Bug 6325 - simple testcase to crash server with render operation
Summary: simple testcase to crash server with render operation
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: 7.0.0
Hardware: x86 (IA32) All
: high normal
Assignee: Keith Packard
QA Contact:
: 5535 6129 (view as bug list)
Depends on:
Blocks: 5041
  Show dependency treegraph
Reported: 2006-03-21 04:15 UTC by Egbert Eich
Modified: 2010-05-06 13:39 UTC (History)
5 users (show)

See Also:
i915 platform:
i915 features:

testcase (825 bytes, application/octet-stream)
2006-03-21 04:16 UTC, Egbert Eich
no flags Details

Description Egbert Eich 2006-03-21 04:15:20 UTC
Render seems to assume 4bpp for depth 4 pixmaps. Since 4bit pixmaps have 8 bpp
fb cannot locate a funtion to handle this.
This happens in fb/fbcompose.c:fetchPixelProcForPicture ()
storeProcForPicture () and fetchProcForPicture ().
Simple testcase will be appended.
Problem still exists in latest CVS.
Comment 1 Egbert Eich 2006-03-21 04:16:39 UTC
Created attachment 5001 [details]
Comment 2 Keith Packard 2006-03-21 06:59:12 UTC
heh. kdrive used 4bpp for depth-4 pixmaps.

This should be easy to fix; I'll see if I can't get some time this week.
Comment 3 Adam Jackson 2006-03-23 07:56:03 UTC
this is just a crasher, not a security bug.

even worse it's a dupe of bug #5535.
Comment 4 Egbert Eich 2006-03-30 00:41:15 UTC
ajax: 5535 does not contain a test case. Unfortunately the subject is quite
I don't seem to be able to get the search interface to find tickets by text in
As this can be triggered by an app it can be considered a security problem.
Comment 5 Adam Jackson 2006-04-04 07:31:25 UTC
*** Bug 5535 has been marked as a duplicate of this bug. ***
Comment 6 Adam Jackson 2006-04-04 21:39:48 UTC
keith, any news?
Comment 7 Adam Jackson 2006-04-13 06:32:42 UTC
keith: reping.
Comment 8 Keith Packard 2006-04-20 07:57:06 UTC
Added support for x4a4 format (depth 4, 8bpp). Note that other depth 4 formats
8bpp formats remain unsupported.
Comment 9 Adam Jackson 2010-05-06 13:39:22 UTC
*** Bug 6129 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.