[SRU] Large non-antialiased text causes xserver to abort
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xf86-video-intel |
Fix Released
|
High
|
|||
xserver-xorg-video-intel (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Maverick |
Fix Released
|
High
|
Unassigned | ||
Natty |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
On certain affected hardware, results in X server crash when looking at certain kinds of large images.
[Development Solution]
Upstream fixed this bug in the 2.13.x version of -intel that we are shipping in natty.
[Stable Solution]
The attached patch is a cherrypick from the upstream tree that applies to the 2.12.x version of -intel in maverick. This patch is also the listed solution on the upstream bug report.
[Test Case]
On affected hardware, disable font antialiasing and load http://
This will cause a segfault of the X server.
The fix will prevent this segfault from occuring, and instead firefox will display the words "GOODBYE WORLD!"
[Regression Potential]
Essentially none. This changes what happens when the uxa_pixmap_
That said, there are two subsequent commits on top of this one (which is why the patch in the description of this bug is different than that proposed). Near as I can tell these address other unrelated issues and so I'm omitting them for now. It is conceivable though that this patch provides an incomplete solution and those other patches should be backported too. But one step at a time; if this patch alone is sufficient to solve the issue it is the least risk way to go.
[Original Report]
Problem:
If I disable font antialiasing and attempt to access
http://
Note: text does not need to be very large. For example http://
Description: Ubuntu 10.10
Release: 10.10
xserver-
Installed: 2:2.12.0-1ubuntu5.1
Candidate: 2:2.12.0-1ubuntu5.1
Version table:
*** 2:2.12.0-1ubuntu5.1 0
500 http://
100 /var/lib/
2:
500 http://
Backtrace:
#0 0x00681416 in __kernel_vsyscall ()
No symbol table info available.
#1 0x00298941 in raise (sig=6) at ../nptl/
resultvar = <value optimised out>
pid = 3960820
selftid = 1949
#2 0x0029be42 in abort () at abort.c:92
act = {__sigaction_
0}}, sa_flags = 0, sa_restorer = 0x4}
sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0x002918e8 in __assert_fail (
assertion=
file=0x200080 "../../
function=
buf = 0xbd26c38 "X: ../../uxa/
#4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58,
pDst=0xbb366a8, maskFormat=
list=
src_pixmap = 0xbd26440
src_x = 0
glyph = 0xbb34bb8
src_y = 0
priv = 0xbd26440
screen = 0x9c01750
mask = 0xbd26a48
y = 52
pixmap = 0xbd26938
width = <value optimised out>
dst_off_x = 6
dst_off_y = 25
box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93}
glyph_atlas = <value optimised out>
x = 2
height = <value optimised out>
error = 0
#5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8,
maskFormat=
glyphs=
screen = 0x9c01750
uxa_screen = <value optimised out>
xDst = 2
yDst = 198338872
extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
width = 0
height = 0
ret = <value optimised out>
localDst = 0x8
#6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8,
maskFormat=
ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170)
at ../../.
pScreen = <value optimised out>
#7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58,
pDst=0xbb366a8, maskFormat=
ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170)
at ../../render/
No locals.
#8 0x0811c463 in ProcRenderCompo
at ../../render/
glyphSet = 0xb72e468
pSrc = 0xbb11b58
pDst = 0xbb366a8
pFormat = 0xb2bb7f0
listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006',
format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000',
format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064,
len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0,
len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079,
len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511,
len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0,
len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0,
len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055,
len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080,
len = 184 '\270', format = 0x8104a2e}}
lists = 0xbf81457c
listsBase = 0xbf814570
glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088,
glyph = <value optimised out>
glyphs = 0xbf814188
glyphsBase = 0xbf814170
buffer = <value optimised out>
end = 0xba105b0 "\225\021\003"
nglyph = -1082048120
nlist = 1
space = <value optimised out>
size = <value optimised out>
rc = <value optimised out>
#9 0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/
No locals.
#10 0x0806e087 in Dispatch () at ../../dix/
result = <value optimised out>
client = 0xb62e338
nready = 0
start_tick = 260
#11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20)
at ../../dix/
i = 1
Tracked bug down to uxa/uxa-glyphs.c in the xserver-
--- a/uxa/uxa-glyphs.c 2010-06-24 21:29:37.000000000 +0100
+++ b/uxa/uxa-glyphs.c 2010-12-31 19:51:49.000000000 +0000
@@ -164,8 +164,12 @@
if (!pixmap)
goto bail;
- assert (uxa_pixmap_
-
+ if (!uxa_pixmap_
+ /* Presume shadow is in-effect */
+ pScreen-
+ uxa_unrealize_
+ return TRUE;
+ }
component_alpha = NeedsComponent(
picture = CreatePicture(0, &pixmap->drawable, pPictFormat,
CPCompone
@@ -780,9 +784,8 @@
mask_pixmap =
uxa_
- assert (uxa_pixmap_
-
- if (!uxa_screen-
+ if (!uxa_pixmap_
+ !uxa_screen-
return -1;
@@ -983,9 +986,8 @@
src_pixmap =
uxa_
- assert (uxa_pixmap_
-
- if (!uxa_screen-
+ if (!uxa_pixmap_
+ !uxa_screen-
return -1;
---
Architecture: i386
CurrentDmesg: [ 36.408005] eth0: no IPv6 routers present
DRM.card0.
status: disconnected
enabled: disabled
dpms: Off
modes:
edid-base64:
DRM.card0.
status: disconnected
enabled: disabled
dpms: Off
modes:
edid-base64:
DRM.card0.
status: disconnected
enabled: disabled
dpms: Off
modes:
edid-base64:
DRM.card0.
status: disconnected
enabled: disabled
dpms: Off
modes:
edid-base64:
DRM.card0.VGA.1:
status: connected
enabled: enabled
dpms: On
modes: 1280x1024 1280x1024 1280x960 1152x864 1024x768 1024x768 1024x768 832x624 800x600 800x600 800x600 800x600 640x480 640x480 640x480 640x480 720x400
edid-base64: AP/////
DistroRelease: Ubuntu 10.10
DkmsStatus:
virtualbox-ose, 3.2.8, 2.6.35-24-generic, i686: installed
virtualbox-ose, 3.2.8, 2.6.35-23-generic, i686: installed
virtualbox-ose, 3.2.8, 2.6.32-26-generic, i686: installed
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
MachineType: System manufacturer System Product Name
Package: xserver-
PackageArchitec
ProcCmdLine: BOOT_IMAGE=
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcVersionSign
Tags: maverick maverick maverick maverick maverick maverick
Uname: Linux 2.6.35-24-generic i686
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare video
dmi.bios.date: 09/04/2008
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 0204
dmi.board.
dmi.board.name: V-P5G45
dmi.board.vendor: ASUSTeK Computer INC.
dmi.board.version: Rev 1.xx
dmi.chassis.
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.
dmi.modalias: dmi:bvnAmerican
dmi.product.name: System Product Name
dmi.product.
dmi.sys.vendor: System manufacturer
system:
distro: Ubuntu
codename: maverick
architecture: i686
kernel: 2.6.35-24-generic
Related branches
tags: | added: maverick |
Changed in xserver-xorg-video-intel: | |
status: | Unknown → Fix Released |
Changed in xserver-xorg-video-intel: | |
importance: | Unknown → High |
tags: |
added: verification-done removed: verification-needed |
Couple of things I forgot to say:
* The bug affects my intel 4500hd card on my desktop machine and my i915 in my eeepc 700. I'd assume it affects every intel card considering the bug is in the uxa code.
* I disabled antialiasing in /etc/fonts/ conf.d/ 10-antialias. conf