Bug 20744

Summary: SIGSEGV in miPointerWarpCursor() when holding down key on non-primary screen (Xinerama)
Product: xorg Reporter: Bryce Harrington <bryce>
Component: Server/GeneralAssignee: Peter Hutterer <peter.hutterer>
Status: RESOLVED DUPLICATE QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: jared.bunting, michael
Version: 7.4 (2008.09)   
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
complete backtrace
none
XorgLog.txt
none
XorgConf.txt
none
0001-Check-null-pointers-to-not-crash-on-keyrepeat-with-X.patch none

Description Bryce Harrington 2009-03-18 23:22:43 UTC 
Created attachment 24029 [details]
complete backtrace

Forwarding this bug report from a Ubuntu reporter:
https://bugs.edge.launchpad.net/ubuntu/+source/xorg-server/+bug/324465

[Problem]
When holding down a key in any text field on a screen other than the primary one when using Xinerama (e.g. with -nvidia), X crashes in miPointerWarpCursor() on line mipointer.c:309, as pPointer, a null pointer, is dereferenced.

[backtrace]
#0 0x00000000004daa7c in miPointerWarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../mi/mipointer.c:309
 pPointer = (miPointerPtr) 0x0
 changedScreen = 0 '\0'
 pScreenPriv = <value optimized out>
#1 0x0000000000481c90 in xf86WarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../../../hw/xfree86/common/xf86Cursor.c:476
 sigstate = 0
#2 0x00000000004da6cc in miPointerSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../mi/mipointer.c:240
No locals.
#3 0x000000000053559f in AnimCurSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../render/animcur.c:277
 as = (AnimCurScreenPtr) 0x220db70
 ret = 35302672
#4 0x0000000000455284 in XineramaSetCursorPosition (pDev=0x24886c0, x=1279, y=773, generateEvent=0) at ../../dix/events.c:454
 pScreen = (ScreenPtr) 0x21a8cb0
 box = {x1 = 3840, y1 = 0, x2 = 5120, y2 = 1024}
 i = 8251968
 pSprite = (SpritePtr) 0x24ac7d0

[Original Report]
When in any text field, on any screen other than the primary one, holding down a key causes X to crash. (Goes black, X restarts automatically). I have tested this with backspace, arrow keys, and letters. It does not crash when holding ctrl, alt, or shift.

I have two NVidia 8600GT cards and 4 screens. I am using the latest restricted nvidia driver, which from what I can tell should be ABI compatible (180.27), from the jaunty repository.

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 9.04
NonfreeKernelModules: nvidia
Package: xorg 1:7.4~5ubuntu11
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersion: Linux version 2.6.28-6-generic (buildd@crested) (gcc version 4.3.3 (Ubuntu 4.3.3-3ubuntu1) ) #17-Ubuntu SMP Fri Jan 30 15:35:08 UTC 2009

SourcePackage: xorg
Uname: Linux 2.6.28-6-generic x86_64

[lspci]
00:00.0 Host bridge [0600]: nVidia Corporation C55 Host Bridge [10de:03a3] (rev a2)
     Subsystem: Micro-Star International Co., Ltd. Device [1462:0000]
03:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600 GT [10de:0402] (rev a1)
     Subsystem: Giga-byte Technology Device [1458:3452]
04:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600 GT [10de:0402] (rev a1)
     Subsystem: Giga-byte Technology Device [1458:3452]
Comment 1 Bryce Harrington 2009-03-18 23:23:22 UTC 
Created attachment 24030 [details]
XorgLog.txt
Comment 2 Bryce Harrington 2009-03-18 23:23:40 UTC 
Created attachment 24031 [details]
XorgConf.txt
Comment 3 Jared Bunting 2009-03-23 06:35:03 UTC 
When adding a check for pPointer == NULL in miPointerWarpCursor, the behavior simply moves to somewhere else that MIPOINTER might return null.  I was able to eliminate the behavior entirely by adding null checks everywhere in mipointer.c that pPointer is set from MIPOINTER.  Once I learn how to create a proper patch for X, I'll attach it.
Comment 4 Bryce Harrington 2009-03-23 13:27:42 UTC 
On Mon, Mar 23, 2009 at 06:35:03AM -0700, bugzilla-daemon@freedesktop.org wrote:
> http://bugs.freedesktop.org/show_bug.cgi?id=20744
> 
> 
> 
> 
> 
> --- Comment #3 from Jared Bunting <jared.bunting@peachjean.com>  2009-03-23 06:35:03 PST ---
> When adding a check for pPointer == NULL in miPointerWarpCursor, the behavior
> simply moves to somewhere else that MIPOINTER might return null.  I was able to
> eliminate the behavior entirely by adding null checks everywhere in mipointer.c
> that pPointer is set from MIPOINTER.  Once I learn how to create a proper patch
> for X, I'll attach it.

Feel free to forward the changed file(s) to me, and I'll be willing to
generate the patch for you.

Otherwise, see:
  http://wiki.x.org/wiki/Development/Documentation/SubmittingPatches

Bryce
Comment 5 Bryce Harrington 2009-03-23 14:37:54 UTC 
Created attachment 24171 [details] [review]
0001-Check-null-pointers-to-not-crash-on-keyrepeat-with-X.patch

Thanks Jared, this is what I'm putting into Ubuntu (for now).
Comment 6 Peter Hutterer 2009-03-24 20:19:24 UTC 

*** This bug has been marked as a duplicate of bug 20557 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.