This bug affects the mpx branch and I've verified that it does not occur in the
If I open dosbox and hit ctrl-F10, it grabs the cursor so that the mouse controls the DOS program. If I do this on the mpx branch, X crashes, and the log contains the following:
[mi] Unknown event type, cannot change id.
Fatal server error:
Bad valuators reported for device ImPS/2 Logitech Wheel Mouse
That device is the touchpad on my laptop. This crash happens even with only one core pointer.
Another program that triggers the same crash is Planet Penguin Racer. There it happens once I start a race. When it crashes from ppracer, the 'unknown event type' message is repeated in the log about a hundred times before the crash. I believe that message is being spewed out while I am navigating the menus before I start a race. I'll attach a log file of this.
Created attachment 16539 [details]
Log of the crash with ppracer
Here's a log of X crashing from ppracer. This time it crashed almost immediately rather than waiting for me to start a race, so the 'Unknown event type' message only appears once.
I can't reproduce these. The fact that its dosbox and ppracer indicates it might be DGA related. I also tried xmoto, but nothing.
When did you pull? I had bugs like this before but they were fixed with commit ec2fca7e6f7ce8fdf33d959b7adeaae935ec4b37 (29.april).
I'm fully up to date (68b4f250eef441a3d75e3b9b2665a51d3a1538d6).
I just tried xmoto. It will crash if I run it fullscreen, but not in a window. Turns out ppracer is the same.
So far, dosbox is the only thing that crashes X while running in a window.
Created attachment 16557 [details]
Backtrace of crash while running dosbox
I attached gdb, set a breakpoint on FatalError, and got a backtrace. Here it is.
Here's the relevant data at frame 1 in the backtrace:
xV->first_valuator = 69
xV->num_valuators = 86
v->numAxes = 2
Then, of course, 69+86 > 2.
Those numbers were suspiciously in the ASCII range, so I tried this:
(gdb) x/s xV
There's a string there instead of the correct data structure!
Figured it out.
Line 1093 in hw/xfree86/common/xf86DGA.c
UpdateDeviceState is called specifying two parameters, but it takes three, therefore count doesn't get initialized and the loop goes out of range.
Created attachment 16560 [details] [review]
If I understand correctly, count should always be 1 here. This change stopped the crashing.
Created attachment 16561 [details] [review]
Always good to grep for other occurrences of the same mistake...
(In reply to comment #7)
> Figured it out.
> Line 1093 in hw/xfree86/common/xf86DGA.c
> UpdateDeviceState is called specifying two parameters, but it takes three,
> therefore count doesn't get initialized and the loop goes out of range.
d'oh! thanks, applied! will be pushed soon.
pushed as 5127942f80983b2e053dddd5c5747d0c3d2f9d6d.