ubuntu-x-swat team mailing list archive
-
ubuntu-x-swat team
-
Mailing list archive
-
Message #66225
[Bug 553647] Re: xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in xfig)
** Description changed:
[Impact]
xfig is no longer as widely used an application as it once was, but regular application usage should not crash X. It may be an indication of a problem that other legacy apps have beyond xfig.
[Development]
The fix has been committed to the main ubuntu-x git branch, which will be used once Maverick Meerkat is open for development, thus this fix will automatically copy over into it. The patch is also included in Debian and upstream so we will get it automatically next time we merge this package from Debian.
[Patch]
Patch is taken directly from Debian. This is an upstream patch.
http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=94ccaae1ff45c11453141469f5659b6d2a16c4bf
[Test Case]
1. Update Lucid to the latest version. Reboot and log into Gnome
2. Open xfig
3. Left click in drawing area once (to dismiss the xfig banner)
4. Press the 'c' key
5. Left click in the drawing area
6. Xserver instantly crashes (and is restarted by display manager). It should not crash at this point.
-
[Regression Potential]
- This is a pretty substantial patch at 887 lines, which addresses an issue in a lesser-used application, and so for those reasons I opted to wait on including it in the Lucid release itself, in the interest in seeing it get further testing time under its belt. Because Debian and X.org are including the patch, I am assuming it is safe and thus valid for consideration as a regular SRU.
+ Low. This is a pretty substantial patch at 887 lines, which addresses an issue in a lesser-used application, and so for those reasons I opted to wait on including it in the Lucid release itself, in the interest in seeing it get further testing time under its belt. Because Debian and X.org are including the patch, I am assuming it is safe and thus valid for consideration as a regular SRU. But because of the size of the patch, 'Low' is the best rating I can give it.
Specific things I am concerned about: This patch drops several exa
functions; are those functions in use by anything (like proprietary
drivers, games, or other apps?) This patch changes fallback behavior
which I gather does not get exercised except in certain cases; is it
certain that sufficient testing has been done for those cases?
I notice that part of the patch involves adding a number of null-ptr
checks. If testing does reveal this patch causes a regression
somewhere, a suggested Plan B would be to extract these checks and see
if those alone are sufficient to solve this issue.
[Original Report]
Here is how to reliably and repeatably crash the X server.
1. Update Lucid to the latest version, as of 2009-04-01. Reboot and log
into Gnome
2. Open xfig
3. Left click in drawing area once (to dismiss the xfig banner)
4. Press the 'c' key
5. Left click in the drawing area
6. Xserver instantly crashes (and is restarted by display manager).
This process is reliably repeatable, and I have done so several times to
gather the ltrace and straces attached.
Some more details:
* 'c' starts the Circle tool. You can click the circle tool button instead, and have the same result.
* The ellipse tool has the same effect. However all other tools within xfig work just fine.
* xfig itself doesn't appear to be dying: it is managing to save a "SAVE.fig" file.
* How the %(&£"%$ is an application failure able to nuke the Xserver?
Backtrace:
0: /usr/bin/X (xorg_backtrace+0x3b) [0x80e937b]
1: /usr/bin/X (0x8048000+0x61c7d) [0x80a9c7d]
2: (vdso) (__kernel_rt_sigreturn+0x0) [0x57e410]
3: /usr/lib/xorg/modules/libfb.so (fbPushFill+0xf9) [0x20b459]
4: /usr/lib/xorg/modules/libfb.so (fbPushImage+0xf2) [0x20b622]
5: /usr/lib/xorg/modules/libfb.so (fbPushPixels+0x78) [0x20b6b8]
6: /usr/bin/X (miPolyArc+0x159a) [0x8199aca]
7: /usr/lib/xorg/modules/libfb.so (fbPolyArc+0x8a) [0x1f90aa]
8: /usr/lib/xorg/modules/libexa.so (0x384000+0xf2dd) [0x3932dd]
9: /usr/bin/X (0x8048000+0xd9655) [0x8121655]
10: /usr/bin/X (0x8048000+0x282f9) [0x80702f9]
11: /usr/bin/X (0x8048000+0x2a477) [0x8072477]
12: /usr/bin/X (0x8048000+0x1ed7a) [0x8066d7a]
13: /lib/tls/i686/cmov/libc.so.6 (__libc_start_main+0xe6) [0x240bd6]
14: /usr/bin/X (0x8048000+0x1e961) [0x8066961]
Segmentation fault at address (nil)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: xserver-xorg 1:7.5+3ubuntu1
ProcVersionSignature: Ubuntu 2.6.32-16.25-generic
Uname: Linux 2.6.32-16-generic i686
Architecture: i386
Date: Thu Apr 1 23:14:41 2010
DkmsStatus: Error: [Errno 2] No such file or directory
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318)
MachineType: LENOVO 200793G
PccardctlIdent:
Socket 0:
no product info available
PccardctlStatus:
Socket 0:
3.3V 32-bit PC Card
ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-16-generic root=UUID=5dee2242-a2c7-4f67-9ad6-4265f1d22e12 ro quiet splash
ProcEnviron:
PATH=(custom, user)
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: xorg
dmi.bios.date: 08/27/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 79ETE5WW (2.25 )
dmi.board.name: 200793G
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr79ETE5WW(2.25):bd08/27/2009:svnLENOVO:pn200793G:pvrThinkPadT60p:rvnLENOVO:rn200793G:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 200793G
dmi.product.version: ThinkPad T60p
dmi.sys.vendor: LENOVO
system:
distro: Ubuntu
codename: lucid
architecture: i686
kernel: 2.6.32-16-generic
--
xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in xfig)
https://bugs.launchpad.net/bugs/553647
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in ubuntu.
References
