All tests done on my Pentium3 machine with a Matrox G400 video card in
1600x1200x32 mode.
I observed a crash in the following situations:
- SDL program started with SDL_VIDEODRIVER=dga with X
- started by GDM along with Sawfish
- started directly along with Sawfish
- started directly along with KWin
I observed a non-crash in the following situations:
- XFree86 4.1
- dga test program (X started by gdm with sawfish)
- non-dga SDL programs
- X started directly with no window manager
Steps to reproduce: (another SDL program may be used in place of
frozen-bubble)
su -c 'apt-get install frozen-bubble'
# [kill X]
XFree86
# [change vc]
export DISPLAY=:0
sawfish & # or kwin &
xterm &
# [switch to xterm]
SDL_VIDEODRIVER=dga /usr/games/frozen-bubble
# [wait until it finishes loading]
# <Esc>
# [crash]
$ gdb XFree86 core
(gdb) bt
#0 0x080a6698 in xf86HandleColormaps ()
#1 0x080a6656 in xf86HandleColormaps ()
#2 0x0807d81c in DGAShutdown ()
#3 0x0806d59c in ddxGiveUp ()
#4 0x0806d676 in AbortDDX ()
#5 0x080d3528 in GiveUp ()
#6 0x080d49c6 in FatalError ()
#7 0x0807f448 in xf86SigHandler ()
#8 0x4008a678 in sigaction () from /lib/libc.so.6
#9 0x080a65cf in xf86HandleColormaps ()
#10 0x085f6209 in ?? ()
#11 0x0807d3ef in xf86SetDGAMode ()
#12 0x0855f295 in ?? ()
#13 0x0860a454 in ?? ()
#14 0x080a6616 in xf86HandleColormaps ()
#15 0x0807d858 in DGASetMode ()
#16 0x0824e31e in ?? ()
#17 0x0824eb29 in ?? ()
#18 0x080aefb6 in Dispatch ()
#19 0x080bf12b in main ()
#20 0x4007a14f in __libc_start_main () from /lib/libc.so.6
(gdb) disass 0x080a6698
0x80a5e10 <xf86HandleColormaps>: push %ebp
0x80a5e11 <xf86HandleColormaps+1>: mov %esp,%ebp
[...]
0x80a665f <xf86HandleColormaps+2127>: leave
0x80a6660 <xf86HandleColormaps+2128>: ret
0x80a6661 <xf86HandleColormaps+2129>: lea 0x0(%esi),%esi
0x80a6664 <xf86HandleColormaps+2132>: push %ebp
0x80a6665 <xf86HandleColormaps+2133>: mov %esp,%ebp
0x80a6667 <xf86HandleColormaps+2135>: sub $0x10,%esp
0x80a666a <xf86HandleColormaps+2138>: push %esi
0x80a666b <xf86HandleColormaps+2139>: push %ebx
0x80a666c <xf86HandleColormaps+2140>: mov 0x8(%ebp),%ecx
0x80a666f <xf86HandleColormaps+2143>: mov 0xc(%ecx),%eax
0x80a6672 <xf86HandleColormaps+2146>: mov 0x8196ec0,%edx
0x80a6678 <xf86HandleColormaps+2152>: mov 0x168(%eax),%eax
0x80a667e <xf86HandleColormaps+2158>: mov (%eax,%edx,4),%esi
0x80a6681 <xf86HandleColormaps+2161>: mov 0x8196ec4,%edx
0x80a6687 <xf86HandleColormaps+2167>: mov 0x48(%ecx),%eax
0x80a668a <xf86HandleColormaps+2170>: mov (%eax,%edx,4),%ebx
0x80a668d <xf86HandleColormaps+2173>: mov 0x3c(%esi),%edx
0x80a6690 <xf86HandleColormaps+2176>: mov (%ebx),%eax
0x80a6692 <xf86HandleColormaps+2178>: dec %eax
0x80a6693 <xf86HandleColormaps+2179>: cmp $0xffffffff,%eax
0x80a6696 <xf86HandleColormaps+2182>: je 0x80a66a0 <xf86HandleColormaps+2192>
0x80a6698 <xf86HandleColormaps+2184>: mov %eax,(%edx,%eax,4) <<<<*********************
0x80a669b <xf86HandleColormaps+2187>: sub $0x1,%eax
0x80a669e <xf86HandleColormaps+2190>: jae 0x80a6698 <xf86HandleColormaps+2184>
0x80a66a0 <xf86HandleColormaps+2192>: cmpl $0x0,0x8(%ebx)
0x80a66a4 <xf86HandleColormaps+2196>: je 0x80a66b4 <xf86HandleColormaps+2212>
0x80a66a6 <xf86HandleColormaps+2198>: add $0xfffffffc,%esp
0x80a66a9 <xf86HandleColormaps+2201>: push %edx
0x80a66aa <xf86HandleColormaps+2202>: pushl (%ebx)
0x80a66ac <xf86HandleColormaps+2204>: push %ecx
0x80a66ad <xf86HandleColormaps+2205>: call 0x80a66ec <xf86HandleColormaps+2268>
0x80a66b2 <xf86HandleColormaps+2210>: jmp 0x80a66dc <xf86HandleColormaps+2252>
0x80a66b4 <xf86HandleColormaps+2212>: add $0xfffffff4,%esp
0x80a66b7 <xf86HandleColormaps+2215>: pushl (%ecx)
0x80a66b9 <xf86HandleColormaps+2217>: pushl 0x4(%ebx)
0x80a66bc <xf86HandleColormaps+2220>: push %edx
0x80a66bd <xf86HandleColormaps+2221>: pushl (%ebx)
0x80a66bf <xf86HandleColormaps+2223>: pushl (%esi)
0x80a66c1 <xf86HandleColormaps+2225>: mov 0x18(%esi),%eax
0x80a66c4 <xf86HandleColormaps+2228>: call *%eax
(gdb) info registers
eax 0x401758e7 1075271911
ecx 0x8929e40 143826496
edx 0x8635b70 140729200
ebx 0x401758f0 1075271920
esp 0xbfffefac 0xbfffefac
ebp 0xbfffefc4 0xbfffefc4
esi 0x860d378 140563320
edi 0x0 0
eip 0x80a6698 0x80a6698
eflags 0x13217 78359
[...]
