| Summary: | X server crashes with touchscreen in qtwebkit plugin view | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | xorg | Reporter: | michael.goffioul | ||||||||
| Component: | Server/Input/Core | Assignee: | Xorg Project Team <xorg-team> | ||||||||
| Status: | RESOLVED MOVED | QA Contact: | Xorg Project Team <xorg-team> | ||||||||
| Severity: | major | ||||||||||
| Priority: | medium | ||||||||||
| Version: | unspecified | ||||||||||
| Hardware: | x86 (IA32) | ||||||||||
| OS: | Linux (All) | ||||||||||
| Whiteboard: | |||||||||||
| i915 platform: | i915 features: | ||||||||||
| Attachments: |
|
||||||||||
Created attachment 80422 [details]
QtWebKit-based test browser
Created attachment 80423 [details]
gdb backtrace
Created attachment 80424 [details]
X log file
More debugging with gdb gave some additional hints. From the backtrace, one can see that xi2mask_isset is called with an invalid "mask" pointer. It appears this is due to FreeGrab being called to delete the grab owning the mask. However, the grab is still being used by a touch listener: that is, some ti->listeners[k] still reference the grab. So basically the crash is due to the use of free'ed memory. Putting a breakpoing in FreeGrab shows that pGrab->grabType == CORE, so the call to TouchListenerGone does not occur. I tried to force the call to TouchListenerGone by commenting the if-test, but a crash still occurred. Stepping into TouchListenerGone function, I could reach the mieqProcessDeviceEvent() call with the TouchOwnership event. However mieqProcessDeviceEvent() does not process the event immediately, because at that point, dev->public.processInputProc == dev->public.enqueueInputProc. So when the event is actually processed, the grab has already been deleted. Hope this helps. -- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/557. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
I'm experiencing a X server crash when using a touchscreen in the plugin view of a qtwebkit-based browser. The setup is the following: - Fedora 18 (all updates applied) - Xorg-1.13.3 - qt-4.8.4 - qtwebkit-2.3.1 - pyside-1.1.0 - mozplugger-1.14.3 (to provides plugins to webkit) - qpdfview-0.4.1 (to provide PDF viewer plugin) - testbrowser.py (provided as attachment) To enable qpdfview as mozplugger plugin, edit /etc/mozpluggerrc and in the PDF related section, add this line before all other options (acroread, kpdf, xpdf...): repeat needs_xembed swallow(qpdfview) fill: qpdfview "$file" To reproduce the problem, start the test browser, type "pdf test" in google, click one of the first link. This should open qpdfview embedded into the browser. Then try using the touchscreen inside the embedded qpdfview. The result is a crash of the X server. It's possible the crash does not occur on the first try. I could reproduce the problem with 2 different touch devices (one with 2 touch points, one with 4 touch points). Provided as attachment: - testbrowser.py - gdb backtrace - X log file Let me know whether you need more information.