ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 408016] Re: Xorg crashes when handed bad xrender glyph data

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Tel <lists@xxxxxxxxxxx>
Date: Mon, 24 Aug 2009 12:02:34 -0000
Reply-to: Bug 408016 <408016@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

For what it's worth, I found this wine bug:
    http://bugs.winehq.org/show_bug.cgi?id=17338

My wine application is giving very similar results, when I set:
   WINEDEBUG=+xrender,+synchronous

I get this bit of trace:


trace:xrender:LookupEntry found font in cache 0
trace:xrender:X11DRV_XRender_UpdateDrawable freeing pict = 1a008cc dc = 0x1d0
trace:xrender:X11DRV_XRender_SelectFont h=16 w=7 weight=400 it=0 charset=0 name=L"System"
trace:xrender:dec_ref_cache dec'ing entry 0 to 22
trace:xrender:LookupEntry 0
trace:xrender:LookupEntry found font in cache 0
trace:xrender:X11DRV_XRender_SelectFont h=16 w=7 weight=400 it=0 charset=0 name=L"System"
trace:xrender:dec_ref_cache dec'ing entry 0 to 22
trace:xrender:LookupEntry 0
trace:xrender:LookupEntry found font in cache 0
trace:xrender:X11DRV_XRender_SelectFont h=-11 w=65580 weight=100 it=64 charset=12 name=L"MS Sans Serif"
trace:xrender:dec_ref_cache dec'ing entry 0 to 22
trace:xrender:LookupEntry 0
trace:xrender:LookupEntry 4
trace:xrender:LookupEntry 1
trace:xrender:LookupEntry 9
trace:xrender:LookupEntry 3
trace:xrender:LookupEntry 2
trace:xrender:LookupEntry 5
trace:xrender:LookupEntry 8
trace:xrender:LookupEntry 6
trace:xrender:LookupEntry 7
trace:xrender:LookupEntry font not in cache
trace:xrender:AllocEntry freeing unused glyphset at cache 7
trace:xrender:X11DRV_XRender_ExtTextOut bitmap is not a DIB
trace:xrender:X11DRV_XRender_ExtTextOut bitmap is not a DIB
trace:xrender:X11DRV_XRender_ExtTextOut bitmap is not a DIB
trace:xrender:X11DRV_XRender_SelectFont h=-11 w=65580 weight=100 it=64 charset=12 name=L"MS Sans Serif"
trace:xrender:dec_ref_cache dec'ing entry 7 to 0
trace:xrender:LookupEntry 7
trace:xrender:LookupEntry found font in cache 7
trace:xrender:X11DRV_XRender_ExtTextOut bitmap is not a DIB
trace:xrender:X11DRV_XRender_ExtTextOut allocing pict = 1a008ce dc = 0x1d0 drawable = 01e00006
trace:xrender:UploadGlyph buflen = 1023100. Got metrics: 78700x13 adv=13160,0 origin=-1,11
*** buffer overflow detected ***

After that things go south very rapidly. Obviously width 65580 is
ridiculous, looks like a 16 bit signed/unsigned mismatch with a negative
number slipping through some calculation.

Based on the wine version, supposedly it is fixed in 1.1.21 so will try
the dist upgrade to Karmic... what's the worst that could happen?



** Bug watch added: Wine Bugzilla #17338
   http://bugs.winehq.org/show_bug.cgi?id=17338

-- 
Xorg crashes when handed bad xrender glyph data
https://bugs.launchpad.net/bugs/408016
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xserver-xorg-video-intel in ubuntu.