Skip to content

Xwayland segfault in `ProcChangePointerControl`

Description

This is a downstream bug in Fedora, Xwayland crashes in ProcChangePointerControl

Steps to reproduce

Unknown

Expected result

Xwayland works

Actual result

Xwayland crashes in ProcChangePointerControl

Additional info

The backtrace fro mthe downstream bug report reads as:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `/usr/bin/Xwayland :0 -rootless -noreset -accessx -core -auth /run/user/1000/.mu'.
Program terminated with signal SIGABRT, Aborted.
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
[Current thread is 1 (Thread 0x7f3c1c082a80 (LWP 2933))]

Thread 1 (Thread 0x7f3c1c082a80 (LWP 2933)):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
        set = {__val = {171516928, 0, 0, 0, 0, 0, 0, 0, 94439322966512, 67108868, 139896154763744, 0, 140735806923376, 0, 0, 7}}
        pid = <optimized out>
        tid = <optimized out>
        ret = <optimized out>
#1  0x00007f3c1c8088a4 in __GI_abort () at abort.c:79
        save_stage = 1
        act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {16820053764634595328, 0, 94439322962992, 171515904, 0, 7, 0, 0, 0, 0, 0, 0, 2, 0, 0, 0}}, sa_flags = 479884352, sa_restorer = 0x0}
        sigs = {__val = {32, 0, 2, 9223372036854775822, 0, 0, 0, 0, 0, 0, 0, 139895741874180, 139896154763744, 0, 0, 32}}
#2  0x000055e45e4c4c90 in OsAbort () at ../../os/utils.c:1351
No locals.
#3  0x000055e45e4d200c in AbortServer () at ../../os/log.c:879
No locals.
#4  FatalError (f=0x55e45e4fb388 "Caught signal %d (%s). Server aborting\n") at ../../os/log.c:1017
        args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff9bc759e0, reg_save_area = 0x7fff9bc75910}}
        args2 = {{gp_offset = 8, fp_offset = 48, overflow_arg_area = 0x7fff9bc759e0, reg_save_area = 0x7fff9bc75910}}
        beenhere = 1
#5  0x000055e45e4c5a7d in OsSigHandler (unused=<optimized out>, sip=0x7fff9bc75b30, signo=11) at ../../os/osinit.c:156
No locals.
#6  OsSigHandler (signo=11, sip=0x7fff9bc75b30, unused=<optimized out>) at ../../os/osinit.c:110
No locals.
#7  <signal handler called>
No locals.
#8  0x000055e45e4868d1 in ProcChangePointerControl (client=0x55e45f4f1c20) at ../../dix/devices.c:2264
        dev = <optimized out>
        mouse = 0x55e45efe9bb0
        ctrl = <error reading variable ctrl (Cannot access memory at address 0x8)>
        rc = <optimized out>
        stuff = 0x55e45f53d610
#9  0x000055e45e3661c0 in Dispatch () at ../../dix/dispatch.c:497
        result = <optimized out>
        client = 0x55e45f4f1c20
        start_tick = 51295
        result = <optimized out>
        client = <optimized out>
        start_tick = <optimized out>
        ext = <optimized out>
#10 dix_main (envp=<optimized out>, argv=0x7fff9bc76298, argc=16) at ../../dix/main.c:276
        i = <optimized out>
        alwaysCheckForInput = {0, 1}
        i = <optimized out>
        alwaysCheckForInput = {<optimized out>, <optimized out>}
        pScreen = <optimized out>
        pScreen = <optimized out>
        remember_it = <optimized out>
        pScreen = <optimized out>
#11 main (argc=16, argv=0x7fff9bc76298, envp=<optimized out>) at ../../dix/stubmain.c:34
No locals.

In dix/devices.c line 2264 reads:

ctrl = mouse->ptrfeed->ctrl;

So the theory is that ptrfeed would be NULL there.

In Xwayland we initiate InitPtrFeedbackClassDeviceStruct for all but the touch device (from xwl_touch_proc())

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information