Bug 42651

Summary: NULL function pointer called in driCreateNewScreen with KMS disabled
Product: Mesa Reporter: marcusedennis
Component: OtherAssignee: mesa-dev
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: 7.9   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Xorg log

Description marcusedennis 2011-11-06 20:43:48 UTC 
Created attachment 53226 [details]
Xorg log

Component: Drivers/DRI/common

DESCRIPTION
-----------
When performing screen initialization while KMS is not available, driCreateNewScreen is called while driDriverAPI.InitScreen == 0. The function pointer is called without being checked for NULL value, causing a segmentation violation. Further, the error is partially masked as the log reporting of the error appears to generate another segmentation fault while attempting to perform the backtrace.

HW Configuration
----------------
Dell Inspiron E1505, Core Duo processor (T2400 @ 1.83GHz)
ATI Mobility Radeon X1400 (RV515)

SW Configuration
----------------
Xorg 7.6 (configured by way of current svn BLFS book)
Xserver 1.9.3
Mesa 7.9
Linux 3.0.7

Steps to Reproduce
------------------
1. Build Xorg/XCB/Mesa consistent with build instructions at http://www.linuxfromscratch.org/blfs/view/svn/
2. Build radeon kernel driver w/ KMS disabled by default, or boot with radeon.modeset=0
3. Generate new X config (X -configure)
4. Start X server with new config (X -retro -config /root/xorg.conf.new)

Expected Results
----------------
X server should either initialize the display by a means that correctly handles the lack of KMS, or it should refuse to start with an error indicating that needed functionality is not present. At a minimum, the NULL function pointer should be detected and an appropriate error should issue without a segfault.

Actual Results
--------------
X server crashes with a log message indicating the following:
Segmentation fault at address (nil)

Attempting to run with gdb produces the following backtrace:
#0  0x00000000 in ?? ()
#1  0xb4ccc896 in driCreateNewScreen (scrn=0, ddx_version=0xbfd422e4, 
    dri_version=0xbfd422f0, drm_version=0xbfd422fc, frame_buffer=0xbfd422c8, 
    pSAREA=0xb72ce000, fd=16, extensions=0xb746eaa4, driver_modes=0xbfd4232c, 
    loaderPrivate=0x92eb530) at ../common/dri_util.c:831
#2  0xb744672c in __glXDRIscreenProbe (pScreen=0x92a2ea0) at glxdri.c:1128
#3  0xb743d6c2 in GlxExtensionInit () at glxext.c:377
#4  0x080d5ff5 in InitExtensions (argc=4, argv=0xbfd424b4)
    at ../../../mi/miinitext.c:541
#5  0x0806dd02 in main (argc=4, argv=0xbfd424b4, envp=0xbfd424c8) at main.c:213

The segfault occurs upon executing the instruction:
*driver_modes = driDriverAPI.InitScreen(psp);

Attempting to print driDriverAPI before the offending call reveals that InitScreen == 0.

Additional Notes
----------------
dri2CreateNewScreen contains a NULL check on InitScreen2, but driCreateNewScreen lacks a comparable check on InitScreen.

Issue does not occur in the presence of KMS.
Comment 1 Alex Deucher 2011-11-07 05:49:35 UTC 
I believe this was fixed in a newer version of mesa.  7.9 is pretty old.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.