Bug 48974

Summary: Xrandr queries cause invalid memory access in X server 1.12.1
Product: xorg Reporter: Michal Suchanek <hramrach>
Component: Server/Ext/RandRAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED MOVED QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: high CC: jeremyhu
Version: 7.7 (2012.06)   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard: 2012BRB_Reviewed
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 44202    

Description Michal Suchanek 2012-04-20 09:53:28 UTC 
just running xrandr utility

==19803== Syscall param writev(vector[...]) points to uninitialised byte(s)
==19803==    at 0x6517A3B: writev (writev.c:51)
==19803==    by 0x297B5B: _XSERVTransSocketWritev (Xtranssock.c:2153)
==19803==    by 0x2932E4: FlushClient (io.c:890)
==19803==    by 0x293B38: FlushAllOutput (io.c:640)
==19803==    by 0x15A921: Dispatch (dispatch.c:447)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0xcd9d6e1 is 1 bytes inside a block of size 4,096 alloc'd
==19803==    at 0x4027034: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x2939A0: WriteToClient (io.c:1015)
==19803==    by 0x15A6C8: ProcEstablishConnection (dispatch.c:3577)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Uninitialised value was created by a heap allocation
==19803==    at 0x402894D: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x21817B: ProcRenderQueryFilters (render.c:1691)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803== 

changing screen layout:

==19803== Invalid read of size 1
==19803==    at 0x4029590: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172)
==19803==    by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398)
==19803==    by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691)
==19803==    by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0x7518690 is 0 bytes inside a block of size 10 free'd
==19803==    at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004)
==19803==    by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529)
==19803==    by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517)
==19803==    by 0x203CAC: RRGetInfo (rrinfo.c:195)
==19803==    by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601)
==19803==    by 0x1974B7: xf86Wakeup (xf86Events.c:527)
==19803==    by 0x15E99A: WakeupHandler (dixutils.c:421)
==19803==    by 0x28D975: WaitForSomething (WaitFor.c:224)
==19803==    by 0x15A7C1: Dispatch (dispatch.c:357)
==19803==    by 0x149A19: main (main.c:288)
==19803== 
==19803== Invalid read of size 1
==19803==    at 0x40295A8: strncpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x8C6D68F: drmmode_set_mode_major (drmmode_display.c:172)
==19803==    by 0x8C6DB45: drmmode_xf86crtc_resize (drmmode_display.c:1398)
==19803==    by 0x1D48EF: xf86RandR12ScreenSetSize (xf86RandR12.c:691)
==19803==    by 0x208DD0: ProcRRSetScreenSize (rrscreen.c:283)
==19803==    by 0x15AA70: Dispatch (dispatch.c:425)
==19803==    by 0x149A19: main (main.c:288)
==19803==  Address 0x7518691 is 1 bytes inside a block of size 10 free'd
==19803==    at 0x4027AAE: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==19803==    by 0x1A9454: xf86DeleteMode (xf86Mode.c:2004)
==19803==    by 0x1CA537: xf86ProbeOutputModes (xf86Crtc.c:1529)
==19803==    by 0x1D37B3: xf86RandR12GetInfo12 (xf86RandR12.c:1517)
==19803==    by 0x203CAC: RRGetInfo (rrinfo.c:195)
==19803==    by 0x7F4256B: glxDRIEnterVT (glxdri2.c:601)
==19803==    by 0x1974B7: xf86Wakeup (xf86Events.c:527)
==19803==    by 0x15E99A: WakeupHandler (dixutils.c:421)
==19803==    by 0x28D975: WaitForSomething (WaitFor.c:224)
==19803==    by 0x15A7C1: Dispatch (dispatch.c:357)
==19803==    by 0x149A19: main (main.c:288)
==19803==
Comment 1 Jeremy Huddleston Sequoia 2012-06-12 03:48:15 UTC 
Is this a regression?
Comment 2 Michal Suchanek 2012-06-12 03:52:27 UTC 
I have no idea, I was valgrinding the X server for some unrelated reason and this popped up.

Could with 1.10 which is packaged for previous Debian I guess.
Comment 3 Michal Suchanek 2012-06-12 05:46:53 UTC 
It happens with 10.4 too, pretty much the same messages.
Comment 4 Jeremy Huddleston Sequoia 2012-06-12 09:11:22 UTC 
Ok, so if it is a regression, it's an old one, thanks.
Comment 5 Matt Dew 2013-02-28 06:22:32 UTC 
Hi folks,
 Is this still an issue?
Comment 6 GitLab Migration User 2018-12-13 18:33:33 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/229.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.