Bug 22024

Summary: crash with Maemo SDK displaying on Xephyr
Product: xorg Reporter: Hubert Figuiere <hub>
Component: Server/DDX/XephyrAssignee: Matthew Allum <mallum>
Status: RESOLVED DUPLICATE QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
proposed patch none

Description Hubert Figuiere 2009-06-01 13:00:22 UTC 
I can reproduce reliably the crash on both F11 provided Xephyr and the 1.6 branch from git.

The Fedora bug I filed:
https://bugzilla.redhat.com/show_bug.cgi?id=503131

But given that I can reproduce using git upstream, I file it here.

When I start the scratchbox Maemo 4.1.2 session to display in Xephyr, and when I click on the left-side "application menu", Xephyr crashes, all the time.

Here is the gdb stack trace:

rogram received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) where
#0  0x00000000 in ?? ()
#1  0x08089110 in DeliverEventsToWindow (pDev=0x82d0640, pWin=0x839fa08, pEvents=0x82d09e0, count=2, filter=4, grab=0x0, mskidx=3) at events.c:2125
#2  0x08089bfe in DeliverDeviceEvents (pWin=0x839fa08, xE=0x82d09e0, grab=0x0, stopAt=0x0, dev=0x82d0640, count=2) at events.c:2366
#3  0x08183d25 in ProcessOtherEvent (xE=0x82d09e0, device=0x82d0640, count=2) at exevents.c:1081
#4  0x080ea0c9 in mieqProcessInputEvents () at mieq.c:474
#5  0x080c01cd in ProcessInputEvents () at kinput.c:2350
#6  0x080ac7b0 in Dispatch () at dispatch.c:363
#7  0x08092855 in main (argc=10, argv=0xbffff304, envp=0xbffff330) at main.c:397
(gdb) p pDev
No symbol "pDev" in current context.
(gdb) select 1
(gdb) p pDev
$1 = (DeviceIntPtr) 0x82d0640
(gdb) p *pDev
$2 = {public = {devicePrivate = 0x0, processInputProc = 0x8183930 <ProcessOtherEvent>, realInputProc = 0x8183930 <ProcessOtherEvent>, enqueueInputProc = 0x808c000 <EnqueueEvent>, on = 1}, next = 0x0, 
  startup = 1, deviceProc = 0x80bfa30 <KdPointerProc>, inited = 1, enabled = 1, coreEvents = 1, deviceGrab = {grabTime = {months = 0, milliseconds = 1109328085}, fromPassiveGrab = 0, implicitGrab = 0, 
    activeGrab = {next = 0x0, resource = 0, device = 0x0, window = 0x0, ownerEvents = 0, keyboardMode = 0, pointerMode = 0, coreGrab = 0, coreMods = 0, type = 0 '\0', modifiersDetail = {exact = 0, 
        pMask = 0x0}, modifierDevice = 0x0, detail = {exact = 0, pMask = 0x0}, confineTo = 0x0, cursor = 0x0, eventMask = 0, deviceMask = 0, genericMasks = 0x0}, grab = 0x0, activatingKey = 0 '\0', 
    ActivateGrab = 0, DeactivateGrab = 0, sync = {frozen = 0, state = 0, other = 0x0, event = 0x0, evcount = 0}}, isMaster = 0, type = 83, name = 0x8323f50 "Xephyr virtual mouse", id = 3 '\3', key = 0x0, 
  valuator = 0x8323d38, button = 0x8323c08, focus = 0x0, proximity = 0x0, absolute = 0x0, kbdfeed = 0x0, ptrfeed = 0x8285ae8, intfeed = 0x0, stringfeed = 0x0, bell = 0x0, leds = 0x0, xkb_interest = 0x0, 
  config_info = 0x0, devPrivates = 0x0, nPrivates = 0, unwrapProc = 0, spriteInfo = 0x82d0864, u = {master = 0x8284a58, lastSlave = 0x8284a58}, last = {valuators = {24, 195, 0 <repeats 34 times>}, 
    remainder = {0 <repeats 36 times>}, numValuators = 3}, properties = {properties = 0x8285080, handlers = 0x82850b0}}
(gdb) p pDev->deviceGrab
$3 = {grabTime = {months = 0, milliseconds = 1109328085}, fromPassiveGrab = 0, implicitGrab = 0, activeGrab = {next = 0x0, resource = 0, device = 0x0, window = 0x0, ownerEvents = 0, keyboardMode = 0, 
    pointerMode = 0, coreGrab = 0, coreMods = 0, type = 0 '\0', modifiersDetail = {exact = 0, pMask = 0x0}, modifierDevice = 0x0, detail = {exact = 0, pMask = 0x0}, confineTo = 0x0, cursor = 0x0, 
    eventMask = 0, deviceMask = 0, genericMasks = 0x0}, grab = 0x0, activatingKey = 0 '\0', ActivateGrab = 0, DeactivateGrab = 0, sync = {frozen = 0, state = 0, other = 0x0, event = 0x0, evcount = 0}}
(gdb) quit


Basically it tried to call a NULL function pointer.
Comment 1 Hubert Figuiere 2009-06-01 13:05:14 UTC 
Created attachment 26341 [details] [review]
proposed patch

patch made against "server-1.6-branch"

I don't know if that's the proper fix because I'm fixing the consequence, not the cause of the NULL pointer, but for me it works: it avoid the crash and does not seem to cause problems otherwise.

Any suggestion on how I could improve it, if needed, is welcome.
Comment 2 Peter Hutterer 2009-06-01 18:18:04 UTC 

*** This bug has been marked as a duplicate of bug 21591 ***
Comment 3 Daniel Stone 2009-06-01 18:22:32 UTC 
On Mon, Jun 01, 2009 at 01:00:24PM -0700, bugzilla-daemon@freedesktop.org wrote:
> Basically it tried to call a NULL function pointer.

If you're talking about ActivateGrab and DeactivateGrab, that's already
fixed in master.
Comment 4 Hubert Figuiere 2009-06-01 18:31:39 UTC 
yeah but I couldn't compile master due to the dependencies... 

(and compiling the dependencies was not possible due to lack of disk space)

So I did it on the 1.6 branch which is the closest thing to what I have installed ;-)

Obviously my patch was not right :-)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.