Reproducible segfault in miPointerUpdateSprite()
Submitted by Martin Jansa
Assigned to Xorg Project Team
Description
Hello,
on armv4t (neo freerunner) we're using xorg from git master and 1.7 branch. There is reproducible segfault in miPointerUpdateSprite()
Not sure where exactly, because first it occured in miDCRestoreUnderCursor(), so commented this function out and tested again and it occured in miDCSaveUnderCursor(), so I commented this one too and it occured in miDCPutUpCursor().
With all miPointerUpdateSprite() calls commented out it works good (just cursor background isn't redrawn).
Another workaround is to run Xorg with -nocursor.
Easiest way to reproduce this is run terminal (vala-terminal) and on screen keyboard (illume-keyboard) and type wery quickly. Maybe its because every key-press is highlighted with key drawn slightly above keyboard, so we're redrawing the same part of screen twice (for cursor-left redraw and key up&down - maybe some concurrency).
Maybe the problem lives in DDX driver for SMedia Glamo graphics http://git.openmoko.org/?p=xf86-video-glamo.git;a=summary
-
Program received signal SIGSEGV, Segmentation fault.
-
[Switching to Thread 0x4001edc0 (LWP 1701)]
-
0x0013c9b4 in miDCRestoreUnderCursor ()
-
Current language: auto; currently asm
-
(gdb) back
-
#0 0x0013c9b4 in miDCRestoreUnderCursor ()
-
#1 (closed) 0x00160780 in miSpriteRemoveCursor ()
-
#2 0x00160934 in miSpriteSetCursor ()
-
#3 (closed) 0x00160a40 in miSpriteMoveCursor ()
-
#4 (closed) 0x00056ad4 in miPointerUpdateSprite ()
-
#5 (closed) 0x0009da28 in ProcXTestFakeInput ()
-
#6 (closed) 0x0004fc58 in Dispatch ()
-
#7 (closed) 0x000216a8 in main ()
-
/* now i commented miDCRestoreUnderCursor out from Xorg */
-
Program received signal SIGSEGV, Segmentation fault.
-
[Switching to Thread 0x4001edc0 (LWP 2175)]
-
0x0013c8e4 in miDCSaveUnderCursor ()
-
Current language: auto; currently asm
-
(gdb) back
-
#0 0x0013c8e4 in miDCSaveUnderCursor ()
-
#1 (closed) 0x001602d4 in miSpriteSaveUnderCursor ()
-
#2 0x0016078c in miSpriteSetCursor ()
-
#3 (closed) 0x001608e0 in miSpriteMoveCursor ()
-
#4 (closed) 0x00056ad4 in miPointerUpdateSprite ()
-
#5 (closed) 0x0009da28 in ProcXTestFakeInput ()
-
#6 (closed) 0x0004fc58 in Dispatch ()
-
#7 (closed) 0x000216a8 in main ()
-
/* now i commented miDCSaveUnderCursor out from Xorg */
-
Program received signal SIGSEGV, Segmentation fault.
-
[Switching to Thread 0x4001edc0 (LWP 2306)]
-
0x0013d500 in miDCPutUpCursor ()
-
Current language: auto; currently asm
-
(gdb) back
-
#0 0x0013d500 in miDCPutUpCursor ()
-
#1 (closed) 0x0015ffc8 in miSpriteRestoreCursor ()
-
#2 0x00160734 in miSpriteMoveCursor ()
-
#3 (closed) 0x00056ad4 in miPointerUpdateSprite ()
-
#4 (closed) 0x0009da20 in ProcXTestFakeInput ()
-
#5 (closed) 0x0004fc58 in Dispatch ()
-
#6 (closed) 0x000216a8 in main ()
-
/* It works ok when I removed every miPointerUpdateSprite call, or when Xorg is executed with -nocursor */
-
/* better backtrace */
-
Program received signal SIGSEGV, Segmentation fault.
-
[Switching to Thread 0x404da000 (LWP 1748)]
-
0x00232d34 in miDCSaveUnderCursor (pDev=0x32f728, pScreen=0x2c2a80, x=304, y=509, w=32, h=32) at midispcur.c:536
-
536 midispcur.c: No such file or directory.
-
in midispcur.c
-
(gdb) break
-
Breakpoint 1 at 0x232d34: file midispcur.c, line 536.
-
(gdb) back
-
#0 0x00232d34 in miDCSaveUnderCursor (pDev=0x32f728, pScreen=0x2c2a80, x=304, y=509, w=32, h=32) at midispcur.c:536
-
#1 (closed) 0x00270588 in miSpriteSaveUnderCursor (pDev=0x32f728, pScreen=0x2c2a80) at misprite.c:1039
-
#2 0x0026fe20 in miSpriteSetCursor (pDev=0x32f728, pScreen=0x2c2a80, pCursor=0x335dd0, x=319, y=524) at misprite.c:902
-
#3 (closed) 0x0026ff74 in miSpriteMoveCursor (pDev=0x32f728, pScreen=0x2c2a80, x=319, y=524) at misprite.c:922
-
#4 (closed) 0x00082420 in miPointerUpdateSprite (pDev=0x32f728) at mipointer.c:428
-
#5 (closed) 0x00103d60 in ProcXTestFakeInput (client=0x453cd8) at xtest.c:454
-
#6 (closed) 0x00103ec0 in ProcXTestDispatch (client=0x453cd8) at xtest.c:487
-
#7 (closed) 0x0006e0a4 in Dispatch () at dispatch.c:445
-
#8 (closed) 0x000218c0 in main (argc=1, argv=0xbec36d14, envp=0xbec36d1c) at main.c:285
Version: git