Memory error when using Xephyr with Xinerama enabled
Submitted by Marco Trevisan @3v1n0
Assigned to Xorg Project Team
Link to original bug (#106230)
Description
Just try to run something like:
valgrind Xephyr :2 +extension RANDR +xinerama
-screen 800x600 -screen 800x600+800+0
==12009== Memcheck, a memory error detector ==12009== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==12009== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==12009== Command: Xephyr :2 +extension RANDR -screen 800x600 -screen 800x600+800+0 +xinerama ==12009== ==12009== Syscall param msync(start) points to uninitialised byte(s) ==12009== at 0x891FB91: msync (msync.c:25) ==12009== by 0x55952F3: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x5599230: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x559953E: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x5599A98: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x5595E70: _ULx86_64_step (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x5596A4C: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x5593E21: backtrace (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1) ==12009== by 0x2CFD26: OsInit (osinit.c:217) ==12009== by 0x19D14C: dix_main (main.c:154) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== Address 0x1ffeffd040 is on thread 1's stack ==12009== ==12009== Invalid write of size 4 ==12009== at 0x224C31: PanoramiXMaybeAddVisual (panoramiX.c:799) ==12009== by 0x224C31: PanoramiXConsolidate (panoramiX.c:822) ==12009== by 0x19D60E: dix_main (main.c:243) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== Address 0x15befbb0 is 0 bytes after a block of size 960 alloc'd ==12009== at 0x4C2FA3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12009== by 0x4C31D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12009== by 0x224C4D: PanoramiXMaybeAddDepth (panoramiX.c:756) ==12009== by 0x224C4D: PanoramiXConsolidate (panoramiX.c:819) ==12009== by 0x19D60E: dix_main (main.c:243) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== ==12009== Invalid read of size 4 ==12009== at 0x224644: PanoramiXCreateConnectionBlock (panoramiX.c:656) ==12009== by 0x19D3D0: dix_main (main.c:260) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== Address 0x15befbb0 is 0 bytes after a block of size 960 alloc'd ==12009== at 0x4C2FA3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12009== by 0x4C31D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12009== by 0x224C4D: PanoramiXMaybeAddDepth (panoramiX.c:756) ==12009== by 0x224C4D: PanoramiXConsolidate (panoramiX.c:819) ==12009== by 0x19D60E: dix_main (main.c:243) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== ==12009== Invalid free() / delete / delete[] / realloc() ==12009== at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==12009== by 0x22472C: PanoramiXCreateConnectionBlock (panoramiX.c:675) ==12009== by 0x19D3D0: dix_main (main.c:260) ==12009== by 0x8B4EB96: (below main) (libc-start.c:310) ==12009== Address 0x2d0000002cf is not stack'd, malloc'd or (recently) free'd ==12009==
This ends up in a crash when launching on that a window manager for example (or just mutter).
Version: git