Bug 69357

Summary: Xephyr segfaults with 8 or 16-bit color depth
Product: xorg Reporter: Michele Baldessari <michele>
Component: Server/DDX/XephyrAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: consume.noise
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Michele Baldessari 2013-09-14 14:36:39 UTC 
Launch Xephyr in 8bit depth mode:
Xephyr -screen 800x600x8 :1 

DISPLAY=:1 xclock

Consistent crash (tried with today's git 47ff382). Here's the backtrace:
(gdb) bt
#0  0x0000003afe418208 in dest_get_scanline_narrow (iter=0x7fffffff7c10, mask=0x0)
    at pixman-bits-image.c:1531
#1  0x0000003afe457ccb in general_composite_rect (imp=0x81f060, info=<optimized out>) at pixman-general.c:197
#2  0x0000003afe40b8b1 in pixman_image_composite32 (op=op@entry=PIXMAN_OP_OVER, src=src@entry=0xa21220, 
    mask=mask@entry=0xa21440, dest=dest@entry=0xa21330, src_x=0, src_y=0, mask_x=0, mask_y=0, dest_x=148, 
    dest_y=81, width=8, height=2) at pixman.c:707
#3  0x0000003afe40b983 in pixman_image_composite (op=op@entry=PIXMAN_OP_OVER, src=src@entry=0xa21220, 
    mask=mask@entry=0xa21440, dest=dest@entry=0xa21330, src_x=<optimized out>, src_y=<optimized out>, 
    mask_x=<optimized out>, mask_x@entry=0, mask_y=<optimized out>, mask_y@entry=0, dest_x=<optimized out>, 
    dest_x@entry=148, dest_y=<optimized out>, dest_y@entry=81, width=<optimized out>, width@entry=8, 
    height=<optimized out>) at pixman.c:730
#4  0x0000003afe46649c in pixman_composite_trapezoids (op=op@entry=PIXMAN_OP_OVER, src=src@entry=0xa21220, 
    dst=dst@entry=0xa21330, mask_format=<optimized out>, x_src=x_src@entry=-148, y_src=-81, x_dst=0, 
    y_dst=0, n_traps=n_traps@entry=1, traps=traps@entry=0xa0d2f0) at pixman-trap.c:540
#5  0x000000000049aaa1 in fbShapes (composite=0x3afe466130 <pixman_composite_trapezoids>, op=PIXMAN_OP_OVER, 
    pSrc=0xa21140, pDst=0xa21010, maskFormat=0x840878, xSrc=<optimized out>, ySrc=-81, 
    nshapes=nshapes@entry=1, shape_size=shape_size@entry=40, shapes=shapes@entry=0xa0d2f0 "\211\241Q")
    at fbtrap.c:145
#6  0x000000000049ad30 in fbTrapezoids (op=<optimized out>, pSrc=<optimized out>, pDst=<optimized out>, 
    maskFormat=<optimized out>, xSrc=<optimized out>, ySrc=<optimized out>, ntrap=1, traps=0xa0d2f0)
    at fbtrap.c:167
#7  0x0000000000530c33 in ProcRenderTrapezoids (client=0xa0cf00) at render.c:759
#8  0x0000000000430ab7 in Dispatch () at dispatch.c:432
#9  0x000000000043489a in dix_main (argc=4, argv=0x7fffffffe188, envp=<optimized out>) at main.c:294
#10 0x0000003af1c21d65 in __libc_start_main (main=0x41f7b0 <main>, argc=4, argv=0x7fffffffe188, 
    init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe178)
    at libc-start.c:269
#11 0x000000000041f7e1 in _start ()
Comment 1 Michele Baldessari 2013-09-14 15:35:32 UTC 
Issue introduced via:
commit bd58ebe4cf3b0ce60f87fb26a3715f774dabd349
Author: Daniel Martin <consume.noise@gmail.com>
Date:   Thu Dec 20 13:50:17 2012 +0100

    ephyr: Fix crash on 24bpp host framebuffer
    
    Use bytes_per_line and bits_per_pixel from the created XImage to fix
        https://bugzilla.redhat.com/show_bug.cgi?id=518960
    
    Signed-off-by: Daniel Martin <consume.noise@gmail.com>
    Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
    Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Comment 2 Michele Baldessari 2013-09-14 16:37:30 UTC 
For the record both 8 and 18bit depth crash. So:
Xephyr -screen 800x600x8 :1 
Xephyr -screen 800x600x16 :1 

Whereas 24 and 32 depths keep working
Comment 3 Michele Baldessari 2013-09-15 09:51:44 UTC 
The following patch fixes it for me and keeps the other cases (24bpp/32bpp) working:
diff --git a/hw/kdrive/ephyr/hostx.c b/hw/kdrive/ephyr/hostx.c
index 5071289..90db002 100644
--- a/hw/kdrive/ephyr/hostx.c
+++ b/hw/kdrive/ephyr/hostx.c
@@ -697,9 +697,10 @@ hostx_screen_init(EphyrScreenInfo screen,
             malloc(host_screen->ximg->bytes_per_line * buffer_height);
     }
 
-    *bytes_per_line = host_screen->ximg->bytes_per_line;
-    *bits_per_pixel = host_screen->ximg->bits_per_pixel;
-
+    if (host_depth_matches_server(host_screen)) {
+        *bytes_per_line = host_screen->ximg->bytes_per_line;
+        *bits_per_pixel = host_screen->ximg->bits_per_pixel;
+    }
     XResizeWindow(HostX.dpy, host_screen->win, width, height);
 
     /* Ask the WM to keep our size static */
Comment 4 Michele Baldessari 2013-09-15 10:17:10 UTC 
Patch sent to xorg-devel:
http://lists.x.org/archives/xorg-devel/2013-September/037796.html
Comment 5 Søren Sandmann Pedersen 2013-10-18 19:23:12 UTC 
This appears to leave those variables uninitialized when host_depth_matches_server() returns FALSE. Also if you use the -resizeable option and resize the window after applying this patch, the display ends up garbled.
Comment 6 Michele Baldessari 2013-11-01 09:46:20 UTC 
Fixed via patches from Soren:
623c414 ephyr: Ensure stride of private framebuffer is multiple of 4
97cf53c ephyr: hostx_screen_init(): Fix bits_per_pixel and bytes_per_line

Closing

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.