Bug 11144

Summary: Pixman library is causing segfault on Xephyr when the cursor apparency changes
Product: pixman Reporter: Tiago Vignatti <vignatti>
Component: pixmanAssignee: Søren Sandmann Pedersen <soren.sandmann>
Status: RESOLVED FIXED QA Contact: Søren Sandmann Pedersen <soren.sandmann>
Severity: critical    
Priority: highest Keywords: regression
Version: 0.1.3   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Tiago Vignatti 2007-06-04 22:12:45 UTC 
The current pixman library (808e2de3a6270b32a026722f59a49736d224d46c) is causing segfault on Xephyr (dfbe32b5b828cc4e3da36a0e2e6ad641164eaa5e) when the cursor apparency changes.

To reproduce it just start a client on Xephyr and warps the cursor inside the client...
Comment 1 Søren Sandmann Pedersen 2007-06-05 09:03:13 UTC 
- Can you attach a reproducing client?

- Do you know which pixman/xserver commit introduced this?

- Do you have a backtrace?
Comment 2 Tiago Vignatti 2007-06-05 09:43:12 UTC 
(In reply to comment #1)
> - Can you attach a reproducing client?

xterm (or other any client that changes the cursor icon)

> 
> - Do you know which pixman/xserver commit introduced this?
> 

Was the next xserver's commit after the 756acea23a0cc56c470bcd77c6f5638d923ab3d1 Got it?

> - Do you have a backtrace?

 Program received signal SIGSEGV, Segmentation fault.
0x080da3b8 in fbCompositeSrc_8888x8888mmx (op=3 '\003', pSrc=0x82acef0, pMask=0x0, pDst=0x82acf80, 
    xSrc=0, ySrc=0, xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24) at fbmmx.c:1381
1381        fbComposeGetStart (pDst, xDst, yDst, CARD32, dstStride, dstLine, 1);
(gdb) bt
#0  0x080da3b8 in fbCompositeSrc_8888x8888mmx (op=3 '\003', pSrc=0x82acef0, pMask=0x0, pDst=0x82acf80, 
    xSrc=0, ySrc=0, xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24) at fbmmx.c:1381
#1  0xb7e65b28 in pixman_image_composite (op=PIXMAN_OP_OVER, pSrc=0x82acef0, pMask=0x0, pDst=0x82acf80, 
    xSrc=0, ySrc=0, xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24, region=0xbf9d2f34)
    at pixman-pict.c:1165
#2  0x080ce0d6 in fbComposite (op=3 '\003', pSrc=0x82ac3b8, pMask=0x0, pDst=0x82ace68, xSrc=0, ySrc=0, 
    xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24) at fbpict.c:303
#3  0x0817cb92 in damageComposite (op=3 '\003', pSrc=0x82ac3b8, pMask=0x0, pDst=0x82ace68, xSrc=0, 
    ySrc=0, xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24) at damage.c:582
#4  0x0815ee1e in CompositePicture (op=3 '\003', pSrc=0x82ac3b8, pMask=0x0, pDst=0x82ace68, xSrc=0, 
    ySrc=0, xMask=0, yMask=0, xDst=309, yDst=230, width=24, height=24) at picture.c:1756
#5  0x080efde0 in miDCPutUpCursor (pScreen=0x82437c8, pCursor=0x82671a0, x=309, y=230, source=0, 
    mask=16777215) at midispcur.c:486
#6  0x080fea84 in miSpriteRestoreCursor (pScreen=0x82437c8) at misprite.c:794
#7  0x080fe7b3 in miSpriteSetCursor (pScreen=0x82437c8, pCursor=0x82671a0, x=320, y=240)
    at misprite.c:727
#8  0x080f6d04 in miPointerUpdateSprite (pDev=0x8247c18) at mipointer.c:338
#9  0x080f6935 in miPointerDisplayCursor (pScreen=0x82437c8, pCursor=0x82671a0) at mipointer.c:183
#10 0x0810c958 in CursorDisplayCursor (pScreen=0x82437c8, pCursor=0x82671a0) at cursor.c:136
#11 0x0816a2ed in AnimCurDisplayCursor (pScreen=0x82437c8, pCursor=0x82671a0) at animcur.c:234
#12 0x0806bd16 in ChangeToCursor (cursor=0x82671a0) at events.c:920
#13 0x0806be3b in PostNewCursor () at events.c:969
#14 0x0806e910 in CheckMotion (xE=0x0) at events.c:2252
#15 0x0806e93c in WindowsRestructured () at events.c:2265
#16 0x0808affc in MapWindow (pWin=0x82ae8a8, client=0x8263a30) at window.c:2843
#17 0x08095355 in ProcMapWindow (client=0x8263a30) at dispatch.c:740
#18 0x08126a37 in XaceCatchDispatchProc (client=0x8263a30) at xace.c:281
#19 0x080949b4 in Dispatch () at dispatch.c:502
#20 0x0807b5f0 in main (argc=5, argv=0xbf9d39a4, envp=0xbf9d39bc) at main.c:468

(or see http://people.freedesktop.org/~vignatti/tmp/xephyr-libpixman-backtrace.txt)

thanks
Comment 3 Søren Sandmann Pedersen 2007-06-05 14:55:45 UTC 
The crash happens in fbmmx.c, not pixman-mmx.c, so this is simply caused by the wrong function being called.

I have removed the X server copies of the MMX fast path operations now - please test with the latest git and mark FIXED if appropriate.
Comment 4 Tiago Vignatti 2007-06-05 19:49:15 UTC 
great! Thanks.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.