ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 651294] Re: X crash on KDM logout (still - yes, really)

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Albert Damen <651294@xxxxxxxxxxxxxxxxxx>
Date: Tue, 19 Oct 2010 22:23:56 -0000
Reply-to: Bug 651294 <651294@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I have been trying to debug this and think I found the problem:
- The crash is caused when an already freed drawable is used (drawable contents are invalid)
- The crashing resource always has xid=0. If I prevent DrawableGone calls when xid=0, the crash does not happen. XID=0 seems strange, as the minimum xid should be SERVER_MINID (=32). Also, walking through clientTable[0]->resources[0] shows we have multiple resources with xid=0, which seems strange as well (i.e. calling FreeResource(0, x) may well remove the wrong resource).
- The resources with xid=0 are added via DoCreateGLXDrawable, where pDraw->id is used to add the resource. pDraw->id is 0 in these calls.
- The pDraw with xid=0 should be the X pixmap backing the GLX pixmap. This pixmap is created via ProcCompositeNameWindowPixmap. This function indeed creates pixmaps with drawable.id=0.

The glxdrawable should be registered with the glxdrawableid and the
drawableid of the backing X pixmap, as stated in the comment in
DoCreateGLXDrawable. In DoCreateGLXDrawable this would be easy, but
drawableGone does not get this pixmaps drawableid as parameter.
Therefore in my opinion this could only work if the pixmaps drawableid
is properly set, so I changed ProcCompositeNameWindowPixmap to set the
pixmaps drawableid to stuff->pixmap (like ProcCreatePixmap would do).
With that change I no longer get resources with xid=0 and KDM does not
crash anymore when I logout.

So far all seems to work fine, but I am not sure if setting the drawable
id like this is safe.

The attachment contains gdb traces with and without my change (X built
without optimization to get access to all symbols).

** Attachment added: "gdb traces"
   https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/651294/+attachment/1702203/+files/gdb651294.txt

-- 
X crash on KDM logout (still - yes, really)
https://bugs.launchpad.net/bugs/651294
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in ubuntu.

References

[Bug 651294] [NEW] X crash on KDM logout (still - yes, really)
From: Scott Kitterman, 2010-09-29