Bug 8623 - server segfault on RENDER CompositeTrapezoids request
Summary: server segfault on RENDER CompositeTrapezoids request
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: 7.0 (2005.12)
Hardware: x86 (IA32) Linux (All)
: high normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-12 16:47 UTC by Jamey Sharp
Modified: 2018-06-13 16:36 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Server log from a session that crashed with this bug. (41.01 KB, text/plain)
2006-10-12 16:49 UTC, Jamey Sharp 		no flags Details
A wireshark/tcpdump packet trace of a session ending with the death of the server. (4.20 KB, application/octet-stream)
2006-10-12 16:52 UTC, Jamey Sharp 		no flags Details
View All

Description Jamey Sharp 2006-10-12 16:47:23 UTC 
The X server dies with signal 11 when I run the rectangle-rounding-error test
from the cairo test suite using the XCB backend. I've tested the Debian-packaged
version 1:1.0.2-9 with both the XFree86 DDX (with XAA) and Xvfb, and both
demonstrate the problem. I haven't had a chance to test with a newer server yet,
or a server with debugging symbols.

Several X requests are being batched together in the packet that kills the X
server, and XCB doesn't (yet) have an XSynchronize equivalent, so I can only say
for sure that it's one of these requests at this point:
CreatePicture, FillRectangles, SetPictureTransform, ChangePicture,
SetPictureFilter, Trapezoids, FreePicture, CreatePixmap, FreePixmap, GetImage

My poorly-educated guess from looking at the backtraces is that it's a bug in
the fb layer. The backtrace from my regular X server follows; the Xvfb trace is
less useful since I don't have debugging symbols, but also segfaults in the fb
layer.

Backtrace:
0: /usr/bin/X(xf86SigHandler+0x89) [0x80b6849]
1: [0xffffe420]
2: /usr/lib/xorg/modules/libfb.so(fbCompositeGeneral+0x830) [0xa7777fd0]
3: /usr/lib/xorg/modules/libfb.so(fbComposite+0x1d6) [0xa7780d76]
4: /usr/lib/xorg/modules/libxaa.so(XAAComposite+0x1ee) [0xa773a3de]
5: /usr/bin/X [0x8153e28]
6: /usr/bin/X [0x8150816]
7: /usr/bin/X(CompositePicture+0xeb) [0x813e41b]
8: /usr/bin/X(miTrapezoids+0x233) [0x813d893]
9: /usr/bin/X [0x815413e]
10: /usr/bin/X(CompositeTrapezoids+0x93) [0x813e5f3]
11: /usr/bin/X [0x8146e14]
12: /usr/bin/X [0x81414a5]
13: /usr/bin/X(Dispatch+0x19b) [0x8086b8b]
14: /usr/bin/X(main+0x48e) [0x806e5de]
15: /lib/tls/libc.so.6(__libc_start_main+0xc8) [0xa7cf9ea8]
16: /usr/bin/X(FontFileCompleteXLFD+0xad) [0x806d911]

I'll attach the full X server log and the wireshark packet capture.
Comment 1 Jamey Sharp 2006-10-12 16:49:18 UTC 
Created attachment 7396 [details]
Server log from a session that crashed with this bug.
Comment 2 Jamey Sharp 2006-10-12 16:52:32 UTC 
Created attachment 7397 [details]
A wireshark/tcpdump packet trace of a session ending with the death of the server.
Comment 3 Josh Triplett 2006-10-15 21:23:54 UTC 
I can confirm that Xvfb from Debian package 1:1.0.2-9 segfaults as described.  I
tested with the newer 2:1.1.1-9, and it did not segfault.
Comment 4 Josh Triplett 2006-10-16 02:02:04 UTC 
Additional information: it looks like the stock 1.1.1 orig.tar.gz from Debian
also segfaults, so one of the Debian patches must fix the problem.
Comment 5 Daniel Stone 2007-02-27 01:34:02 UTC 
Sorry about the phenomenal bug spam, guys.  Adding xorg-team@ to the QA contact so bugs don't get lost in future.
Comment 6 chemtech 2013-03-15 15:07:34 UTC 
Jamey Sharp 
Do you still experience this issue with newer soft ?
Please check the status of your issue.
Comment 7 Adam Jackson 2018-06-13 16:36:03 UTC 
fbCompositeGeneral no longer exists, and definitely had issues.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.