Null pointer in `CursorInfoPtr` causes segfault in xf86ScreenMoveCursor
On NixOS unstable channel with vanilla xserver-1.20.7 (also occurs with xserver-1.20.5), gnome-shell 3.34.3
Using nvidia optimus with driver 440.59, linux-5.5.2. If this turns out to be an upstream NVidia issue I would appreciate suggestions on how to report there.
Replicate
LibreOffice Writer
The crash seems to be triggered by selecting text in a table, or perhaps moving the cursor into a formatted table?
GIMP
Open a large image (6000x4000 24bit color in my example) and move the cursor into the image display area.
In both cases the x session will suddenly terminate. I was able to recover a core from systemd/coredumpctl. In both cases the core file gives the same backtrace in gdb:
GDB backtrace
[New LWP 1690]
[New LWP 1661]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/wx1vk75bpdr65g6xwxbj4rw0pk04v5j3-glibc-2.27/lib/libthread_db.so.1".
Core was generated by `/nix/store/9lchmjf9hxynnhgv53irz1xk9c7f2s7w-xorg-server-1.20.7/bin/X -config /n'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000004c0d05 in xf86ScreenMoveCursor ()
[Current thread is 1 (Thread 0x7f4c25f68700 (LWP 1690))]
(gdb) bt
#0 0x00000000004c0d05 in xf86ScreenMoveCursor ()
#1 0x00000000004c1472 in xf86MoveCursor ()
#2 0x0000000000583d0b in miPointerMoveNoEvent ()
#3 0x0000000000584b40 in miPointerSetPosition ()
#4 0x0000000000457a80 in positionSprite.part.0 ()
#5 0x000000000045819d in fill_pointer_events ()
#6 0x000000000045984f in GetPointerEvents ()
#7 0x0000000000459e40 in QueuePointerEvents ()
#8 0x00007f4c264da377 in xf86libinput_handle_event () from /nix/store/3035bbjpxgbvx0xv05fw0skk6qh5dj7h-xf86-input-libinput-0.28.2/lib/xorg/modules/input/libinput_drv.so
#9 0x00007f4c264daa70 in xf86libinput_read_input () from /nix/store/3035bbjpxgbvx0xv05fw0skk6qh5dj7h-xf86-input-libinput-0.28.2/lib/xorg/modules/input/libinput_drv.so
#10 0x0000000000599d63 in InputReady ()
#11 0x000000000059c3a1 in ospoll_wait ()
#12 0x0000000000599bae in InputThreadDoWork ()
#13 0x00007f4c2b656ef7 in start_thread () from /nix/store/y9zg6ryffgc5c9y67fcmfdkyyiivjzpj-glibc-2.27/lib/libpthread.so.0
#14 0x00007f4c2b58c2af in clone () from /nix/store/y9zg6ryffgc5c9y67fcmfdkyyiivjzpj-glibc-2.27/lib/libc.so.6
(gdb)
I can provide the core file if requested.