33423 – Large non-antialiased text causes xserver to abort

Bug 33423 - Large non-antialiased text causes xserver to abort

Summary: Large non-antialiased text causes xserver to abort

Status:	RESOLVED FIXED

Alias:	None

Product:	xorg
Classification:	Unclassified
Component:	Driver/intel (show other bugs)
Version:	unspecified
Hardware:	x86 (IA32) Linux (All)

Importance:	medium critical
Assignee:	Chris Wilson
QA Contact:	Xorg Project Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-01-24 11:53 UTC by Liam Wilson
Modified:	2011-01-25 05:29 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Liam Wilson 2011-01-24 11:53:27 UTC

Sorry to copy and paste this bug, but I got no response when posting to the Ubuntu bugzilla. I thought it might be worth reporting upstream as this bug affects all distros using the Intel 2010Q2 graphics package (eg Ubuntu 10.10 and Fedora 14).

Essentially (with the 2.12.0 driver) if you disable font antialiasing it is trivially easy to cause the xserver to die.


Problem:
If I disable font antialiasing and attempt to access
http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text.

Note: text does not need to be very large. For example http://joe-editor.sourceforge.net/ also triggers the bug.

Description: Ubuntu 10.10
Release: 10.10

xserver-xorg-video-intel:
  Installed: 2:2.12.0-1ubuntu5.1
  Candidate: 2:2.12.0-1ubuntu5.1
  Version table:
 *** 2:2.12.0-1ubuntu5.1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages
        100 /var/lib/dpkg/status
     2:2.12.0-1ubuntu5 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages

Backtrace:
#0 0x00681416 in __kernel_vsyscall ()
No symbol table info available.
#1 0x00298941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimised out>
        pid = 3960820
        selftid = 1949
#2 0x0029be42 in abort () at abort.c:92
        act = {__sigaction_handler = {sa_handler = 0x468,
            sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888,
              3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820,
              3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108,
              198339232, 0, 4222451712, 198339336, 198339437, 198339336,
              198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0,
              0}}, sa_flags = 0, sa_restorer = 0x4}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0x002918e8 in __assert_fail (
    assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)",
    file=0x200080 "../../uxa/uxa-glyphs.c", line=986,
    function=0x200124 "uxa_glyphs_via_mask") at assert.c:81
        buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n"
#4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58,
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1,
    list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986
        src_pixmap = 0xbd26440
        src_x = 0
        glyph = 0xbb34bb8
        src_y = 0
        priv = 0xbd26440
        screen = 0x9c01750
        mask = 0xbd26a48
        y = 52
        pixmap = 0xbd26938
        width = <value optimised out>
        dst_off_x = 6
        dst_off_y = 25
        box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93}
        component_alpha = 0
        glyph_atlas = <value optimised out>
        x = 2
        height = <value optimised out>
        error = 0
#5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8,
    maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570,
    glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151
        screen = 0x9c01750
        uxa_screen = <value optimised out>
        xDst = 2
        yDst = 198338872
        extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
        width = 0
        height = 0
        ret = <value optimised out>
        localDst = 0x8
#6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8,
    maskFormat=0xb2bb7f0, xSrc=<value optimised out>,
    ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170)
    at ../../../miext/damage/damage.c:718
        pScreen = <value optimised out>
#7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58,
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>,
    ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170)
    at ../../render/glyph.c:604
No locals.
#8 0x0811c463 in ProcRenderCompositeGlyphs (client=0xb62e338)
    at ../../render/render.c:1435
        glyphSet = 0xb72e468
        pSrc = 0xbb11b58
        pDst = 0xbb366a8
        pFormat = 0xb2bb7f0
        listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006',
            format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000',
            format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079,
            len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511,
            len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0,
            len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080,
            len = 184 '\270', format = 0x8104a2e}}
        lists = 0xbf81457c
        listsBase = 0xbf814570
        glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088,
          0xbaf1088, 0x0 <repeats 250 times>}
        glyph = <value optimised out>
        glyphs = 0xbf814188
        glyphsBase = 0xbf814170
        buffer = <value optimised out>
        end = 0xba105b0 "\225\021\003"
        nglyph = -1082048120
        nlist = 1
        space = <value optimised out>
        size = <value optimised out>
        rc = <value optimised out>
#9 0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/render.c:2051
No locals.
#10 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432
        result = <value optimised out>
        client = 0xb62e338
        nready = 0
        start_tick = 260
#11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20)
    at ../../dix/main.c:291
        i = 1
        alwaysCheckForInput = {0, 1}

Tracked bug down to uxa/uxa-glyphs.c in the xserver-xorg-video-intel driver. I looked at the latest git of the driver and knocked together the following patch which seems to work. Not sure of the quality of the code though:

--- a/uxa/uxa-glyphs.c 2010-06-24 21:29:37.000000000 +0100
+++ b/uxa/uxa-glyphs.c 2010-12-31 19:51:49.000000000 +0000
@@ -164,8 +164,12 @@
             INTEL_CREATE_PIXMAP_TILING_X);
   if (!pixmap)
    goto bail;
- assert (uxa_pixmap_is_offscreen(pixmap));
-
+ if (!uxa_pixmap_is_offscreen(pixmap)) {
+ /* Presume shadow is in-effect */
+ pScreen->DestroyPixmap(pixmap);
+ uxa_unrealize_glyph_caches(pScreen);
+ return TRUE;
+ }
   component_alpha = NeedsComponent(pPictFormat->format);
   picture = CreatePicture(0, &pixmap->drawable, pPictFormat,
      CPComponentAlpha, &component_alpha,
@@ -780,9 +784,8 @@

     mask_pixmap =
      uxa_get_drawable_pixmap(this_atlas->pDrawable);
- assert (uxa_pixmap_is_offscreen(mask_pixmap));
-
- if (!uxa_screen->info->prepare_composite(op,
+ if (!uxa_pixmap_is_offscreen(mask_pixmap) ||
+ !uxa_screen->info->prepare_composite(op,
           localSrc, this_atlas, pDst,
           src_pixmap, mask_pixmap, dst_pixmap))
      return -1;
@@ -983,9 +986,8 @@

     src_pixmap =
      uxa_get_drawable_pixmap(this_atlas->pDrawable);
- assert (uxa_pixmap_is_offscreen(src_pixmap));
-
- if (!uxa_screen->info->prepare_composite(PictOpAdd,
+ if (!uxa_pixmap_is_offscreen(src_pixmap) ||
+ !uxa_screen->info->prepare_composite(PictOpAdd,
           this_atlas, NULL, mask,
           src_pixmap, NULL, pixmap))
      return -1;

Comment 1 Chris Wilson 2011-01-24 11:59:51 UTC

This was fixed 8 months ago.

Comment 2 Liam Wilson 2011-01-25 05:29:37 UTC

(In reply to comment #1)
> This was fixed 8 months ago.

I know, I assume it's Ubuntu's problem as they distribute an old version of the intel driver?

I'll try poking someone downstream to get it fixed.

Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.