[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#612645: libcairo2: crashes Xorg

On Thu, Feb 24, 2011 at 07:07:32PM +0100, Cyril Brulebois wrote:
> Hm? I don't think I'm used to asking people to waste time just for
> fun. We have more info now: NULL pointer dereference here:
> 
> src/via_accel.c:2208 (in viaExaPrepareComposite):
>     viaOrder(pSrc->drawable.width, &width);

All right, I built the openchrome driver again, this time with
	DEB_BUILD_OPTIONS="debug nocheck nostrip noopt"
i.e. something like -g -O0 bla, and made X dump core.
gdb session attached.

The NULL pointer obviously is pSrc.
#0 viaExaPrepareComposite() gets called with pSrc=0x0
#1 exaTryDriverComposite() is in the -O2 area of <whatever part of Xorg>
and has pSrc optimized out, hence I cannot really tell whether it's
called with the != NULL or already with NULL.
#2 exaComposite() gets called with pSrc != NULL

So, assuming the different pSrc always referring to the same pointer, it
gets NULLed somewhere inbetween. I have no real clue about Xorg's guts,
but maybe this helps somebody who has.


Mario
-- 
I have great faith in fools; self-confidence my friends call it.
                                              -- Edgar Allan Poe

(gdb) where
#0  0xb7327402 in viaExaPrepareComposite (op=3, pSrcPicture=0x8e43e28, pMaskPicture=0x0, pDstPicture=0x8e43dd0, pSrc=0x0, pMask=0x0, pDst=0xa69b4008) at ../../src/via_accel.c:2208
#1  0xb70f3ecc in exaTryDriverComposite (op=0 '\000', pSrc=<value optimized out>, pMask=0x0, pDst=0x8e43dd0, xSrc=<value optimized out>, ySrc=<value optimized out>, xMask=<value optimized out>, 
    yMask=<value optimized out>, xDst=29, yDst=161, width=<value optimized out>, height=<value optimized out>) at ../../exa/exa_render.c:759
#2  0xb70f45c8 in exaComposite (op=3 '\003', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=29, ySrc=161, xMask=0, yMask=0, xDst=29, yDst=161, width=364, height=26) at ../../exa/exa_render.c:1033
#3  0x0811e11d in damageComposite (op=255 '\377', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=<value optimized out>, ySrc=<value optimized out>, xMask=<value optimized out>, yMask=<value optimized out>, 
    xDst=<value optimized out>, yDst=<value optimized out>, width=<value optimized out>, height=<value optimized out>) at ../../../miext/damage/damage.c:640
#4  0x0810f3c0 in CompositePicture (op=3 '\003', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=29, ySrc=161, xMask=<value optimized out>, yMask=<value optimized out>, xDst=<value optimized out>, 
    yDst=<value optimized out>, width=364, height=26) at ../../render/picture.c:1710
#5  0x08116d01 in ProcRenderComposite (client=0x8e0fe28) at ../../render/render.c:723
#6  0x08113b03 in ProcRenderDispatch (client=0xff) at ../../render/render.c:2051
#7  0x08073fb7 in Dispatch () at ../../dix/dispatch.c:432
#8  0x0806663a in main (argc=12, argv=0xbf90d674, envp=0xbf90d6a8) at ../../dix/main.c:291
(gdb) where full
#0  0xb7327402 in viaExaPrepareComposite (op=3, pSrcPicture=0x8e43e28, pMaskPicture=0x0, pDstPicture=0x8e43dd0, pSrc=0x0, pMask=0x0, pDst=0xa69b4008) at ../../src/via_accel.c:2208
        height = 3073900573
        width = 2795176097
        pScrn = 0x8a04348
        pVia = 0x8a052f0
        v3d = 0x8a054a0
        curTex = 0
        srcMode = 3213939032
        isAGP = -1223783747
        offset = 2795192376
#1  0xb70f3ecc in exaTryDriverComposite (op=0 '\000', pSrc=<value optimized out>, pMask=0x0, pDst=0x8e43dd0, xSrc=<value optimized out>, ySrc=<value optimized out>, xMask=<value optimized out>, 
    yMask=<value optimized out>, xDst=29, yDst=161, width=<value optimized out>, height=<value optimized out>) at ../../exa/exa_render.c:759
        region = {extents = {x1 = 29, y1 = 161, x2 = 393, y2 = 187}, data = 0x0}
        pbox = 0xbf90d20c
        nbox = <value optimized out>
        src_off_x = <value optimized out>
        src_off_y = <value optimized out>
        mask_off_x = <value optimized out>
        mask_off_y = <value optimized out>
        dst_off_x = 0
        dst_off_y = 0
        pSrcPix = 0x0
        pMaskPix = <value optimized out>
        pDstPix = 0xa69b4008
        pSrcExaPix = 0xa1
        pMaskExaPix = <value optimized out>
#2  0xb70f45c8 in exaComposite (op=3 '\003', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=29, ySrc=161, xMask=0, yMask=0, xDst=29, yDst=161, width=364, height=26) at ../../exa/exa_render.c:1033
        isSrcSolid = <value optimized out>
        ret = <value optimized out>
        saveMaskRepeat = 0
        region = {extents = {x1 = -10130, y1 = 2065, x2 = 1, y2 = 0}, data = 0x0}
#3  0x0811e11d in damageComposite (op=255 '\377', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=<value optimized out>, ySrc=<value optimized out>, xMask=<value optimized out>, yMask=<value optimized out>, 
    xDst=<value optimized out>, yDst=<value optimized out>, width=<value optimized out>, height=<value optimized out>) at ../../../miext/damage/damage.c:640
        pScreen = <value optimized out>
#4  0x0810f3c0 in CompositePicture (op=3 '\003', pSrc=0x8e43e28, pMask=0x0, pDst=0x8e43dd0, xSrc=29, ySrc=161, xMask=<value optimized out>, yMask=<value optimized out>, xDst=<value optimized out>, 
    yDst=<value optimized out>, width=364, height=26) at ../../render/picture.c:1710
No locals.
#5  0x08116d01 in ProcRenderComposite (client=0x8e0fe28) at ../../render/render.c:723
        pSrc = 0x8e43e28
        pMask = 0x0
        pDst = 0x8e43dd0
#6  0x08113b03 in ProcRenderDispatch (client=0xff) at ../../render/render.c:2051
No locals.
#7  0x08073fb7 in Dispatch () at ../../dix/dispatch.c:432
        result = <value optimized out>
        client = 0x8e0fe28
        nready = 0
        start_tick = 840
#8  0x0806663a in main (argc=12, argv=0xbf90d674, envp=0xbf90d6a8) at ../../dix/main.c:291
        i = 1
        alwaysCheckForInput = {0, 1}
(gdb) list
2203	    v3d->setDestination(v3d, exaGetPixmapOffset(pDst),
2204	                        exaGetPixmapPitch(pDst), pDstPicture->format);
2205	    v3d->setCompositeOperator(v3d, op);
2206	    v3d->setDrawing(v3d, 0x0c, 0xFFFFFFFF, 0x000000FF, 0xFF);
2207	
2208	    viaOrder(pSrc->drawable.width, &width);
2209	    viaOrder(pSrc->drawable.height, &height);
2210	
2211	    /*
2212	     * For one-pixel repeat mask pictures we avoid using multitexturing by
(gdb) print pSrc
$1 = (PixmapPtr) 0x0

Attachment: signature.asc
Description: Digital signature

Reply to: