Bug 93045 - Xwayland: memory corruption with multiple outputs
Summary: Xwayland: memory corruption with multiple outputs
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-20 15:50 UTC by Olivier Fourdan
Modified: 2015-12-01 08:09 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
valgrind log (10.24 KB, text/plain)
2015-11-20 15:50 UTC, Olivier Fourdan 		no flags Details
View All

Description Olivier Fourdan 2015-11-20 15:50:03 UTC 
Created attachment 119988 [details]
valgrind log

Xwayland crashes on exit when using mutliple outputs.

Reproducing steps as follow:

1. Run nested weston with "weston --output-count=2"
2. from your favorite Wayland terminaly, run at least one X11 client:

   $ xdpyinfo

3. close both wayland outputs


Actual result:

Xwayland will crash with a backtrace similar to this:

*** Error in `/home/ofourdan/local/bin/Xwayland': free(): invalid pointer: 0x0000000001117af0 ***
(EE) 
(EE) Backtrace:
(EE) 0: /home/ofourdan/local/bin/Xwayland (OsSigHandler+0x29) [0x471769]
(EE) 1: /lib64/libpthread.so.0 (__restore_rt+0x0) [0x7f34b00f19ef]
(EE) 2: /lib64/ld-linux-x86-64.so.2 (dl_open_worker+0x268) [0x7f34b4cc5018]
(EE) 3: /lib64/ld-linux-x86-64.so.2 (_dl_catch_error+0x74) [0x7f34b4cc0644]
(EE) 4: /lib64/ld-linux-x86-64.so.2 (_dl_open+0xc3) [0x7f34b4cc4703]
(EE) 5: /lib64/libc.so.6 (do_dlopen+0x3d) [0x7f34af95816d]
(EE) 6: /lib64/ld-linux-x86-64.so.2 (_dl_catch_error+0x74) [0x7f34b4cc0644]
(EE) 7: /lib64/libc.so.6 (__libc_dlopen_mode+0x54) [0x7f34af958224]
(EE) 8: /lib64/libc.so.6 (init+0x15) [0x7f34af92af25]
(EE) 9: /lib64/libpthread.so.0 (__pthread_once_slow+0xa9) [0x7f34b00ef0e9]
(EE) 10: /lib64/libc.so.6 (backtrace+0x9c) [0x7f34af92b03c]
(EE) 11: /lib64/libc.so.6 (backtrace_and_maps+0x2f) [0x7f34af8398a5]
(EE) 12: /lib64/libc.so.6 (__libc_message+0x2d5) [0x7f34af891e15]
(EE) 13: /lib64/libc.so.6 (_int_free+0x57a) [0x7f34af89a4fa]
(EE) 14: /lib64/libc.so.6 (cfree+0x4c) [0x7f34af89dcac]
(EE) 15: /home/ofourdan/local/bin/Xwayland (FreeClientResources+0x97) [0x45d067]
(EE) 16: /home/ofourdan/local/bin/Xwayland (FreeAllResources+0x47) [0x45d117]
(EE) 17: /home/ofourdan/local/bin/Xwayland (dix_main+0x3e6) [0x43c126]
(EE) 18: /lib64/libc.so.6 (__libc_start_main+0xf0) [0x7f34af83a580]
(EE) 19: /home/ofourdan/local/bin/Xwayland (_start+0x29) [0x422a49]

The actual backtrace may vary, but always start in FreeAllResources() called from dix_main() even before xwl_close_screen() got a chance to be called.

Attaching a valgrind log as an example.
Comment 1 Olivier Fourdan 2015-11-23 09:59:21 UTC 
Patch sent to xorg-devel list
Comment 2 Olivier Fourdan 2015-12-01 08:09:55 UTC 
Fix has been merged.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.