Bug 106230 - Memory error when using Xephyr with Xinerama enabled
Summary: Memory error when using Xephyr with Xinerama enabled
Status: RESOLVED MOVED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/Ext/Xinerama (show other bugs)
Version: git
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-25 05:12 UTC by Marco Trevisan (Treviño)
Modified: 2018-12-13 18:33 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
panoramiX: grow depths visuals dynamically (1.69 KB, patch)
2018-04-25 05:18 UTC, Marco Trevisan (Treviño)
no flags Details | Splinter Review

Description Marco Trevisan (Treviño) 2018-04-25 05:12:13 UTC
Just try to run something like:

valgrind Xephyr :2 +extension RANDR +xinerama \
                -screen 800x600 -screen 800x600+800+0

==12009== Memcheck, a memory error detector
==12009== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==12009== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info
==12009== Command: Xephyr :2 +extension RANDR -screen 800x600 -screen 800x600+800+0 +xinerama
==12009== 
==12009== Syscall param msync(start) points to uninitialised byte(s)
==12009==    at 0x891FB91: msync (msync.c:25)
==12009==    by 0x55952F3: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x5599230: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x559953E: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x5599A98: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x5595E70: _ULx86_64_step (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x5596A4C: ??? (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x5593E21: backtrace (in /usr/lib/x86_64-linux-gnu/libunwind.so.8.0.1)
==12009==    by 0x2CFD26: OsInit (osinit.c:217)
==12009==    by 0x19D14C: dix_main (main.c:154)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009==  Address 0x1ffeffd040 is on thread 1's stack
==12009== 
==12009== Invalid write of size 4
==12009==    at 0x224C31: PanoramiXMaybeAddVisual (panoramiX.c:799)
==12009==    by 0x224C31: PanoramiXConsolidate (panoramiX.c:822)
==12009==    by 0x19D60E: dix_main (main.c:243)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009==  Address 0x15befbb0 is 0 bytes after a block of size 960 alloc'd
==12009==    at 0x4C2FA3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12009==    by 0x4C31D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12009==    by 0x224C4D: PanoramiXMaybeAddDepth (panoramiX.c:756)
==12009==    by 0x224C4D: PanoramiXConsolidate (panoramiX.c:819)
==12009==    by 0x19D60E: dix_main (main.c:243)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009== 
==12009== Invalid read of size 4
==12009==    at 0x224644: PanoramiXCreateConnectionBlock (panoramiX.c:656)
==12009==    by 0x19D3D0: dix_main (main.c:260)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009==  Address 0x15befbb0 is 0 bytes after a block of size 960 alloc'd
==12009==    at 0x4C2FA3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12009==    by 0x4C31D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12009==    by 0x224C4D: PanoramiXMaybeAddDepth (panoramiX.c:756)
==12009==    by 0x224C4D: PanoramiXConsolidate (panoramiX.c:819)
==12009==    by 0x19D60E: dix_main (main.c:243)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009== 
==12009== Invalid free() / delete / delete[] / realloc()
==12009==    at 0x4C30D3B: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12009==    by 0x22472C: PanoramiXCreateConnectionBlock (panoramiX.c:675)
==12009==    by 0x19D3D0: dix_main (main.c:260)
==12009==    by 0x8B4EB96: (below main) (libc-start.c:310)
==12009==  Address 0x2d0000002cf is not stack'd, malloc'd or (recently) free'd
==12009== 

This ends up in a crash when launching on that a window manager for example (or just mutter).
Comment 1 Marco Trevisan (Treviño) 2018-04-25 05:18:54 UTC
Created attachment 139093 [details] [review]
panoramiX: grow depths visuals dynamically

We need to ensure we've enough elements where writing the Visual depths
or we could end up in a memory error.
Comment 2 GitLab Migration User 2018-12-13 18:33:59 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/xserver/issues/237.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.