Bug#235914: marked as done (xfree86: [libXfont] SEGV in fs_read_list_info() (see #294320))
Your message dated Sun, 3 Apr 2005 18:55:01 -0500
with message-id <20050403235501.GR10138@redwald.deadbeast.net>
and subject line Bug#235914: xlibmesa-dri: fontglide screensaver totally locks up machine every time
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Mar 2004 05:43:18 +0000
>From jlb@houseofdistraction.com Tue Mar 02 21:43:18 2004
Return-path: <jlb@houseofdistraction.com>
Received: from houseofdistraction.com [206.63.251.121] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1AyPA6-0002zp-00; Tue, 02 Mar 2004 21:43:18 -0800
Received: from (belly) [192.168.1.4] (jlb)
by houseofdistraction.com with smtp (Exim 3.35 #1 (Debian))
id 1AyPA5-0006oJ-00; Tue, 02 Mar 2004 21:43:17 -0800
Received: by belly (sSMTP sendmail emulation); Tue, 2 Mar 2004 21:43:16 -0800
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jeff Bowden <jlb@houseofdistraction.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xlibmesa-dri: fontglide screensaver totally locks up machine every time
Bcc: Jeff Bowden <jlb@houseofdistraction.com>
X-Mailer: reportbug 2.49
Date: Tue, 02 Mar 2004 21:43:16 -0800
Message-Id: <E1AyPA5-0006oJ-00@houseofdistraction.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_01
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2004_03_01
X-Spam-Level:
Package: xlibmesa-dri
Version: 4.3.0-3
Severity: normal
In the same update that brought me 4.3 I also got new xscreensaver hacks.
Unfortunately one of them called "fontglide" totally locks up the system.
I have no real evidence that dri is the problem, just a hunch.
This happens on a Radeon 9200 and also on an M9.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.3-mppe
Locale: LANG=C, LC_CTYPE=C
Versions of packages xlibmesa-dri depends on:
ii xlibmesa-gl 4.3.0-3 Mesa 3D graphics library [XFree86]
-- no debconf information
---------------------------------------
Received: (at 235914-done) by bugs.debian.org; 3 Apr 2005 23:55:03 +0000
>From branden@redwald.deadbeast.net Sun Apr 03 16:55:03 2005
Return-path: <branden@redwald.deadbeast.net>
Received: from cpe-65-26-182-85.indy.res.rr.com (sisyphus.deadbeast.net) [65.26.182.85]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIEvn-0002hT-00; Sun, 03 Apr 2005 16:55:03 -0700
Received: by sisyphus.deadbeast.net (Postfix, from userid 1000)
id DCACE68C019; Sun, 3 Apr 2005 18:55:01 -0500 (EST)
Date: Sun, 3 Apr 2005 18:55:01 -0500
From: Branden Robinson <branden@debian.org>
To: 235914-done@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#235914: xlibmesa-dri: fontglide screensaver totally locks up machine every time
Message-ID: <20050403235501.GR10138@redwald.deadbeast.net>
Reply-To: 235914@bugs.debian.org
References: <E1AyPA5-0006oJ-00@houseofdistraction.com> <1078317108.2805.67.camel@thor.asgaard.local> <4046ADD5.30002@houseofdistraction.com> <1078392698.12583.138.camel@thor.asgaard.local> <40481997.9020107@houseofdistraction.com> <1078486988.2751.16.camel@thor.asgaard.local> <404A54AF.2030102@houseofdistraction.com> <20040308210007.GC24615@deadbeast.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="kLVKJMuKEUFaIs8+"
Content-Disposition: inline
In-Reply-To: <20040308210007.GC24615@deadbeast.net>
Mail-Copies-To: nobody
X-No-CC: I subscribe to this list; do not CC me on replies.
User-Agent: Mutt/1.5.8i
Delivered-To: 235914-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
--kLVKJMuKEUFaIs8+
Content-Type: multipart/mixed; boundary="cYG5ZC/RuVsIq1ir"
Content-Disposition: inline
--cYG5ZC/RuVsIq1ir
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
tag 235914 - help
retitle 235914 xfree86: [libXfont] SEGV in fs_read_list_info() (see #294320)
thanks
I believe this bug was fixed in xfree86 4.3.0.dfsg.1-11; sometime
subsequent to your report, Guillem Jover filed a bug with a patch, and it
looks like it may be a duplicate of this report.
xfree86 (4.3.0.dfsg.1-11) unstable; urgency=3Dmedium
[...]
* Add patch #099v by Guillem Jover to fix a SEGV in font server code
shared between xfs and the X server. Thanks, Guillem! (Closes: #29432=
0)
[...]
-- Branden Robinson <branden@debian.org> Fri, 11 Feb 2005 02:14:27 -0500
I'm attaching the patch in question, which does indeed fix a SEGV in
fs_read_list_info() which is caused by a bad assumption that "rep" is a
valid pointer when it's not. While I can't see from the backtrace what the
local variables are (buf and rep, particularly), I suspect this to be the
same issue.
I am therefore closing this report. Thank you for reporting it.
