Bug 17431

Summary: xorg crashed with SIGSEGV in VidModeGetFirstModeline
Product: xorg Reporter: Andreas Moog <andreas.moog>
Component: Server/DDX/XorgAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: high CC: brian, dottedmag, flameeyes, jeremyhu, n-roeser, renework
Version: gitKeywords: have-backtrace
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
URL: https://bugs.edge.launchpad.net/ubuntu/+source/xorg/+bug/237993
Whiteboard: 2011BRB_Reviewed
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 36141    
Attachments:
Description Flags
Backtrace from the crash
none
Prevent the crash none

Description Andreas Moog 2008-09-04 10:23:20 UTC
Created attachment 18672 [details]
Backtrace from the crash

xubuntu 8.04 and wine 0.9.59-0ubuntu5 crashs the xserver, Xorg Program received signal SIGSEGV, Segmentation fault.

bofh@xbox:# wine
preloader: Warning: failed to reserve range 00000000-60000000
preloader: Warning: failed to reserve range 00000000-60000000
err:dosmem:setup_dos_mem Cannot use first megabyte for DOS address space, please report
preloader: Warning: failed to reserve range 00000000-60000000
err:dosmem:setup_dos_mem Cannot use first megabyte for DOS address space, please report
err:dosmem:setup_dos_mem Cannot use first megabyte for DOS address space, please report
XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":0.0"
      after 76 requests (74 known processed) with 0 events remaining.

See also the attached backtrace.

The fault seems to be related to this:

    pScrn = xf86Screens[scrnIndex]; // does bad data get in here?
    pVidMode = VMPTR(pScrn->pScreen);
    pVidMode->First = pScrn->modes; // First set to Invalid pointer?
    pVidMode->Next = pVidMode->First->next; // Crash

A guess is that adding a check for pVidMode->First would eliminate the crash.
Comment 1 Dan Kegel 2008-11-04 04:54:48 UTC
I'm running into this, too.
In my case, it's with Ubuntu 8.10, with its stock X server 1.5.2,
on an intel graphics card.  To reproduce, run any Wine
program that uses the screen (say, wine-git/dlls/user32/tests's "make static.ok")
with the monitor unplugged.  100% reproducible crash, backtrace points
to exactly this problem; perhaps VidModeAvailable needs to
do the additional checking Andreas Moog suggested.

Seems to be a dup of bug 13952?
Comment 2 Dan Kegel 2008-11-08 07:50:14 UTC
I'm getting this with an nvidia card now, too, so it's generic, not video-card specific.

The "Ubuntu is running in low-graphics mode" says
 (EE) NV(0): No valid initial configuration found

Foo.  Now I have to go buy monitors for all my build slaves.  This can't be optimal.
Comment 3 Diego Elio Pettenò 2008-11-09 08:04:24 UTC
I'm also having this problem as soon as an SDL program starts up when it inquiries VidModes, this is on radeon driver.
Comment 4 Diego Elio Pettenò 2008-11-09 08:11:32 UTC
For what it's worth, it seems like SDL comes with its own internal copy of Xxf86vm ... which I guess is not very good... there is where the XF86VidModeGetAllModeLines symbol is present.

I guess ABI might have changed somehow, and SDL now makes Xorg crash.
Comment 5 Gordon Jin 2008-12-04 19:40:06 UTC
*** Bug 13952 has been marked as a duplicate of this bug. ***
Comment 6 Chris Wilson 2011-01-24 03:18:42 UTC
*** Bug 27758 has been marked as a duplicate of this bug. ***
Comment 7 Chris Wilson 2011-01-24 03:20:41 UTC
Created attachment 42358 [details] [review]
Prevent the crash
Comment 8 Jeremy Huddleston Sequoia 2011-10-31 17:08:32 UTC
Chris, please send this workaround (along with your others) to xorg-devel for 
review.
Comment 9 Jeremy Huddleston Sequoia 2011-11-06 17:04:21 UTC
reviewed and pulled into my tree for eventual merge to master.  In the future, please send to xorg-devel.
Comment 10 Jeremy Huddleston Sequoia 2011-11-21 19:12:11 UTC
commit 6105fcaa3592cb6d0d5f22d9b850986d0bc4d241
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Mon Jan 24 11:17:03 2011 +0000

    VidMode: prevent crash with no modes
    
    Bugzilla:  https://bugs.freedesktop.org/show_bug.cgi?id=17431
    
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
    (cherry picked from commit eeb21a133b982f71de739baf62e53c8a68f5d495)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.