--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: xserver-xorg-core: Segmentation fault when receiving a SIGIO in DeepCopyDeviceClasses
- From: Steven McDonald <steven@steven-mcdonald.id.au>
- Date: Sun, 13 Apr 2014 03:26:48 +1000
- Message-id: <20140412172648.618.51738.reportbug@vader.steven-mcdonald.id.au>
Package: xserver-xorg-core
Version: 2:1.15.0.901-1
Severity: important
Tags: upstream patch
Hi!
I've been seeing sporadic (anywhere from once every few days to 3-4
times a day) crashes and freezes in X. The problematic behaviour isn't
always the same, but I chose a particular incident to debug, and found
that X was segfaulting in updateMotionHistory, on line 575 of
dix/getevents.c.
After some further investigation, I found that the bug was being
triggered when a SIGIO was received in DeepCopyPointerClasses, between
the AllocValuatorClass call (line 540) and updating the to->valuator
pointer (line 545). AllocValuatorClass calls realloc() on to->valuator,
so between these lines, it's not guaranteed to point to allocated
memory.
It seems the SIGIO handler is calling updateMotionHistory, which is
reading the memory pointed to by to->valuator and getting a wrong value
for last_motion, which updates buff to point to wildly the wrong place
and thus generates a segfault when a memcpy() is done into buff.
This diagnosis was performed on my work machine, which is the only
place I have been able to reproduce the problem, so I don't have a
backtrace or a relevant Xorg.0.log handy. Let me know if you'd like
that information, and I can supply it on Monday.
I am attaching a patch which I've been running on that machine for the
past three days, and haven't yet observed any more crashing or freezing
behaviour. The patch simply calls OsBlockSIGIO while
DeepCopyDeviceClasses is in progress, as the state of the X server's
device data structures is not guaranteed to be in a consistent state
during that time.
Please let me know if you need any further information.
Thanks,
Steven.
Block SIGIOs while copying device classes around, so that we don't try
to do anything with input when devices are in an inconsistent state.
--- a/Xi/exevents.c
+++ b/Xi/exevents.c
@@ -661,6 +661,8 @@
DeepCopyDeviceClasses(DeviceIntPtr from, DeviceIntPtr to,
DeviceChangedEvent *dce)
{
+ OsBlockSIGIO();
+
/* generic feedback classes, not tied to pointer and/or keyboard */
DeepCopyFeedbackClasses(from, to);
@@ -668,6 +670,8 @@
DeepCopyKeyboardClasses(from, to);
if ((dce->flags & DEVCHANGE_POINTER_EVENT))
DeepCopyPointerClasses(from, to);
+
+ OsReleaseSIGIO();
}
/**
--- End Message ---
--- Begin Message ---
Source: xorg-server
Source-Version: 2:1.15.99.903-1
We believe that the bug you reported is fixed in the latest version of
xorg-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 744303@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcristau@debian.org> (supplier of updated xorg-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 05 Jun 2014 20:14:56 +0200
Source: xorg-server
Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xorg-core-dbg xserver-common xorg-server-source
Architecture: source amd64 all
Version: 2:1.15.99.903-1
Distribution: experimental
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
xdmx - distributed multihead X server
xdmx-tools - Distributed Multihead X tools
xnest - Nested X server
xorg-server-source - Xorg X server - source files
xserver-common - common files used by various X servers
xserver-xephyr - nested X server
xserver-xorg-core - Xorg X server - core server
xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols)
xserver-xorg-core-udeb - Xorg X server - core server (udeb)
xserver-xorg-dev - Xorg X server - development files
xvfb - Virtual Framebuffer 'fake' X server
Closes: 725801 739537 744303
Changes:
xorg-server (2:1.15.99.903-1) experimental; urgency=medium
.
* New upstream release candidate
- reverted quirk for "Evoluent VerticalMouse 3" (closes: #739537)
- Xi: block SIGIOs while copying device classes around (closes: #744303)
- fix FTBFS on arm
- add support for mips64 (closes: #725801)
* Enable dri3 on kfreebsd, now xtrans 1.3.3 supports fd passing.
* Enable glamor.
* Don't run tests in parallel.
* Bump video ABI and serverminver.
