Bug 48974 - Xrandr queries cause invalid memory access in X server 1.12.1
Summary: Xrandr queries cause invalid memory access in X server 1.12.1
Status: RESOLVED MOVED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/Ext/RandR (show other bugs)
Version: 7.7 (2012.06)
Hardware: x86-64 (AMD64) Linux (All)
: high critical
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard: 2012BRB_Reviewed
Keywords:
Depends on:
Blocks: xserver-1.13
  Show dependency treegraph
 
Reported: 2012-04-20 09:53 UTC by Michal Suchanek
Modified: 2018-12-13 18:33 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Michal Suchanek 2012-04-20 09:53:28 UTC 
just running xrandr utility

==19803== Syscall param writev(vector[...]) points to uninitialised byte(s)
==19803==    at 0x6517A3B: writev (writev.c:51)
==19803==    by 0x297B5B: _XSERVTransSocketWritev (Xtranssock.c:2153)
==19803==    by 0x2932E4: FlushClient (io.c:890)
==19803==    by 0x293B38: FlushAllOutput (io.c:640)
==19803==    by 0x15A921: Dispatch (dispatch.c:447)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0xcd9d6e1 is 1 bytes inside a block of size 4,096 alloc'd
==19803==    at 0x4027034: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x2939A0: WriteToClient (io.c:1015)
==19803==    by 0x15A6C8: ProcEstablishConnection (dispatch.c:3577)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Uninitialised value was created by a heap allocation
==19803==    at 0x402894D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x21817B: ProcRenderQueryFilters (render.c:1691)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803== 

changing screen layout:

==19803== Invalid read of size 1
==19803==    at 0x4029590: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172)
==19803==    by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398)
==19803==    by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691)
==19803==    by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0x7518690 is 0 bytes inside a block of size 10 free'd
==19803==    at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004)
==19803==    by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529)
==19803==    by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517)
==19803==    by 0x203CAC: RRGetInfo (rrinfo.c:195)
==19803==    by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601)
==19803==    by 0x1974B7: xf86Wakeup (xf86Events.c:527)
==19803==    by 0x15E99A: WakeupHandler (dixutils.c:421)
==19803==    by 0x28D975: WaitForSomething (WaitFor.c:224)
==19803==    by 0x15A7C1: Dispatch (dispatch.c:357)
==19803==    by 0x149A19: main (main.c:288)
==19803== 
==19803== Invalid read of size 1
==19803==    at 0x40295A8: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172)
==19803==    by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398)
==19803==    by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691)
==19803==    by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0x7518691 is 1 bytes inside a block of size 10 free'd
==19803==    at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004)
==19803==    by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529)
==19803==    by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517)
==19803==    by 0x203CAC: RRGetInfo (rrinfo.c:195)
==19803==    by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601)
==19803==    by 0x1974B7: xf86Wakeup (xf86Events.c:527)
==19803==    by 0x15E99A: WakeupHandler (dixutils.c:421)
==19803==    by 0x28D975: WaitForSomething (WaitFor.c:224)
==19803==    by 0x15A7C1: Dispatch (dispatch.c:357)
==19803==    by 0x149A19: main (main.c:288)
==19803==
Comment 1 Jeremy Huddleston Sequoia 2012-06-12 03:48:15 UTC 
Is this a regression?
Comment 2 Michal Suchanek 2012-06-12 03:52:27 UTC 
I have no idea, I was valgrinding the X server for some unrelated reason and this popped up.

Could with 1.10 which is packaged for previous Debian I guess.
Comment 3 Michal Suchanek 2012-06-12 05:46:53 UTC 
It happens with 10.4 too, pretty much the same messages.
Comment 4 Jeremy Huddleston Sequoia 2012-06-12 09:11:22 UTC 
Ok, so if it is a regression, it's an old one, thanks.
Comment 5 Matt Dew 2013-02-28 06:22:32 UTC 
Hi folks,
 Is this still an issue?
Comment 6 GitLab Migration User 2018-12-13 18:33:33 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/229.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.