Bug#654080: xserver-xorg-video-mach64: Crash in Mach64UploadToScreen on ATI 3D Rage II+
Package: xserver-xorg-video-mach64
Version: 6.9.0
Severity: important
Tags: upstream patch
Turning on the EXA acceleration for the mach64 driver on the ATI 3D Rage II+
creates a segfault as soon as anything serious (for example xterm or
gdm) opens
on the X server. Note that the mach64 driver does not support DRI for
the card.
The segfault appears in Mach64UploadToScreen() in atimach64exa.c, to be
specific in the memcpy(). Debugging reveals that pDst->devPrivate.ptr of the
Pixmap passed in is NULL and hence the driver crashes. Playing with various
options in the Device section of the X server does not change the situation,
except turning off acceleration or changing the acceleration mode from
EXA to
XAA. Note that the card is slow in any event, but any type of acceleration
would be welcome.
While it is unclear to me why libexa passes in a NULL Pixmap destination
pointer to the call, the following patch seems to fix or work around the
problem:
char *dst = pDst->devPrivate.ptr;
+ if (dst == NULL)
+ return FALSE;
int dst_pitch = exaGetPixmapPitch(pDst);
int bpp = pDst->drawable.bitsPerPixel;
int cpp = (bpp + 7) / 8;
int wBytes = w * cpp;
A similar patch should also be applied to Mach64DownloadFromScreen() for
similar reasons. Probably the bug is not in the mach64 driver but in
libexa or
any other component of X not passing in valid pointer in first place.
The same bug is found in revision 6.8.2 (stable) as well as in 6.9.0
(unstable,
testing) of the package.
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: powerpc
Kernel: Linux 2.6.35.12
Locale: LANG=de_DE.iso-8859-1, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Reply to: