Bug 47226 - Crash in trapezoid-code when using xfce'x calendar application
Summary: Crash in trapezoid-code when using xfce'x calendar application
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/intel (show other bugs)
Version: git
Hardware: Other All
: medium normal
Assignee: Chris Wilson
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-03-12 03:20 UTC by Clemens Eisserer
Modified: 2012-03-12 03:53 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Clemens Eisserer 2012-03-12 03:20:29 UTC 
When opening xfce's calendar application (orage) I get the following crash:

Program received signal SIGABRT, Aborted.
0x00635416 in __kernel_vsyscall ()
(gdb) bt
#0  0x00635416 in __kernel_vsyscall ()
#1  0x41e7798f in raise () from /lib/libc.so.6
#2  0x41e792d5 in abort () from /lib/libc.so.6
#3  0x41eb802a in __libc_message () from /lib/libc.so.6
#4  0x41ebef12 in malloc_printerr () from /lib/libc.so.6
#5  0x41ec0068 in _int_free () from /lib/libc.so.6
#6  0x08090036 in FreePixmap ()
#7  0x0014767b in fbDestroyPixmap () from /usr/lib/xorg/modules/libfb.so
#8  0x00243580 in sna_destroy_pixmap (pixmap=0xa2dbfb0) at sna_accel.c:821
#9  0x081556b9 in ?? ()
#10 0x001680db in ?? () from /usr/lib/xorg/modules/extensions/libextmod.so
#11 0x0812ae7c in ?? ()
#12 0x08146aa1 in FreePicture ()
#13 0x0027ce9c in trapezoid_span_fallback (op=3 '\003', src=0xa1791d0, 
    dst=0xa235b78, maskFormat=0x9f6b460, src_x=7, src_y=4, ntrap=2, 
    traps=0xa18f324) at sna_trapezoids.c:4284
#14 0x00281b68 in sna_composite_trapezoids (op=3 '\003', src=0xa1791d0, 
    dst=0xa235b78, maskFormat=0x9f6b460, xSrc=7, ySrc=4, ntrap=2, 
    traps=0xa18f324) at sna_trapezoids.c:4403
#15 0x08149b26 in CompositeTrapezoids ()
#16 0x0814f5cd in ?? ()
#17 0x0814a054 in ?? ()
#18 0x08076195 in ?? ()
---Type <return> to continue, or q <return> to quit---
#19 0x0806439a in ?? ()
#20 0x41e616b3 in __libc_start_main () from /lib/libc.so.6
#21 0x080646c9 in _start ()

This happens with intel-2.18.0-70-g8136bc5 on my i945GM running Fedora16+updates.
Comment 1 Chris Wilson 2012-03-12 03:33:22 UTC 
Any sequence in particular? I wish to use valgrind to confirm that we miss the buffer... But knowing the directing and by how much is critical.
Comment 2 Chris Wilson 2012-03-12 03:53:17 UTC 
commit 7ae45584327a10b05f7aee99bcb71e9d990a3e9b
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Mon Mar 12 10:49:46 2012 +0000

    sna/trapezoids: Add paranoia to ensure that the span starts within the clip
    
    Reported-by: Clemens Eisserer <linuxhippy@gmail.com>
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=47226
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.