When I run an X session, and I close the lid of my laptop, my session terminates.
Here's a stack trace from a crashed session:
0: /usr/bin/X(xf86SigHandler+0x96) [0x80b9248]
2: /lib/libc.so.6(strtoul+0x3e) [0xb7d4966e]
3: /usr/bin/X [0x80c8f66]
4: /usr/bin/X(xf86HandlePMEvents+0x2f) [0x80a644b]
5: /usr/bin/X(xf86Wakeup+0x131) [0x80ba1cc]
6: /usr/bin/X(WakeupHandler+0x41) [0x8083f48]
7: /usr/bin/X(WaitForSomething+0x21c) [0x815054c]
8: /usr/bin/X(Dispatch+0x7f) [0x8080f64]
9: /usr/bin/X(main+0x4cb) [0x806e668]
10: /lib/libc.so.6(__libc_start_main+0xd8) [0xb7d32878]
11: /usr/bin/X(FontFileCompleteXLFD+0xa1) [0x806dad1]
I believe the same problem has been reported upon in,
https://bugs.freedesktop.org/show_bug.cgi?id=5140, as the backtrace is similar.
However bug 5140 suggests that it is sloved in 7.1.
I've recompiled my X server in debug and produced a core. With the core, it was
clear that on lines 76 and 82 the file hw/xfree86/os-support/linux/lnx_acpi.c,
the result of strtok is not checked to be non-null. Hence a null-pointer is
passed to strtoul, which crashes strtoul and the X server. Indeed, checking the
result of strtok before passing it to strtoul solves the problem.
Created attachment 7531 [details] [review]
Check zero-pointer result of strtok in lnx_acpi.c
When I include this patch, my X server survives closing and opening the lid of
my beautifull 6 years old Dell inspiron 4000...
It is bug 6364 that has the similar stack trace, not 5140. Sorry about the mixup.
*** Bug 8717 has been marked as a duplicate of this bug. ***
Created attachment 7553 [details] [review]
new patch that fixes real problem
Take another look at lnx_acpi.c, starting from line 61. In the event of the
crash, the string that should be parsed is "video VID 00000080 00000000".
The old code tries to chop off "video" with a call to strtok(ev, "video") on
line 68, and then goes on to parse the rest of the string. This is not what
happens: the call to strtok sees "v","i","d","e", and "o" as delimiters, and
puts the first non-empty string (i.e., " VID 0000080 00000000") into the
variable video. The remainder of the string is then empty; the subsequent calls
to strtok(NULL, " ") return NULL. When such a NULL is passed to strtoul, we
have our well-known crash.
This new patch changes the initial call to strtok to indeed just chop off the
"video" bit by using a space as delimiter. This leaves the rest for parsing
into GFX, notify and data. This seems to be what was intended, enabling the
debug code in there also puts the right lines into my Xorg.0.log.
I've removed the zero-pointer checks from my earlier patch; even though this is
making assumptions about the format that is being read; i.e., all video events
should read "video <string1> <string2> <string3>". I don't have the specs but
it seems that this assumption is valid.
I've just tested this on my Mandriva Cooker x11-server pacakage and it has
appeared to fix the problem I was having on my Dell Inspiron 6400 (2.0 GHz Core
2 Duo x86_64 with pci=noirq arg which hides one of the cores but makes the
My xorg used to crash whenever I closed the lit. With the attached patch applied
I no longer get a crash.
Adding me to CC.
committed to master, and server 1.2 branch, thanks