$ lspci -vv
01:00.0 VGA compatible controller: Matrox Graphics, Inc. MGA G400 AGP (rev 04) (prog-if 00 [VGA])
Subsystem: Matrox Graphics, Inc. Millennium G400 MAX/Dual Head 32Mb
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B-
Status: Cap+ 66Mhz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR-
Latency: 64 (4000ns min, 8000ns max), cache line size 08
Interrupt: pin A routed to IRQ 11
Region 0: Memory at ce000000 (32-bit, prefetchable) [size=32M]
Region 1: Memory at cd000000 (32-bit, non-prefetchable) [size=16K]
Region 2: Memory at cc800000 (32-bit, non-prefetchable) [size=8M]
Expansion ROM at cdff0000 [disabled] [size=64K]
Capabilities: [dc] Power Management version 2
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 PME-Enable- DSel=0 DScale=0 PME-
Capabilities: [f0] AGP version 2.0
Status: RQ=31 SBA+ 64bit- FW- Rate=x1,x2
Command: RQ=31 SBA+ AGP+ 64bit- FW- Rate=x2
$ dpkg -s xserver-xfree86
Package: xserver-xfree86
Status: install ok installed
Priority: optional
Section: x11
Installed-Size: 11284
Maintainer: Branden Robinson <branden@debian.org>
Source: xfree86
Version: 4.2.0-0pre1v1
[...]
$ xdpyinfo
name of display: :0.0
version number: 11.0
vendor string: The XFree86 Project, Inc
vendor release number: 40200000
XFree86 version: 4.2.0
maximum request size: 4194300 bytes
motion buffer size: 256
bitmap unit, bit order, padding: 32, LSBFirst, 32
image byte order: LSBFirst
number of supported pixmap formats: 7
supported pixmap formats:
depth 1, bits_per_pixel 1, scanline_pad 32
depth 4, bits_per_pixel 8, scanline_pad 32
depth 8, bits_per_pixel 8, scanline_pad 32
depth 15, bits_per_pixel 16, scanline_pad 32
depth 16, bits_per_pixel 16, scanline_pad 32
depth 24, bits_per_pixel 32, scanline_pad 32
depth 32, bits_per_pixel 32, scanline_pad 32
keycode range: minimum 8, maximum 255
focus: window 0x160001f, revert to Parent
number of extensions: 29
BIG-REQUESTS
DEC-XTRAP
DOUBLE-BUFFER
DPMS
Extended-Visual-Information
FontCache
GLX
LBX
MIT-SCREEN-SAVER
MIT-SHM
MIT-SUNDRY-NONSTANDARD
RECORD
RENDER
SECURITY
SGI-GLX
SHAPE
SYNC
TOG-CUP
XC-APPGROUP
XC-MISC
XFree86-Bigfont
XFree86-DGA
XFree86-DRI
XFree86-Misc
XFree86-VidModeExtension
XInputExtension
XKEYBOARD
XTEST
XVideo
default screen number: 0
number of screens: 1
screen #0:
dimensions: 1600x1200 pixels (366x277 millimeters)
resolution: 111x110 dots per inch
depths (7): 24, 1, 4, 8, 15, 16, 32
root window id: 0x46
depth of root window: 24 planes
number of colormaps: minimum 1, maximum 1
default colormap: 0x20
default number of colormap cells: 256
preallocated pixels: black 0, white 16777215
options: backing-store NO, save-unders NO
largest cursor: 64x64
current input event mask: 0x5a20fd
KeyPressMask ButtonPressMask ButtonReleaseMask
EnterWindowMask LeaveWindowMask PointerMotionMask
PointerMotionHintMask ButtonMotionMask StructureNotifyMask
SubstructureNotifyMask SubstructureRedirectMask PropertyChangeMask
number of visuals: 16
default visual id: 0x23
visual:
visual id: 0x23
class: TrueColor
depth: 24 planes
available colormap entries: 256 per subfield
red, green, blue masks: 0xff0000, 0xff00, 0xff
significant bits in color specification: 8 bits
[...]
Attachment:
signature.asc
Description: This is a digitally signed message part