Created attachment 27792 [details] test case I have attached crash log, a small testcase, and a patch which prevents the crash (but doesn't fix the problem). It seems to be because create_bits_picture (fbpict.c:320) is creating a pixman_image with an invalid memory address for 'bits' because pPix->devPrivate.ptr ("the raw pixel data") is NULL. This seems to be an exa bug as I cannot reproduce with xaa, and exa should (afaiu) be setting devPrivate.ptr to something non-null. This is happening with close to master xserver and slightly old radeon code (still from the dri2/kms branches - haven't had a chance to move to newer stuff yet, and this is working fine for now).
Created attachment 27793 [details] back trace Backtrace
Created attachment 27794 [details] [review] patch
Created attachment 27796 [details] [review] Possible fix Does this patch fix it?
Created attachment 27797 [details] modified testcase to demonstrate rendering problem Yes, that fixes the crash (without my patch applied, obviously). Thanks. However, my testcase (uploaded a slightly modified version) doesn't render as I would expect, which is probably a problem with my code, but just incase. When run without any parameters (eg "./test") it will use XCreateSimple window to create a child of the root, with one parameter ("./test a") it will use XCreateWindow to create an rgba window. Call this window "w2" It creates another rgba window ("w"), and tries to 'copy from' "w2" -> "w". The problem is, when "w2" is created with XCreateSimpleWindow (and therefore not rgba), nothing appears. When "w2" is an rgba window, it works, although not properly - as seen in screenshot, the small window (w2) is copied to the larger (w1), but there is a black border the width of the decoration that it is offset by.
Created attachment 27798 [details] screenshot
Created attachment 27799 [details] oops, wrong test.c last time... Sorry for the extra noise.
Created attachment 27811 [details] [review] Alternative possible fix Can you try this patch instead of the other one? It's an attempt at a simpler solution. (In reply to comment #4) > When "w2" is an rgba window, it works, although not properly - as seen in > screenshot, the small window (w2) is copied to the larger (w1), but there is a > black border the width of the decoration that it is offset by. That doesn't seem to be the case here, but it sounds like you may be using the wrong coordinate system. Anyway it's off topic for this bug report, please either file a separate one or bring it up on an appropriate mailing list.
Comment on attachment 27811 [details] [review] Alternative possible fix Unfortunately it turns out this doesn't work, as GetScratchGC() may return a pre-allocated GC.
Better fix pushed to Git.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.