Xorg server 1.5.2 SEGV during XFixesGetCursorImage()
Submitted by Karl Runge
Assigned to Xorg Project Team
Created attachment 20159 Xorg.0.log output and xorg.conf
I have a test machine running ubuntu 8.10 that is running this version of the X server:
X.Org X Server 1.5.2 Release Date: 10 October 2008 X Protocol Version 11, Revision 0 Build Operating System: Linux 2.6.24-19-server i686 Ubuntu Current Operating System: Linux fred-desktop 2.6.27-7-generic #1 SMP Tue Nov 4 19:33:20 UTC 2008 i686 Build Date: 24 October 2008 08:00:16AM xorg-server 2:1.5.2-2ubuntu3 (email@example.com)
The x11vnc (http://www.karlrunge.com/x11vnc) VNC server uses XFixesGetCursorImage() to retrieve the current cursor's pixels.
Normally this is working fine with X.Org X Server 1.5.2. However, at a critical point when GDM is starting the user's X session, this crash occurs nearly always:
Backtrace: 0: /usr/X11R6/bin/X(xf86SigHandler+0x79) [0x80c3009] 1: [0xb7f89400] 2: /usr/X11R6/bin/X [0x8158279] 3: /usr/X11R6/bin/X(CallCallbacks+0x4e) [0x80909ae] 4: /usr/X11R6/bin/X(XaceHook+0x7e) [0x815702e] 5: /usr/X11R6/bin/X(ProcXFixesGetCursorImageAndName+0x8b) [0x8147e9b] 6: /usr/X11R6/bin/X [0x814639c] 7: /usr/X11R6/bin/X(Dispatch+0x34f) [0x808c89f] 8: /usr/X11R6/bin/X(main+0x47d) [0x8071d1d] 9: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7b93685] 10: /usr/X11R6/bin/X [0x8071101] Saw signal 11. Server aborting. (II) Macintosh mouse button emulation: Close (II) UnloadModule: "evdev" (II) ImPS/2 Generic Wheel Mouse: Close (II) UnloadModule: "evdev" (II) AT Translated Set 2 keyboard: Close (II) UnloadModule: "evdev" (II) AIGLX: Suspending AIGLX clients for VT switch (II) CHROME(0): VIALeaveVT (II) CHROME(0): [drm] Cleaning up DMA ring-buffer. (II) CHROME(0): ViaCursorStore (II) CHROME(0): VIARestore (II) CHROME(0): ViaDisablePrimaryFIFO
Some others are reporting this problem:
The way this mode works is that x11vnc exports via VNC the X server when it is showing the GDM greeter login. The user connects via VNC and then logs in via his username and password. GDM then starts the user's X session.
Normally at this point GDM will kill all clients (via XKillClient(3)) however, one uses the GDM 'KillInitClients=false' setting to prevent this.
Previously this worked fine and the user would not be disconnected after he logs in. Now, however, the X server actually crashes right after he logs in.
It is not clear to me what could be making the X server vulnerable that this point with GDM starts the users X session...
Attachment 20159, "Xorg.0.log output and xorg.conf":