
result of strtok before passing it to strtoul solves the problem.
Comment 1 Bram Verweij 2006-10-26 07:40:32 UTC
Created attachment 7531 [details] [review]
Check zero-pointer result of strtok in lnx_acpi.c

When I include this patch, my X server survives closing and opening the lid of
my beautifull 6 years old Dell inspiron 4000...
Comment 2 Bram Verweij 2006-10-26 07:48:44 UTC
It is bug 6364 that has the similar stack trace, not 5140. Sorry about the mixup.
Comment 3 Erik Andren 2006-10-26 11:28:38 UTC
*** Bug 8717 has been marked as a duplicate of this bug. ***
Comment 4 Bram Verweij 2006-10-27 06:59:18 UTC
Created attachment 7553 [details] [review]
new patch that fixes real problem

Take another look at lnx_acpi.c, starting from line 61. In the event of the
crash, the string that should be parsed is "video VID 00000080 00000000".

The old code tries to chop off "video" with a call to strtok(ev, "video") on
line 68, and then goes on to parse the rest of the string. This is not what
happens: the call to strtok sees "v","i","d","e", and "o" as delimiters, and
puts the first non-empty string (i.e., " VID 0000080 00000000") into the
variable video. The remainder of the string is then empty; the subsequent calls
to strtok(NULL, " ") return NULL. When such a NULL is passed to strtoul, we
have our well-known crash.

This new patch changes the initial call to strtok to indeed just chop off the
"video" bit by using a space as delimiter. This leaves the rest for parsing
into GFX, notify and data. This seems to be what was intended, enabling the
debug code in there also puts the right lines into my Xorg.0.log.

I've removed the zero-pointer checks from my earlier patch; even though this is
making assumptions about the format that is being read; i.e., all video events
should read "video <string1> <string2> <string3>". I don't have the specs but
it seems that this assumption is valid.
Comment 5 Colin Guthrie 2006-11-05 16:01:47 UTC
I've just tested this on my Mandriva Cooker x11-server pacakage and it has
appeared to fix the problem I was having on my Dell Inspiron 6400 (2.0 GHz Core
2 Duo x86_64 with pci=noirq arg which hides one of the cores but makes the
machine usable!).

My xorg used to crash whenever I closed the lit. With the attached patch applied
I no longer get a crash.
Comment 6 Colin Guthrie 2006-11-05 16:02:30 UTC
Adding me to CC.
Comment 7 Daniel Stone 2006-11-08 08:01:40 UTC
committed to master, and server 1.2 branch, thanks

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.