* Explicitly disable xwayland.
Checksums-Sha1:
ada8ea83aac16b4953d743db9adb4ea2b39b8033 4624 xorg-server_1.15.99.903-1.dsc
c3c56475a893b0544d93f5b41c9a8096ac2bb42f 8078209 xorg-server_1.15.99.903.orig.tar.gz
3ebec7b1ccf926216212b927c89abe84fefe7ffd 90097 xorg-server_1.15.99.903-1.diff.gz
2ed3ac37bfcafd043daeb128dbb006aa4d9641c2 3021904 xserver-xorg-core_1.15.99.903-1_amd64.deb
4dc87a8f8923e1165357c3762350babc8e824d18 892048 xserver-xorg-core-udeb_1.15.99.903-1_amd64.udeb
c95c8c5993686eeba90e65f2a4a6209a8d35a6c8 1916012 xserver-xorg-dev_1.15.99.903-1_amd64.deb
bac6fe86a6eabbb87ded6bdea3086cc9b50c124a 2447434 xdmx_1.15.99.903-1_amd64.deb
62a8536ed45f3a0be1242e1c36916a4405384dc3 1761604 xdmx-tools_1.15.99.903-1_amd64.deb
68e5f0a187ccb956af009d8d8074b91423176795 2306654 xnest_1.15.99.903-1_amd64.deb
6412069ad5200d6c87462d2e5c444252c26b80ab 2452790 xvfb_1.15.99.903-1_amd64.deb
c517405a19535befa3628300019ffe0f2d0faf43 2610708 xserver-xephyr_1.15.99.903-1_amd64.deb
2096f3557bd6cb4b8df712745c7bff6a93131952 5796940 xserver-xorg-core-dbg_1.15.99.903-1_amd64.deb
a1d153f3aabe6ac9a3320d90c05e6e5986889875 1733948 xserver-common_1.15.99.903-1_all.deb
686f6a32541cdda37d71adfdff1ce1f1e01a3a62 6413202 xorg-server-source_1.15.99.903-1_all.deb
Checksums-Sha256:
67774b91af5e7b8ac264499fbbe098722e306c450bdb99b0db81be2a29c4285e 4624 xorg-server_1.15.99.903-1.dsc
a7bc134a68f97e513fc0b408f02293f2af8866c486690bdda08f8b47660532e8 8078209 xorg-server_1.15.99.903.orig.tar.gz
42afe30805f09d0e7aaecb8e4e52301720fc68c676bf7e1c8bf38fe0fc8e06a6 90097 xorg-server_1.15.99.903-1.diff.gz
ddbc2c3af29f5a10db6ed3d702e53251d8c572d38423e07c0870135212509f79 3021904 xserver-xorg-core_1.15.99.903-1_amd64.deb
34ed32a68dc815d0f89a791d290f23a23e5ab5a75378ee6c413faa6fdce248e4 892048 xserver-xorg-core-udeb_1.15.99.903-1_amd64.udeb
267aa93edac2a902ec6d2ddc7b61937786c2107507af3945feaefb94a902c46a 1916012 xserver-xorg-dev_1.15.99.903-1_amd64.deb
491a94e721a0e067a1cc40696e00383df446d398c807557747ccaf11dca2ed23 2447434 xdmx_1.15.99.903-1_amd64.deb
78cc5d6ae25911a895974814883fcd98d470bb97ae0e7e7bb09bed4e6a0ed696 1761604 xdmx-tools_1.15.99.903-1_amd64.deb
c76c83a5161080a8b6df73133326b8473c8b53eab6e13785a761597011755c30 2306654 xnest_1.15.99.903-1_amd64.deb
8b15316ac5f61b525a6aa09af9aae0cfd65316b977774d4d470bf09220b778bc 2452790 xvfb_1.15.99.903-1_amd64.deb
403d42d2b6db92795216d09f29178c7b53094a5dc07b4ab1d95969fedbab1c90 2610708 xserver-xephyr_1.15.99.903-1_amd64.deb
