(this is just a copy of https://bugs.archlinux.org/task/43937 ) Description: I'm taking an online AI class where the first project was to modify a python pacman game. The game would crash the xserver whenever it tried to draw pacman facing up or down. Multiple Arch users reported this bug as well across multiple desktop environments and at least xf86-video-intel (HD4000) and xf86-videeo-nouveau (GeForce 6100). Python was using the Tk interface. This Tk script will cause the crash. (Run with "wish <file name>". It will work as expected with -start 10 or -start 190 but will crash with -start 100 or -start 280. I was able to run an XCB program that drew arcs that open up and down as expected, but I don't know if that means anything.. #!/usr/bin/wish canvas .myCanvas -background red -width 100 -height 100 pack .myCanvas .myCanvas create arc 10 10 80 80 -fill yellow -start 100 -extent 340 ----- Xorg crash log ----- (EE) [mi] EQ overflow continuing. 1000 events have been dropped. (EE) [mi] No further overflow reports will be reported until the clog is cleared. (EE) (EE) Backtrace: (EE) 0: /usr/lib/xorg-server/Xorg (QueuePointerEvents+0x52) [0x450382] (EE) 1: /usr/lib/xorg/modules/input/evdev_drv.so (_init+0x2ef7) [0x7f9b2be02977] (EE) 2: /usr/lib/xorg/modules/input/evdev_drv.so (_init+0x363d) [0x7f9b2be03c3d] (EE) 3: /usr/lib/xorg-server/Xorg (DPMSSupported+0xe8) [0x476c98] (EE) 4: /usr/lib/xorg-server/Xorg (xf86SerialModemClearBits+0x277) [0x4a05a7] (EE) 5: /usr/lib/libc.so.6 (__restore_rt+0x0) [0x7f9b33b6453f] (EE) 6: /usr/lib/libpthread.so.0 (__pthread_once_slow+0xc2) [0x7f9b33921e82] (EE) 7: /usr/lib/libc.so.6 (backtrace+0x9c) [0x7f9b33c2636c] (EE) 8: /usr/lib/libc.so.6 (backtrace_and_maps+0x2e) [0x7f9b33b50b25] (EE) 9: /usr/lib/libc.so.6 (__libc_message+0x2ce) [0x7f9b33ba298e] (EE) 10: /usr/lib/libc.so.6 (malloc_printerr+0x9e) [0x7f9b33ba7dee] (EE) 11: /usr/lib/libc.so.6 (_int_malloc+0x3af) [0x7f9b33ba964f] (EE) 12: /usr/lib/libc.so.6 (__libc_malloc+0x6e) [0x7f9b33bab81e] (EE) 13: /lib64/ld-linux-x86-64.so.2 (_dl_scope_free+0x8c) [0x7f9b35a4185c] (EE) 13: /lib64/ld-linux-x86-64.so.2 (_dl_scope_free+0x8c) [0x7f9b35a4185c] (EE) 14: /lib64/ld-linux-x86-64.so.2 (_dl_map_object_deps+0xc8f) [0x7f9b35a3c7ef] (EE) 15: /lib64/ld-linux-x86-64.so.2 (dl_open_worker+0xff) [0x7f9b35a424cf] (EE) 16: /lib64/ld-linux-x86-64.so.2 (_dl_catch_error+0x74) [0x7f9b35a3e0a4] (EE) 17: /lib64/ld-linux-x86-64.so.2 (_dl_open+0xc3) [0x7f9b35a41e53] (EE) 18: /usr/lib/libc.so.6 (do_dlopen+0x3d) [0x7f9b33c4e1fd] (EE) 19: /lib64/ld-linux-x86-64.so.2 (_dl_catch_error+0x74) [0x7f9b35a3e0a4] (EE) 20: /usr/lib/libc.so.6 (dlerror_run+0x2f) [0x7f9b33c4e28f] (EE) 21: /usr/lib/libc.so.6 (__libc_dlopen_mode+0x31) [0x7f9b33c4e301] (EE) 22: /usr/lib/libc.so.6 (init+0x15) [0x7f9b33c26255] (EE) 23: /usr/lib/libpthread.so.0 (__pthread_once_slow+0x7b) [0x7f9b33921e3b] (EE) 24: /usr/lib/libc.so.6 (backtrace+0x9c) [0x7f9b33c2636c] (EE) 25: /usr/lib/libc.so.6 (backtrace_and_maps+0x2e) [0x7f9b33b50b25] (EE) 26: /usr/lib/libc.so.6 (__libc_message+0x2ce) [0x7f9b33ba298e] (EE) 27: /usr/lib/libc.so.6 (malloc_printerr+0x9e) [0x7f9b33ba7dee] (EE) 28: /usr/lib/libc.so.6 (_int_free+0x12b) [0x7f9b33ba85cb] (EE) 29: /usr/lib/xorg-server/Xorg (miPolyFillArc+0x320) [0x574dc0] (EE) 30: /usr/lib/xorg/modules/drivers/intel_drv.so (_init+0x3a2f4) [0x7f9b2e77a374] (EE) 31: /usr/lib/xorg-server/Xorg (DamageRegionAppend+0x1597) [0x51ba57] (EE) 32: /usr/lib/xorg-server/Xorg (SendGraphicsExpose+0xd64) [0x436114] (EE) 33: /usr/lib/xorg-server/Xorg (SendErrorToClient+0x2f7) [0x438a97] (EE) 34: /usr/lib/xorg-server/Xorg (remove_fs_handlers+0x41b) [0x43cbcb] (EE) 35: /usr/lib/libc.so.6 (__libc_start_main+0xf0) [0x7f9b33b51800] (EE) 36: /usr/lib/xorg-server/Xorg (_start+0x29) [0x427039] (EE) 37: ? (?+0x29) [0x29] (EE)
It's a bug in miPolyFillArc. It is also hit by xts.
This patch fixes it for me. http://marc.info/?l=freedesktop-xorg-devel&m=142850468414906&w=3
datura:~/git/xserver% git describe --contains 41932dfbc841a1adc6512d41085ea3f8ebecb42c xorg-server-1.17.99.901~152 datura:~/git/xserver% git show 41932dfbc841a1adc6512d41085ea3f8ebecb42c commit 41932dfbc841a1adc6512d41085ea3f8ebecb42c Author: Keith Packard <keithp@keithp.com> Date: Wed Apr 8 07:45:28 2015 -0700 mi: Partial pie-slice filled arcs may need more space for spans The mi filled arc code estimates that a filled arc will produce no more spans than the arc is tall. This is true for most arcs except for pie-slice arcs strictly between 180 and 360 degrees where the missing portion of the arc faces up or down such that we get two spans on some scanlines. For those, we need to reserve room for another height/2 spans. This patch just does it for all partial pie-sliced arcs to make the test easier to understand; it's just over-allocating a bit of memory, so that's safe. Signed-off-by: Keith Packard <keithp@keithp.com> Reviewed-by: Adam Jackson <ajax@redhat.com> diff --git a/mi/mifillarc.c b/mi/mifillarc.c index 246d70ff4c..888519edfa 100644 --- a/mi/mifillarc.c +++ b/mi/mifillarc.c @@ -660,6 +660,11 @@ miPolyFillArc(DrawablePtr pDraw, GCPtr pGC, int narcs_all, xArc * parcs) if (narcs && nspans + arc->height > MAX_SPANS_PER_LOOP) break; nspans += arc->height; + + /* A pie-slice arc may add another pile of spans */ + if (pGC->arcMode == ArcPieSlice && + (-FULLCIRCLE < arc->angle2 && arc->angle2 < FULLCIRCLE)) + nspans += (arc->height + 1) >> 1; } pts = points = malloc (sizeof (DDXPointRec) * nspans +
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.