On Mon, Mar 08, 2004 at 04:00:07PM -0500, Branden Robinson wrote:
> retitle 235914 xfree86: [libXfont] SEGV in fs_read_list_info()
> tag 235914 + upstream help
> thanks
>=20
> On Sat, Mar 06, 2004 at 02:46:07PM -0800, Jeff Bowden wrote:
> > OK, I finally figured out to run XFree86-debug with the "-ac" flag fro=
m=20
> > the console and connect to the process with gdb --pid=3D<pid>. When I=
=20
> > run /usr/lib/xscreensaver/fontglide from another remote shell I get the=
=20
> > crash with the following output:
> >=20
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x40146fbf in memcpy () from /lib/tls/libc.so.6
> > (gdb) bt
> > #0 0x40146fbf in memcpy () from /lib/tls/libc.so.6
> > #1 0x08c31070 in ?? ()
> > #2 0xbffff7e0 in ?? ()
> > #3 0x088cfadd in fs_read_list_info (fpe=3D0x8b566c0, blockrec=3D0x8c31=
070)=20
> > at fserve.c:2376
> > #4 0x088ce1b4 in fs_read_reply (fpe=3D0x8b566c0, client=3D0x0) at fser=
ve.c:1310
> > #5 0x088ce2c8 in fs_wakeup (fpe=3D0x8b566c0, mask=3D0x8acb3e0) at fser=
ve.c:1349
> > #6 0x084b0eb5 in FontWakeup (data=3D0x0, count=3D1,=20
> > LastSelectMask=3D0x8acb3e0) at dixfonts.c:190
> > #7 0x0848d67f in WakeupHandler (result=3D1, pReadmask=3D0x8acb3e0) at=
=20
> > dixutils.c:459
> > #8 0x084b685f in WaitForSomething (pClientsReady=3D0xbffff834) at=20
> > WaitFor.c:353
> > #9 0x084842bc in Dispatch () at dispatch.c:379
> > #10 0x0849b95c in main (argc=3D2, argv=3D0xbffffd24, envp=3D0xbffffd30)=
at=20
> > main.c:469
>=20
> Here's the part of fserve.c in question:
>=20
> 2356 buf =3D (char *) rep + SIZEOF (fsListFontsWithXInfoReply);
> 2357
> 2358 /*
> 2359 * The original FS implementation didn't match
> 2360 * the spec, version 1 was respecified to match the FS.
> 2361 * Version 2 matches the original intent
> 2362 */
> 2363 if (conn->fsMajorVersion <=3D 1)
> 2364 {
> 2365 memcpy (binfo->name, buf, rep->nameLength);
> 2366 buf +=3D _fs_pad_length (rep->nameLength);
> 2367 }
> 2368 pi =3D (fsPropInfo *) buf;
> 2369 buf +=3D SIZEOF (fsPropInfo);
> 2370 po =3D (fsPropOffset *) buf;
> 2371 buf +=3D pi->num_offsets * SIZEOF (fsPropOffset);
> 2372 pd =3D (pointer) buf;
> 2373 buf +=3D pi->data_len;
> 2374 if (conn->fsMajorVersion > 1)
> 2375 {
> 2376 memcpy (binfo->name, buf, rep->nameLength);
> 2377 buf +=3D _fs_pad_length (rep->nameLength);
> 2378 }
>=20
> Help wanted!
>=20
> --=20
> G. Branden Robinson | Somewhere, there is a .sig so fun=
ny
> Debian GNU/Linux | that reading it will cause an
> branden@debian.org | aneurysm. This is not that .sig.
> http://people.debian.org/~branden/ |
--=20
G. Branden Robinson | If we believe absurdities, we
Debian GNU/Linux | shall commit atrocities.
branden@debian.org | -- Voltaire
http://people.debian.org/~branden/ |
--cYG5ZC/RuVsIq1ir
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="099v_fontserver_fix_SEGV.diff"
Content-Transfer-Encoding: quoted-printable
$Id: 099v_fontserver_fix_SEGV.diff 2181 2005-02-09 09:04:58Z branden $
Fix a SEGV in fs_read_list_info() to correctly handle a reply type of
FS_Error from fsListFontsWithXInfoReply(). This mirrors a similar check in
fs_read_open_font(), fs_read_query_info(), fs_read_extent_info(),
fs_read_glyphs(), and fs_read_list(), so why it was missing from this
function was a mystery.
This patch by Guillem Jover. See Debian #294320.
Not submitted to XFree86 or X.Org yet.
--- xc/lib/font/fc/fserve.c~ 2005-02-09 03:27:04.000000000 -0500
+++ xc/lib/font/fc/fserve.c 2005-02-09 03:27:48.000000000 -0500
@@ -2332,7 +2332,7 @@
_fs_free_props (&binfo->info);
=20
rep =3D (fsListFontsWithXInfoReply *) fs_get_reply (conn, &ret);
- if (rep =3D=3D 0)
+ if (!rep || rep->type =3D=3D FS_Error)
{
if (ret =3D=3D FSIO_BLOCK)
return StillWorking;
--cYG5ZC/RuVsIq1ir--
--kLVKJMuKEUFaIs8+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iEYEARECAAYFAkJQglUACgkQ6kxmHytGonwOsQCdE7tj6ZhPPp1qysZX0Lx8Zkct
I80AnRlUGX8xdwE2MopzcwB8NJXjtYYX
=QSvY
-----END PGP SIGNATURE-----
--kLVKJMuKEUFaIs8+--
Reply to: