Bug 21591 - Xephyr segfault when mouse is clicked in a textbox
Summary: Xephyr segfault when mouse is clicked in a textbox
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/DDX/Xephyr (show other bugs)
Version: unspecified
Hardware: x86 (IA32) Linux (All)
: medium normal
Assignee: Peter Hutterer
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
: 22024 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-05-06 05:00 UTC by Istvan Visegradi
Modified: 2009-06-01 19:31 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
0001-kdrive-set-Activate-Deactivate-grab-for-input-device.patch (1.15 KB, patch)
2009-05-10 20:05 UTC, Peter Hutterer
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Istvan Visegradi 2009-05-06 05:00:23 UTC
OS: Ubuntu 9.04 Jaunty 
Xephyr: xserver-xephyr 1.6.0-0ubuntu14

Description:
Using Nokia Maemo SDK 5 beta environment with Xephyr.
Xephyr is started with parameters: Xephyr :2 -host-cursor -screen 800x480x16 -dpi 96 -ac &
When in the SDK a user clicks on any application' textbox then Xephyr is crashing with segfault:
-------
Backtrace (10 deep):
0: Xephyr(KdBacktrace+0x35) [0x80c1595]
1: /lib/tls/i686/cmov/libc.so.6 [0xb7a87778]
2: Xephyr(DeliverDeviceEvents+0x20f) [0x808fabf]
3: Xephyr(ProcessOtherEvent+0x36c) [0x81910cc]
4: Xephyr(mieqProcessInputEvents+0x372) [0x80f0da2]
5: Xephyr(ProcessInputEvents+0xd) [0x80c620d]
6: Xephyr(Dispatch+0x6e) [0x80b329e]
7: Xephyr(main+0x3bd) [0x809869d]
8: /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7a72775]
9: Xephyr [0x8070741]

Fatal server error:
Segmentation fault caught
-------

I have grabbed the source and managed to reproduce the crash running in gdb. It seems the following line cause the crashing from dix/events.c:2108 
in function named DeliverEventsToWindow
        
        (*pDev->deviceGrab.ActivateGrab)(pDev, &tempGrab,
                                        currentTime, TRUE | ImplicitGrabMask);
The problem is that the *pDev->deviceGrab.ActiveGrab is zero. See below the content of the *pDev before the line would be executed:

(gdb) p * pDev
$32 = {public = {devicePrivate = 0x0, processInputProc = 0x8189720 <ProcessOtherEvent>, 
    realInputProc = 0x8189720 <ProcessOtherEvent>, enqueueInputProc = 0x808ce80 <EnqueueEvent>, 
    on = 1}, next = 0x0, startup = 1, deviceProc = 0x80c5630 <KdPointerProc>, inited = 1, 
  enabled = 1, coreEvents = 1, deviceGrab = {grabTime = {months = 0, milliseconds = 177133522}, 
    fromPassiveGrab = 0, implicitGrab = 0, activeGrab = {next = 0x0, resource = 0, device = 0x0, 
      window = 0x0, ownerEvents = 0, keyboardMode = 0, pointerMode = 0, coreGrab = 0, 
      coreMods = 0, type = 0 '\0', modifiersDetail = {exact = 0, pMask = 0x0}, 
      modifierDevice = 0x0, detail = {exact = 0, pMask = 0x0}, confineTo = 0x0, cursor = 0x0, 
      eventMask = 0, deviceMask = 0, genericMasks = 0x0}, grab = 0x0, activatingKey = 0 '\0', 
    ActivateGrab = 0, DeactivateGrab = 0, sync = {frozen = 0, state = 0, other = 0x0, event = 0x0, 
      evcount = 0}}, isMaster = 0, type = 72, name = 0x94e0450 "Xephyr virtual mouse", 
  id = 3 '\003', key = 0x0, valuator = 0x94df210, button = 0x94df0e0, focus = 0x0, 
  proximity = 0x0, absolute = 0x0, kbdfeed = 0x0, ptrfeed = 0x94e0430, intfeed = 0x0, 
  stringfeed = 0x0, bell = 0x0, leds = 0x0, xkb_interest = 0x0, config_info = 0x0, 
  devPrivates = 0x0, nPrivates = 0, unwrapProc = 0, spriteInfo = 0x9468fd4, u = {
    master = 0x9467c00, lastSlave = 0x9467c00}, last = {valuators = {425, 307, 
      0 <repeats 34 times>}, remainder = {0 <repeats 36 times>}, numValuators = 3}, properties = {
    properties = 0x93e9be8, handlers = 0x93e9c18}}
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x0808f28f in DeliverDeviceEvents (pWin=0x822b840, xE=0x94c86e8, grab=0x0, stopAt=0x0, 
    dev=0x9468db0, count=2) at events.c:2349
#2  0x08189a8c in ProcessOtherEvent (xE=0x94c86e8, device=0x9468db0, count=2) at exevents.c:1081
#3  0x080efb82 in mieqProcessInputEvents () at mieq.c:474
#4  0x080c59dd in ProcessInputEvents () at kinput.c:2350
#5  0x080b2c76 in Dispatch () at dispatch.c:399
#6  0x08097e6d in main (argc=8, argv=0xbfc7fcb4, envp=0x0) at main.c:397
(gdb)

I have no idea who and when should that ActivateGrab variable filled with something but I guess at least the crash would be possible to overcome if the content would be checked before the call. (I am just a tester so I am just guessing this.)

ADDITIONAL INFORMATION:

The above situation was also tested under Ubuntu 8.10 Intrepid with xserver-xephyr 1.5.2-2ubuntu3.1 and it was not possible to reproduce.

I have tried to compile also the newest version of xorg-xserver from GIT but I couldn't compile because of several dependencies just not available or not "new" enough in the ubuntu repositories. But I checked the latest events.c file and it seems the content is about the same :-) Sorry, but this is how far I was able to get with this bug as a tester.
Comment 1 Peter Hutterer 2009-05-10 20:05:43 UTC
Created attachment 25712 [details] [review]
0001-kdrive-set-Activate-Deactivate-grab-for-input-device.patch

Please give this patch a try (compile-tested only).
Comment 2 Istvan Visegradi 2009-05-11 00:07:29 UTC
(In reply to comment #1)
> Created an attachment (id=25712) [details]
> 0001-kdrive-set-Activate-Deactivate-grab-for-input-device.patch
> 
> Please give this patch a try (compile-tested only).
> 

I have tested the patch in my environment (xorg-server-1.6.0) and it is fixing my problem. No crashes anymore and the variables, that was zero earlier, now are filled with something.

Do you know how can it be "pushed" to be in between the Ubuntu Jaunty normal fixes? They have the older 1.6.0 server still in use...

Thanks for the quick fix.
Comment 3 Peter Hutterer 2009-05-15 19:19:16 UTC
pushed as 6f9e22049862ee9ac7f604411d005d8bb1b2dd1c and  b1b5ec45c1cb650ccb8c659218f9481379c777d9
Comment 4 Peter Hutterer 2009-06-01 18:18:04 UTC
*** Bug 22024 has been marked as a duplicate of this bug. ***
Comment 5 Hubert Figuiere 2009-06-01 18:28:34 UTC
the patch isn't in the 1.6 branch. Can we get it there too?

(origin/server-1.6-branch)
Comment 6 Peter Hutterer 2009-06-01 19:31:27 UTC
Nominated for 1.6.3. See http://www.x.org/wiki/Server16Branch


bug/show.html.tmpl processed on Aug 30, 2016 at 22:33:20.
(provided by the Example extension).