b4fe75a321c0ea8fe1ef723e4ecf545a6d337fcc65f8d6d03e1b482d495cdec6 5796940 xserver-xorg-core-dbg_1.15.99.903-1_amd64.deb
09ea323cdd0c68bdd8ea5850935fb518951a55303ccbed255db28e931b0c77d4 1733948 xserver-common_1.15.99.903-1_all.deb
6cf8db689c8559230cf1ee3fd74fbdcb2f753dbf6118eb0ca56f4f354837ba31 6413202 xorg-server-source_1.15.99.903-1_all.deb
Files:
c6bc32591638246fe30a491ac2889294 3021904 x11 optional xserver-xorg-core_1.15.99.903-1_amd64.deb
7bf8ff902cf4f41873c7dd8bb4d45244 892048 debian-installer optional xserver-xorg-core-udeb_1.15.99.903-1_amd64.udeb
ef78dabe35928186e8cb4b6e85a0c5bf 1916012 x11 optional xserver-xorg-dev_1.15.99.903-1_amd64.deb
70b45e3ea4214b0d42f18d2545a3c66b 2447434 x11 optional xdmx_1.15.99.903-1_amd64.deb
7e450a4485a9fed55fad462be54a1c46 1761604 x11 optional xdmx-tools_1.15.99.903-1_amd64.deb
4bf9e82f27edc319db1e025b03fa9cdc 2306654 x11 optional xnest_1.15.99.903-1_amd64.deb
1531679f0f3abdd2d4968bdb7b6c1505 2452790 x11 optional xvfb_1.15.99.903-1_amd64.deb
3857058d718b72a98384ae41f70c0123 2610708 x11 optional xserver-xephyr_1.15.99.903-1_amd64.deb
49a371f7621737ff73f64365af043d48 5796940 debug extra xserver-xorg-core-dbg_1.15.99.903-1_amd64.deb
8478ed34cb0ff5a7726824ae4c624c70 1733948 x11 optional xserver-common_1.15.99.903-1_all.deb
236797a86e6b137dce920485e85ac637 6413202 x11 optional xorg-server-source_1.15.99.903-1_all.deb
bea41684b4029c9b50f1fac08fa2ca0d 4624 x11 optional xorg-server_1.15.99.903-1.dsc
25394114e82d38086ce8a35320879c1a 8078209 x11 optional xorg-server_1.15.99.903.orig.tar.gz
40159e9f0d93902cf55799bd02d26de5 90097 x11 optional xorg-server_1.15.99.903-1.diff.gz
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJTkLa0AAoJEDEBgAUJBeQMW6gP/0daTlxyWO2Q78gEUY/RMaWR
2WDSXr36/w92Q+qUuduegIh/ayWVHOz2V8bT06AtxPcy4aq3juE8rpbN4vqf4QIi
PRJin5U1m1B0hw9VcuBSFWavoPOxaXrhYNRnX7+pg6ZyBGqtR2H60/n9XQZoaRoS
/MxEphKHS9+Gi3LInhMGXF6fHu5b0AfSWlAWOsZmgGRds2nIDWpmnD5D12n+XUZf
exfMCITm1YiuBnu98X8mieoGwA7dLRn0wdB0UDfLz+9NtWYMLvNK1vIdlNF5qcHA
iOepj/ikq/ZPH0Rl8hkJEfTfzkF/73biZ+J1bZ4+oaR8vdZj4zntUC9AOYI6PJ41
S8yE5sM7arvKGY5tQ9snxuQQdnvsKzwPnPi69oTDz5AGHYeY3RgGzD6fvA+gcqPp
UFz2GT9BGRVvmwkhvGmiPvX8R0XnUYqQ7I9kcBU5ZBfje3yFvgIpUeUiyONckBi7
+M5241z+igcaq392jwTSFCfWOQexB3UHzs6LbvNmOrRzGBnO/YNMEPQVExIv/MPt
N/YAGmPChkYXHJDtypLH7af9TQfFLngq5F1T5BUqznCtVykbVgh+nQ1NxX7Kb4Ks
RYgMGgIVQnj8G6oQsEIGoE4SOvzyeTV2v4zr7vnrv7ChnJ+DBxTMT6hcS5X6oX4N
8+MatKBw+71JRe6iBGyS
=wq4v
-----END PGP SIGNATURE-----
--- End Message ---