Bug 63510 - XWayland crashes weston when trying to resize X windows to a negative dimension
Summary: XWayland crashes weston when trying to resize X windows to a negative dimension
Status: RESOLVED FIXED
Alias: None
Product: Wayland
Classification: Unclassified
Component: weston (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Wayland bug list
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-13 19:19 UTC by Bruno Jacquet (Xaapyks)
Modified: 2013-07-08 19:00 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
log when weston crashes (39.12 KB, text/plain)
2013-04-13 19:19 UTC, Bruno Jacquet (Xaapyks) 		Details
View All

Description Bruno Jacquet (Xaapyks) 2013-04-13 19:19:42 UTC 
Created attachment 77930 [details]
log when weston crashes

Using XWayland, if I spawn an X window, say midori and grab its bottom or right border or the bottom right corner and try to resize to a negative dimension (dragging mouse higher or at the left of the top left corner of the X window) lead to a crash.

Joining the weston log. Even though I'm compiling weston with -g I can't seem to get a clean backtrace. Some help here please ?
Comment 1 Bruno Jacquet (Xaapyks) 2013-04-13 20:04:45 UTC 
I could get a precise stack trace :

Program received signal SIGSEGV, Segmentation fault
#0  0x00007ffff557fde4 in xcb_send_request () from /usr/lib/libxcb.so.1
#1  0x00007ffff55843c1 in xcb_configure_window () from /usr/lib/libxcb.so.1
#2  0x00007fffeb75721f in weston_wm_window_configure (data=0x19cef10) at window-manager.c:1706
#3  0x00007ffff7bd33bc in wl_event_loop_dispatch_idle (loop=loop@entry=0x621a40) at event-loop.c:400
#4  0x00007ffff7bd33f9 in wl_event_loop_dispatch (loop=0x621a40, timeout=timeout@entry=-1) at event-loop.c:412                                              
#5  0x00007ffff7bd1605 in wl_display_run (display=display@entry=0x6219d0) at wayland-server.c:1219                                                          
#6  0x000000000040cf4f in main (argc=1, argv=0x7fffffffe9e8) at compositor.c:3642
Comment 2 Bruno Jacquet (Xaapyks) 2013-04-13 20:05:24 UTC 
Also got another one that I inspected a little :

Program received signal SIGSEGV, Segmentation fault.
weston_wm_window_get_child_position (window=window@entry=0x15b0d10, x=x@entry=0x7fffffffe53c, y=y@entry=0x7fffffffe538) at window-manager.c:421
421                     *x = t->margin + t->width;
(gdb) bt
#0  weston_wm_window_get_child_position (window=window@entry=0x15b0d10, x=x@entry=0x7fffffffe53c, y=y@entry=0x7fffffffe538) at window-manager.c:421
#1  0x00007fffeb7571e2 in weston_wm_window_configure (data=0x15b0d10) at window-manager.c:1701
#2  0x00007ffff7bd33bc in wl_event_loop_dispatch_idle (loop=loop@entry=0x621a40) at event-loop.c:400
#3  0x00007ffff7bd33f9 in wl_event_loop_dispatch (loop=0x621a40, timeout=timeout@entry=-1) at event-loop.c:412
#4  0x00007ffff7bd1605 in wl_display_run (display=display@entry=0x6219d0) at wayland-server.c:1219
#5  0x000000000040cf4f in main (argc=1, argv=0x7fffffffe9e8) at compositor.c:3642


In this one, gdb tells me window->wm is ok, but window->wm->theme is NULL.
Comment 3 Kristian Høgsberg 2013-07-08 19:00:55 UTC 
commit fa514b496e020aaa6f1fc703fe4a5732f03c5a40
Author: Kristian Høgsberg <krh@bitplanet.net>
Date:   Mon Jul 8 15:00:25 2013 -0400

    xwayland: Don't allow resizing to 0x0 or less
    
    X windows have to be at least 1x1 pixels.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=63510

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.