Created attachment 24029 [details] complete backtrace Forwarding this bug report from a Ubuntu reporter: https://bugs.edge.launchpad.net/ubuntu/+source/xorg-server/+bug/324465 [Problem] When holding down a key in any text field on a screen other than the primary one when using Xinerama (e.g. with -nvidia), X crashes in miPointerWarpCursor() on line mipointer.c:309, as pPointer, a null pointer, is dereferenced. [backtrace] #0 0x00000000004daa7c in miPointerWarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../mi/mipointer.c:309 pPointer = (miPointerPtr) 0x0 changedScreen = 0 '\0' pScreenPriv = <value optimized out> #1 0x0000000000481c90 in xf86WarpCursor (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773) at ../../../../hw/xfree86/common/xf86Cursor.c:476 sigstate = 0 #2 0x00000000004da6cc in miPointerSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../mi/mipointer.c:240 No locals. #3 0x000000000053559f in AnimCurSetCursorPosition (pDev=0x24886c0, pScreen=0x21a8cb0, x=1279, y=773, generateEvent=0) at ../../render/animcur.c:277 as = (AnimCurScreenPtr) 0x220db70 ret = 35302672 #4 0x0000000000455284 in XineramaSetCursorPosition (pDev=0x24886c0, x=1279, y=773, generateEvent=0) at ../../dix/events.c:454 pScreen = (ScreenPtr) 0x21a8cb0 box = {x1 = 3840, y1 = 0, x2 = 5120, y2 = 1024} i = 8251968 pSprite = (SpritePtr) 0x24ac7d0 [Original Report] When in any text field, on any screen other than the primary one, holding down a key causes X to crash. (Goes black, X restarts automatically). I have tested this with backspace, arrow keys, and letters. It does not crash when holding ctrl, alt, or shift. I have two NVidia 8600GT cards and 4 screens. I am using the latest restricted nvidia driver, which from what I can tell should be ABI compatible (180.27), from the jaunty repository. ProblemType: Bug Architecture: amd64 DistroRelease: Ubuntu 9.04 NonfreeKernelModules: nvidia Package: xorg 1:7.4~5ubuntu11 ProcEnviron: PATH=(custom, user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcVersion: Linux version 2.6.28-6-generic (buildd@crested) (gcc version 4.3.3 (Ubuntu 4.3.3-3ubuntu1) ) #17-Ubuntu SMP Fri Jan 30 15:35:08 UTC 2009 SourcePackage: xorg Uname: Linux 2.6.28-6-generic x86_64 [lspci] 00:00.0 Host bridge [0600]: nVidia Corporation C55 Host Bridge [10de:03a3] (rev a2) Subsystem: Micro-Star International Co., Ltd. Device [1462:0000] 03:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600 GT [10de:0402] (rev a1) Subsystem: Giga-byte Technology Device [1458:3452] 04:00.0 VGA compatible controller [0300]: nVidia Corporation GeForce 8600 GT [10de:0402] (rev a1) Subsystem: Giga-byte Technology Device [1458:3452]
Created attachment 24030 [details] XorgLog.txt
Created attachment 24031 [details] XorgConf.txt
When adding a check for pPointer == NULL in miPointerWarpCursor, the behavior simply moves to somewhere else that MIPOINTER might return null. I was able to eliminate the behavior entirely by adding null checks everywhere in mipointer.c that pPointer is set from MIPOINTER. Once I learn how to create a proper patch for X, I'll attach it.
On Mon, Mar 23, 2009 at 06:35:03AM -0700, bugzilla-daemon@freedesktop.org wrote: > http://bugs.freedesktop.org/show_bug.cgi?id=20744 > > > > > > --- Comment #3 from Jared Bunting <jared.bunting@peachjean.com> 2009-03-23 06:35:03 PST --- > When adding a check for pPointer == NULL in miPointerWarpCursor, the behavior > simply moves to somewhere else that MIPOINTER might return null. I was able to > eliminate the behavior entirely by adding null checks everywhere in mipointer.c > that pPointer is set from MIPOINTER. Once I learn how to create a proper patch > for X, I'll attach it. Feel free to forward the changed file(s) to me, and I'll be willing to generate the patch for you. Otherwise, see: http://wiki.x.org/wiki/Development/Documentation/SubmittingPatches Bryce
Created attachment 24171 [details] [review] 0001-Check-null-pointers-to-not-crash-on-keyrepeat-with-X.patch Thanks Jared, this is what I'm putting into Ubuntu (for now).
*** This bug has been marked as a duplicate of bug 20557 ***
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.