The X server crashes while scrolling some webpages in Firefox as of commit c98b770. I have bisected it down to that commit. 27ad2fc did not compile. I got it to compile by grabbing the change to trapezoids_bounds from c98b770 (below). I cannot reproduce the crash with 27ad2fc. --- a/src/sna/sna_trapezoids.c +++ b/src/sna/sna_trapezoids.c @@ -70,7 +70,7 @@ return l->p1.x + (xFixed) (ex / d); } -void trapezoids_bounds(int n, const xTrapezoid *t, BoxPtr box) +bool trapezoids_bounds(int n, const xTrapezoid *t, BoxPtr box) { xFixed x1, y1, x2, y2; @@ -134,6 +134,8 @@ box->x2 = pixman_fixed_to_int(x2); box->y1 = pixman_fixed_integer_floor(y1); box->y2 = pixman_fixed_integer_ceil(y2); + + return box->x2 > box->x1 && box->y2 > box->y1; } static bool --- a/src/sna/sna_trapezoids.h +++ b/src/sna/sna_trapezoids.h @@ -212,7 +212,7 @@ return (v + ((1<<(16-FAST_SAMPLES_shift-1))-1)) >> (16 - FAST_SAMPLES_shift); } -void trapezoids_bounds(int n, const xTrapezoid *t, BoxPtr box); +bool trapezoids_bounds(int n, const xTrapezoid *t, BoxPtr box); static inline bool is_mono(PicturePtr dst, PictFormatPtr mask)
Please attach the stacktrace from the crash.
Created attachment 87213 [details] Stacktrace of the crash Here is the stacktrace.
valgrind hasn't found anything yet, but I think this is commit d462475b7ecca6eb001b521185d2f7286031a8d8 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Mon Oct 7 10:04:15 2013 +0100 sna/trapezoids: Fix overstepping vertical edges Regression from commit c98b770a87a5ec5ed9dc0aa375ad173b0e98322e Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Fri Oct 4 18:37:01 2013 +0100 sna/trapezoids: Add a precise scan converter Reported-by: Joseph Yasi <joe.yasi@gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=70204 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk> Please reopen if it still fails.
Valgrind has turned up something. Now trying without inlining to see I can make more sense of it... This is going to take some time!
Created attachment 87246 [details] Stacktrace of the crash with -O0 -g3 I recompiled with -O0 and -g3 to provide a little more information in the stack trace. I hope this helps.
Well, that wasn't the bug I was expecting to find. The change in code uncovered a much more serious pre-existing bug. This should fix it: commit 06a8ad9690590a605b1564012d062b98c60546a6 Author: Chris Wilson <chris@chris-wilson.co.uk> Date: Mon Oct 7 23:21:38 2013 +0100 sna/trapezoids: Recompute num_threads to match range We need to be careful not to execute threads past the end of the alloted buffer by making sure the clip extents correctly align. Reported-by: Joseph Yasi <joe.yasi@gmail.com> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=70204 Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Thanks, that fixed it. Good work digging that out.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.