ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 683016] Re: emacs23/rxvt/xawtv/vlc crash Xorg w/ proprietary NVIDIA driver

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Hergen Lehmann <683016@xxxxxxxxxxxxxxxxxx>
Date: Sat, 18 Dec 2010 11:21:02 -0000
Reply-to: Bug 683016 <683016@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Because this bug is extremly annoying, i looked a bit further into what is happening.
Running the X server in gdb gives the following details on the crash:

----------snip------
Program received signal SIGSEGV, Segmentation fault.
0x08096feb in doListFontsWithInfo (client=0x8ad5d58, c=0x8b28dc8)
    at ../../dix/dixfonts.c:920
920	../../dix/dixfonts.c: No such file or directory.
	in ../../dix/dixfonts.c
(gdb) bt
#0  0x08096feb in doListFontsWithInfo (client=0x8ad5d58, c=0x8b28dc8)
    at ../../dix/dixfonts.c:920
#1  0x08094200 in ProcessWorkQueue () at ../../dix/dixutils.c:527
#2  0x080a2766 in WaitForSomething (pClientsReady=0x8a401e0)
    at ../../os/WaitFor.c:169
#3  0x08080c4e in Dispatch () at ../../dix/dispatch.c:368
----------snip------

The blameworthy code in dixfonts.c looks like this:

    918     while (c->current.current_fpe < c->num_fpes)
    919     {
    920         fpe = c->fpe_list[c->current.current_fpe];
    921         err = Successful;

So lets take a look into the ominous "c":

----------snip------
(gdb) print *c
$1 = {client = 0x8b292c8, num_fpes = 145920400, fpe_list = 0x0, reply = 0x0, 
  length = 228, current = {
    pattern = "-sony-fixed-medium-r-normal--16-120-100-100-c-80-iso8859-1\262\b", '\000' <repeats 192 times>, "-\000\000", patlen = 58, current_fpe = 0, 
    max_names = 0, list_started = 1, private = 0x0}, saved = {
    pattern = "\b\b\b\b\t\t\t\t\n\n\n\n\v\v\v\v\f\f\f\f\r\r\r\r\r\r\r\r\016\016\016\016\017\017\017\017\017\017\017\017", '\020' <repeats 12 times>, '\021' <repeats 44 times>, '\020' <repeats 12 times>, "\017\017\017\017\017\017\017\017\016\016\016\016\r\r\r\r\r\r\r\r\f\f\f\f\v\v\v\v\n\n\n\n\t\t\t\t\b\b\b\b\a\a\a\a\006\006\006\006\005\005\005\005\004\004\004\004\003\003\003\003\001\001\001\001", '\000' <repeats 83 times>, patlen = 0, current_fpe = 0, max_names = 0, 
    list_started = 0, private = 0x0}, savedNumFonts = 0, haveSaved = 0, 
  savedName = 0x0}
----------snip------

Note, that c->fpe_list is NULL, while c->num_fpes contains an unreasonable value.
When printing this value in hex, it actually looks like a pointer instead of the
expected count.  I guess, the data structure has either been corrupted somewhere or
c points to something completely wrong.

At this point i must give up; i don't understand enough on the interna
of the x server.

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to nvidia-graphics-drivers in ubuntu.
https://bugs.launchpad.net/bugs/683016

Title:
  emacs23/rxvt/xawtv/vlc crash Xorg w/ proprietary NVIDIA driver

References

[Bug 683016] [NEW] emacs23/rxvt/xawtv/vlc crash Xorg w/ proprietary NVIDIA driver
From: Robert Fleming, 2010-11-30