Created attachment 14218 [details] xorg.log (not the same run as the above backtrace) I can reliably cause SIGSEV in the Xserver following these steps: 1 - launch Xephyr with gdmflexyserver -n 2 - log in GNOME The server crashes before GNOME has finished loading (the nested GNOME) In fact, using Xephyr with other clients also makes the server crash, but it takes more time. Backtrace: (I hope it's right, I got symbols' names with addr2line) 0: /usr/bin/X(xf86SigHandler+0x6a) [0x47568a] 1: /lib/libc.so.6 [0x2aac59730090] 2: /lib/libc.so.6(memcpy+0x63) [0x2aac5977acf3] 3: /usr/lib/xorg/modules/drivers//nouveau_drv.so [0x2aac5b4b8b6a] nouveau_dma_outp /home/jaime/src/nouveau/xf86-video-nouveau/src/nouveau_dma.h:86 4: /usr/lib/xorg/modules/drivers//nouveau_drv.so [0x2aac5b4b8afa] NVAccelUploadIFC /home/jaime/src/nouveau/xf86-video-nouveau/src/nv_exa.c:529 5: /usr/lib/xorg/modules/drivers//nouveau_drv.so [0x2aac5b4b85c3] NVUploadToScreen /home/jaime/src/nouveau/xf86-video-nouveau/src/nv_exa.c:633 6: /usr/lib/xorg/modules//libexa.so [0x2aac5d4c87d0] exaPutImage 7: /usr/bin/X [0x524ea4] 8: /usr/bin/X [0x4fa1c2] 9: /usr/bin/X [0x4fb2e0] 10: /usr/bin/X [0x4fbf7c] 11: /usr/bin/X(Dispatch+0x2e0) [0x44e3b0] 12: /usr/bin/X(main+0x47d) [0x436b8d] 13: /lib/libc.so.6(__libc_start_main+0xf4) [0x2aac5971c1c4] 14: /usr/bin/X(FontFileCompleteXLFD+0x279) [0x435ec9] My card is a GeForce Go 7300.
Sorry, I selected wrong component
Created attachment 14237 [details] Xorg.log with DMA_TRACE and DMA_DEBUG enabled I enabled NOUVEAU_DMA_DEBUG and NOUVEAU_DMA_TRACE. The bug triggers when the input needs padding. The code reads the padding bytes from the input data, but after the last line of the input there is not valid data and the driver gets a SIGSEV. If I force the driver to skip the last line it doesn't crash (but I get some corruption).
Created attachment 14356 [details] [review] Do not access beyond source pixmap in NVAccelUploadIFC This patch fixes the issue for me
I can confirm this. Would be nice to see it fixed in git as well? danny
Thanks for the patch! Tested and pushed.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.