xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in xfig)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xorg-server (Ubuntu) |
Fix Released
|
High
|
Chris Halse Rogers | ||
Lucid |
Fix Released
|
High
|
Bryce Harrington | ||
Maverick |
Fix Released
|
High
|
Chris Halse Rogers |
Bug Description
[Impact]
xfig is no longer as widely used an application as it once was, but regular application usage should not crash X. It may be an indication of a problem that other legacy apps have beyond xfig.
[Development]
The fix has been committed to the main ubuntu-x git branch, which will be used once Maverick Meerkat is open for development, thus this fix will automatically copy over into it. The patch is also included in Debian and upstream so we will get it automatically next time we merge this package from Debian.
[Patch]
Patch is taken directly from Debian. This is an upstream patch.
http://
[Test Case]
1. Update Lucid to the latest version. Reboot and log into Gnome
2. Open xfig
3. Left click in drawing area once (to dismiss the xfig banner)
4. Press the 'c' key
5. Left click in the drawing area
6. Xserver instantly crashes (and is restarted by display manager). It should not crash at this point.
[Regression Potential]
Low. This is a pretty substantial patch at 887 lines, which addresses an issue in a lesser-used application, and so for those reasons I opted to wait on including it in the Lucid release itself, in the interest in seeing it get further testing time under its belt. Because Debian and X.org are including the patch, I am assuming it is safe and thus valid for consideration as a regular SRU. But because of the size of the patch, 'Low' is the best rating I can give it.
Specific things I am concerned about: This patch drops several exa functions; are those functions in use by anything (like proprietary drivers, games, or other apps?) This patch changes fallback behavior which I gather does not get exercised except in certain cases; is it certain that sufficient testing has been done for those cases?
I notice that part of the patch involves adding a number of null-ptr checks. If testing does reveal this patch causes a regression somewhere, a suggested Plan B would be to extract these checks and see if those alone are sufficient to solve this issue.
[Original Report]
Here is how to reliably and repeatably crash the X server.
1. Update Lucid to the latest version, as of 2009-04-01. Reboot and log into Gnome
2. Open xfig
3. Left click in drawing area once (to dismiss the xfig banner)
4. Press the 'c' key
5. Left click in the drawing area
6. Xserver instantly crashes (and is restarted by display manager).
This process is reliably repeatable, and I have done so several times to gather the ltrace and straces attached.
Some more details:
* 'c' starts the Circle tool. You can click the circle tool button instead, and have the same result.
* The ellipse tool has the same effect. However all other tools within xfig work just fine.
* xfig itself doesn't appear to be dying: it is managing to save a "SAVE.fig" file.
* How the %(&£"%$ is an application failure able to nuke the Xserver?
Backtrace:
0: /usr/bin/X (xorg_backtrace
1: /usr/bin/X (0x8048000+0x61c7d) [0x80a9c7d]
2: (vdso) (__kernel_
3: /usr/lib/
4: /usr/lib/
5: /usr/lib/
6: /usr/bin/X (miPolyArc+0x159a) [0x8199aca]
7: /usr/lib/
8: /usr/lib/
9: /usr/bin/X (0x8048000+0xd9655) [0x8121655]
10: /usr/bin/X (0x8048000+0x282f9) [0x80702f9]
11: /usr/bin/X (0x8048000+0x2a477) [0x8072477]
12: /usr/bin/X (0x8048000+0x1ed7a) [0x8066d7a]
13: /lib/tls/
14: /usr/bin/X (0x8048000+0x1e961) [0x8066961]
Segmentation fault at address (nil)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: xserver-xorg 1:7.5+3ubuntu1
ProcVersionSign
Uname: Linux 2.6.32-16-generic i686
Architecture: i386
Date: Thu Apr 1 23:14:41 2010
DkmsStatus: Error: [Errno 2] No such file or directory
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318)
MachineType: LENOVO 200793G
PccardctlIdent:
Socket 0:
no product info available
PccardctlStatus:
Socket 0:
3.3V 32-bit PC Card
ProcCmdLine: BOOT_IMAGE=
ProcEnviron:
PATH=(custom, user)
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: xorg
dmi.bios.date: 08/27/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 79ETE5WW (2.25 )
dmi.board.name: 200793G
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.
dmi.modalias: dmi:bvnLENOVO:
dmi.product.name: 200793G
dmi.product.
dmi.sys.vendor: LENOVO
system:
distro: Ubuntu
codename: lucid
architecture: i686
kernel: 2.6.32-16-generic
Related branches
tags: | added: crash |
Changed in xorg (Ubuntu): | |
status: | New → Confirmed |
affects: | xorg (Ubuntu) → xserver-xorg-input-evdev (Ubuntu) |
affects: | xserver-xorg-input-evdev (Ubuntu) → xorg-server (Ubuntu) |
summary: |
- xserver crash (repeatable, triggered by mouse-click) + xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in + xfig) |
description: | updated |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Changed in xorg-server (Ubuntu Maverick): | |
status: | Fix Committed → Fix Released |
Note: the Xorg log that apport has added is almost certainly irrelevant. Look at the one I manually attached.
Here is the output of:
strace xfig > xfig.strace 2>&1