Bug 40627

Summary: Xvnc crashes when running "xinput list"
Product: xorg Reporter: Cougar <cougar>
Component: Lib/XiAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED NOTOURBUG QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: git   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:

Description Cougar 2011-09-04 14:27:37 UTC 
In Xorg itself xinput list works fine but wehn running in Xvnc it crashes every time

#0  0xb72a65a0 in __strlen_sse2 () from /lib/libc.so.6
#1  0x0817dc6a in SizeDeviceInfo (dev=0x845e988) at xiquerydevice.c:204
#2  0x0817e3f8 in ProcXIQueryDevice (client=0x872fc60) at xiquerydevice.c:98
#3  0x081723a7 in ProcIDispatch (client=0x872fc60) at extinit.c:416
#4  0x080b55b7 in Dispatch () at dispatch.c:432
#5  0x080a2ed5 in main (argc=14, argv=0xbf9ef904, envp=0xbf9ef940)

SizeDeviceInfo() reads dev->name length. In this case dev->name is NULL

xiquerydevice.c lines around 98 are:

94              for (dev = inputInfo.devices; dev; dev = dev->next, i++)
95              {
96                  skip[i] = ShouldSkipDevice(client, stuff->deviceid, dev);
97                  if (!skip[i])
98                      len += SizeDeviceInfo(dev);
99              }

Somehow two last entries in inputInfo.devices list has missing name:

(gdb) p *dev
$29 = {public = {devicePrivate = 0x0, 
    processInputProc = 0x816c710 <ProcessOtherEvent>, 
    realInputProc = 0x816c710 <ProcessOtherEvent>, 
    enqueueInputProc = 0x80bb280 <EnqueueEvent>, on = 1}, next = 0x862f278, 
  startup = 1, deviceProc = 0x8069b00 <rfbKeybdProc>, inited = 1, enabled = 1, 
  coreEvents = 1, deviceGrab = {grabTime = {months = 0, 
      milliseconds = 1903094146}, fromPassiveGrab = 0, implicitGrab = 0, 
    activeGrab = {next = 0x0, resource = 0, device = 0x0, window = 0x0, 
      ownerEvents = 0, keyboardMode = 0, pointerMode = 0, 
      grabtype = GRABTYPE_CORE, type = 0 '\000', modifiersDetail = {exact = 0, 
        pMask = 0x0}, modifierDevice = 0x0, detail = {exact = 0, pMask = 0x0}, 
      confineTo = 0x0, cursor = 0x0, eventMask = 0, deviceMask = 0, xi2mask = {
        "\000\000" <repeats 42 times>}}, grab = 0x0, activatingKey = 0 '\000', 
    ActivateGrab = 0x80c35b0 <ActivateKeyboardGrab>, 
    DeactivateGrab = 0x80c33a0 <DeactivateKeyboardGrab>, sync = {frozen = 0, 
      state = 0, other = 0x0, event = 0x0}}, type = 0, xinput_type = 0, 
  name = 0x0, id = 6, key = 0x862f668, valuator = 0x0, button = 0x0, 
  ^^^^^^^^^^^
  focus = 0x863cee8, proximity = 0x0, absolute = 0x0, kbdfeed = 0x862f6d8, 
  ptrfeed = 0x0, intfeed = 0x0, stringfeed = 0x0, bell = 0x0, leds = 0x0, 
  xkb_interest = 0x0, config_info = 0x0, unused_classes = 0x0, 
  saved_master_id = 0, devPrivates = 0x862f22c, unwrapProc = 0, 
  spriteInfo = 0x862f210, u = {master = 0x861e8c0, lastSlave = 0x861e8c0}, 
  last = {valuators = {0 <repeats 36 times>}, remainder = {
      0 <repeats 36 times>}, numValuators = 0, slave = 0x0}, properties = {
    properties = 0x862aa20, handlers = 0x862f260}, transform = {m = {{0, 0, 
        0}, {0, 0, 0}, {0, 0, 0}}}, xtest_master_id = 0}
(gdb) p *dev->next
$30 = {public = {devicePrivate = 0x0, 
    processInputProc = 0x816c710 <ProcessOtherEvent>, 
    realInputProc = 0x816c710 <ProcessOtherEvent>, 
    enqueueInputProc = 0x80bb280 <EnqueueEvent>, on = 1}, next = 0x0, 
  startup = 1, deviceProc = 0x8069990 <rfbMouseProc>, inited = 1, enabled = 1, 
  coreEvents = 1, deviceGrab = {grabTime = {months = 0, 
      milliseconds = 1903094146}, fromPassiveGrab = 0, implicitGrab = 0, 
    activeGrab = {next = 0x0, resource = 0, device = 0x0, window = 0x0, 
      ownerEvents = 0, keyboardMode = 0, pointerMode = 0, 
      grabtype = GRABTYPE_CORE, type = 0 '\000', modifiersDetail = {exact = 0, 
        pMask = 0x0}, modifierDevice = 0x0, detail = {exact = 0, pMask = 0x0}, 
      confineTo = 0x0, cursor = 0x0, eventMask = 0, deviceMask = 0, xi2mask = {
        "\000\000" <repeats 42 times>}}, grab = 0x0, activatingKey = 0 '\000', 
    ActivateGrab = 0x80c35b0 <ActivateKeyboardGrab>, 
    DeactivateGrab = 0x80c33a0 <DeactivateKeyboardGrab>, sync = {frozen = 0, 
      state = 0, other = 0x0, event = 0x0}}, type = 0, xinput_type = 0, 
  name = 0x0, id = 7, key = 0x0, valuator = 0x863d468, button = 0x863cf10, 
  ^^^^^^^^^^^
  focus = 0x0, proximity = 0x0, absolute = 0x0, kbdfeed = 0x0, 
  ptrfeed = 0x863d890, intfeed = 0x0, stringfeed = 0x0, bell = 0x0, 
  leds = 0x0, xkb_interest = 0x0, config_info = 0x0, unused_classes = 0x0, 
  saved_master_id = 0, devPrivates = 0x862f58c, unwrapProc = 0, 
  spriteInfo = 0x862f570, u = {master = 0x861e5a0, lastSlave = 0x861e5a0}, 
  last = {valuators = {0 <repeats 36 times>}, remainder = {
      0 <repeats 36 times>}, numValuators = 2, slave = 0x0}, properties = {
    properties = 0x863d848, handlers = 0x863d878}, transform = {m = {{0, 0, 
        0}, {0, 0, 0}, {0, 0, 0}}}, xtest_master_id = 0}

