Bug 102126

Summary: Crash in ProcGetPointerControl
Product: xorg Reporter: Jonas Ådahl <jadahl>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Jonas Ådahl 2017-08-09 04:01:53 UTC 
I don't know what triggered it, and I hadn't patched X to not catch crashes so I don't have a core dump, but the following crash happened:

(EE) Backtrace:
(EE) 0: /home/jonas/Dev/gnome/install/bin/Xwayland (OsSigHandler+0x29) [0x479d89]
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7f50645bb25f]
(EE) 2: /home/jonas/Dev/gnome/install/bin/Xwayland (ProcGetPointerControl+0x58) [0x43ac08]
(EE) 3: /home/jonas/Dev/gnome/install/bin/Xwayland (Dispatch+0x32a) [0x443b7a]
(EE) 4: /home/jonas/Dev/gnome/install/bin/Xwayland (dix_main+0x378) [0x447a88]
(EE) 5: /lib64/libc.so.6 (__libc_start_main+0xee) [0x7f50641f85fe]
(EE) 6: /home/jonas/Dev/gnome/install/bin/Xwayland (_start+0x2a) [0x42970a]
(EE) 7: ? (?+0x2a) [0x2a]
(EE)
(EE) Segmentation fault at address 0x8
Comment 1 Jonas Ådahl 2017-08-21 04:03:07 UTC 
Got this again, but firefox crashed as a side effect, eating up all available core dump space, making coredumpctl discard the Xwayland dump before I had a chance to examine it. Coredumpctl still reports more or less the same trace:

                Stack trace of thread 15288:
                #0  0x000000000043af58 ProcGetPointerControl (Xwayland)
                #1  0x0000000000443eca Dispatch (Xwayland)
                #2  0x0000000000447dd8 dix_main (Xwayland)
                #3  0x00007f313b8835fe __libc_start_main (libc.so.6)
                #4  0x000000000042979a _start (Xwayland)
Comment 2 Jonas Ådahl 2017-08-21 04:03:55 UTC 
Moving to xorg, as I don't think this is really Xwayland related.
Comment 3 Adam Jackson 2018-04-23 20:52:00 UTC 
Pretty sure this was fixed by:

commit 9f7a9be13d6449c00c86d3035374f4f543654b3f
Author: Olivier Fourdan <ofourdan@redhat.com>
Date:   Tue Dec 5 09:59:06 2017 +0100

    dix: avoid deferencing NULL PtrCtrl
    
    PtrCtrl really makes sense for relative pointing device only, absolute
    devices such as touch devices do not have any PtrCtrl set.
    
    In some cases, if the client issues a XGetPointerControl() immediatlely
    after a ChangeMasterDeviceClasses() copied the touch device to the VCP,
    a NULL pointer dereference will occur leading to a crash of Xwayland.
    
    Check whether the PtrCtrl is not NULL in ProcGetPointerControl() and
    return the default control values otherwise, to avoid the NULL pointer
    dereference.
    
    Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1519533
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.