Run Xorg 7.2RC1 with no clients, connect to it with xdpyinfo and watch the
server crash when it tries to reset after it's last client disconnects.
It's crashing here:
t@1 (l@1) signal SEGV (no mapping at the fault address) in
SecurityClientStateCallback at line 1125 in file "security.c"
1125 TRUSTLEVEL(serverClient) = XSecurityClientTrusted;
((ClientPtr ) serverClient)->devPrivates[securityClientPrivateIndex].ptr = (nil)
This is because the security extension only calls AllocateClientPrivateIndex
from SecurityExtensionSetup(), which is called the first time the security
extension is loaded, but not when the server resets and resets all privates
info. It needs to be called from SecurityExtensionInit() to be called on
server reset, but that may be too late for the AllocateExtensionPrivateIndex to
I see SecurityExtensionSetup called from InitExtensions() which is within the
server loop, right above the call to InitClientPrivates(serverClient). So it
should be called on every reset...
Recompiling now so I can get gdb running.
I cannot reproduce this bug using the method described. On my system, the
server resets just fine.
I am continuing to investigate.
I have tracked down the following path by which the offending code is being
called. During this call, the client passed in to the callback is different
from serverClient. I have committed a check to the ClientStateInitial callback
to make sure that it is only excercised for the serverClient. Please update
from git and retest.
#0 SecurityClientStateCallback (pcbl=0x82414fc, nulldata=0x0,
calldata=0xbff3a7e0) at security.c:1125
#1 0x08092f8e in _CallCallbacks (pcbl=0x82414fc, call_data=0xbff3a7e0)
#2 0x080933a8 in CallCallbacks (pcbl=0x82414fc, call_data=0xbff3a7e0)
#3 0x0808d390 in NextAvailableClient (ospriv=0xa28da88) at dispatch.c:3763
#4 0x081fe3d9 in AllocNewConnection (trans_conn=0xa2d1b50, fd=14,
conn_time=3204844227) at connection.c:765
#5 0x081fe772 in EstablishNewConnections (clientUnused=0x0, closure=0x8242ac0)
#6 0x08092b25 in ProcessWorkQueue () at dixutils.c:556
#7 0x081f98ce in WaitForSomething (pClientsReady=0xbff3ac90) at WaitFor.c:171
#8 0x08084383 in Dispatch () at dispatch.c:383
#9 0x0806df59 in main (argc=1, argv=0xbff3b1c4, envp=0xbff3b1cc) at main.c:445
Found reason why setup function is not being called on reset. There are two
InitExtensions functions, depending on whether XFree86LOADER is defined or not.
The one for XFree86LOADER defined does not call the setup functions every time,
while the one without XFree86Loader does. Working on fix.
Changed loader to call setup functions on each server reset; the only setup
functions (besides the SECURITY one), XvRegister and Xf86DGARegister, simply set
some global variables to static values so calling them multiple times should be
*** Bug 8827 has been marked as a duplicate of this bug. ***