I don't have any idea when these entries has been added to the list. I can try to find it out but as I'm not very familiar with Xorg it could take time..
Comment 1 Alan Coopersmith 2011-09-05 09:56:36 UTC 
Which Xvnc?   X.Org provides none, but TigerVNC builds a Xvnc off our current 
sources, while TurboVNC, TightVNC, and RealVNC build their Xvnc off older sources.
Comment 2 Cougar 2011-09-06 01:15:39 UTC 
It dosn't matter at all. It is server side issue. The easiest way to reproduse this bug is open two terminals. In first terminal start Xvnc:

cougar@TRIIN ~> Xvnc :2

and then run xinput from another one:

cougar@TRIIN ~> DISPLAY=:2.0 xinput list
XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":2.0"
      after 16 requests (16 known processed) with 0 events remaining.

After that Xvnc in first terminal crashes.
Comment 3 Daniel Stone 2011-09-06 01:23:25 UTC 
Errr, it does matter though because Xvnc doesn't come from X.Org.  We
don't make any piece of software called Xvnc at all, so there'd be
someone else (e.g. TigerVNC) who you'd have to talk to instead of us.
We can't fix something we didn't make.
Comment 4 Cougar 2011-09-06 01:43:25 UTC 
OK, I see. I thought it was a part or Xorg but you are right. Opensuse package is based on Xorg source but adds some patches for VNC support. I'll report this bug to Opensuse too and lets see is this problem from paches or is there something that can be validated in Xorg code too. I guess you can close this bug here right now as invalid. Thanks!
Comment 5 Cougar 2011-09-06 04:32:48 UTC 
Reported https://bugzilla.novell.com/show_bug.cgi?id=716074 too

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.