Created attachment 69071 [details] xorg.log Hey, this is a different machine (with gt2), so I'm creating a new bug instead of appending to bug 47597... #3 0x00007f873883db56 in malloc_printerr (action=3, str=0x7f87389266b8 "malloc(): memory corruption", ptr=<optimized out>) at malloc.c:5007 #4 0x00007f873883f5b8 in _int_malloc (av=av@entry=0x7f8738b64620 <main_arena>, bytes=bytes@entry=424) at malloc.c:3555 #5 0x00007f8738841c20 in __GI___libc_malloc (bytes=424) at malloc.c:2924 #6 0x0000000000453390 in AllocatePixmap (pScreen=pScreen@entry=0x13f64d0, pixDataSize=<optimized out>) at pixmap.c:117 #7 0x00007f8734b04a5f in create_pixmap (sna=sna@entry=0x7f873a684010, screen=screen@entry=0x13f64d0, width=width@entry=3, height=height@entry=26, depth=depth@entry=24, usage_hint=usage_hint@entry=0) at sna_accel.c:710 #8 0x00007f8734b05e78 in sna_create_pixmap (screen=0x13f64d0, width=3, height=26, depth=24, usage=0) at sna_accel.c:1190 #9 0x000000000043422f in ProcCreatePixmap (client=0x213d010) at dispatch.c:1388 #10 0x0000000000438891 in Dispatch () at dispatch.c:428 #11 0x0000000000427965 in main (argc=9, argv=0x7fff4559fd28, envp=<optimized out>) at main.c:288
A malloc corruption... Nothing is going to show up unless it happens to trigger one of the out-of-bounds checks (and then not even that if it is one of the input drivers fouling up). valgrinding X is usable, but likely also to affect the bug if its turns out to be timing dependent. Not much I can do without some clue even as to where to begin hunting. :|
Created attachment 69106 [details] valgrind run Actually it's not that hard. It's enough to start libreoffice with my presentation and press page down. Done now with valgrind -- it did not crash, many errors reported to the valgrind log. Attached.
That was with --enable-debug? Do you have the valgrind headers? Can you check that the configure is finding them?
Created attachment 69108 [details] valgrind run (In reply to comment #3) > That was with --enable-debug? Do you have the valgrind headers? Can you > check that the configure is finding them? Nope, valgrind-devel was not installed.
One last request, as I am looking at the code that appears to be clipping correctly to the extents, can you attach a debug=full log?
Bonus points if you can capture the stderr of both the debug=full X and valgrind. :)
Created attachment 69110 [details] [review] Tightly clip the bottom-right of the trap Spotted one potential quite-rare issue in the clipping. Mind testing the attached?
Created attachment 69111 [details] valgrind run with that patch (In reply to comment #7) > Created attachment 69110 [details] [review] [review] > Tightly clip the bottom-right of the trap > > Spotted one potential quite-rare issue in the clipping. Mind testing the > attached? Oh, this seems to fix the libreoffice bug. Valgrind of that run attached. Thanks.
commit 31eb704b2ad7c861ec4e61fb9de0e9592fc6d269 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Fri Oct 26 13:57:30 2012 +0100 sna: Ensure that the trap is clipped if it ends within the boundary pixel Reported-and-tested-by: Jiri Slaby <jirislaby@gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=56395 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Hmm, the conditional on uninitialised data may need fixing at some point, never sure with that bit-twiddling code. However, for the time being I declare victory! Onwards!
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.