Ubuntu
libdmx package

DMXGetScreenAttributes() causes error: _XRead: Assertion `dpy->xcb->reply_consumed + size <= dpy->xcb->reply_length' failed.

Bug #281430 reported by cwant on 2008-10-10

Affects		Status	Importance	Assigned to	Milestone
	libdmx (Ubuntu)	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: libdmx1

Hi,

This is a bug in either libdmx1, libx11-6, or in libxcb1 (or in the upstream source).

When I run a program that callls DMXGetScreenAttributes(), it fails the assertion:

dmx_config: ../../src/xcb_io.c:453: _XRead: Assertion `dpy->xcb->reply_consumed + size <= dpy->xcb->reply_length' failed.

The program in particular if called 'dmx_config', and it comes from the OpenGL replacement software 'chromium' (http://chromium.sourceforge.net). The rather simple source file for this program, getconfig.c, is attached.

A back trace when running this code gives:

(gdb) bt
#0 0x00007f2b13348095 in raise () from /lib/libc.so.6
#1 0x00007f2b13349af0 in abort () from /lib/libc.so.6
#2 0x00007f2b133412df in __assert_fail () from /lib/libc.so.6
#3 0x00007f2b13e647fe in _XRead () from /usr/lib/libX11.so.6
#4 0x00007f2b13e64839 in _XReadPad () from /usr/lib/libX11.so.6
#5 0x00007f2b14333793 in DMXGetScreenAttributes (dpy=0x602010,
physical_screen=0, attr=0x7fff1c750a10) at ../../src/dmx.c:253
#6 0x0000000000400b7b in main ()

Digging deeper, there seems to be a problem with the way the displayName and it's length are handled in DMXGetScreenAttributes() (or in some function called from there). If I change the following line in DMXGetScreenAttributes() (in src/dmx.c in source package libdmx1):

_XReadPad(dpy, attr->displayName, rep.displayNameLength);

_XReadPad(dpy, attr->displayName, ((rep.displayNameLength-1)/4)*4);

the call is successful, but the display name is truncated so that it's length is divisible by 4. As an example, if the name of the display is "localhost:1", then the revised call to _XReadPad() gives a name of "localhos". Supplying any length longer than ((rep.displayNameLength-1)/4)*4 to _XReadPad() will trigger the assertion.

With this revision above, the output from dmx_config is:

[0
{ 'display': 'localhos', 'width': 2560, 'height': 1600, 'xoff': 0, 'yoff': 0, 'screen': 0, 'xorigin': 0, 'yorigin': 0 },]

One other way to suppress the failed assertion is to modify the line:

if (!_XReply(dpy, (xReply *)&rep,
(SIZEOF(xDMXGetScreenAttributesReply) - 32) >> 2, xFalse)) {

if (!_XReply(dpy, (xReply *)&rep, 0, xFalse)) {

In this case, although the program dmx_config runs, it's output is random, and the display name is empty. For example, the output on one run is:

[0
{ 'display': '', 'width': 2560, 'height': 1600, 'xoff': 0, 'yoff': 0, 'screen': 0, 'xorigin': 26240, 'yorigin': 1593 },]

On another run it is:

[0
{ 'display': '', 'width': 2560, 'height': 1600, 'xoff': 0, 'yoff': 0, 'screen': 0, 'xorigin': 23776, 'yorigin': -8477 },]

Snooping around in xcb_io.c where the assertion fails (from source package libx11-6), with the display name "localhost:1", we have the following state before the assertion fails:

dpy->xcb->reply_consumed = 36
size = 11
dpy->xcb->reply_length = 44

And indeed this does not pass the assertion.

Any assistance with this would be appreciated!

Regards,
Chris

Revision history for this message

cwant (cwant) wrote on 2008-10-10:

getconfig.c, the source file for 'dmx_config.c' from http://chromium.sourceforge.net Edit (1.8 KiB, text/plain)

Revision history for this message

Bryce Harrington (bryce) wrote on 2008-10-24:

Hi cwant,

Thanks for including the attached files. Could you also include your /var/log/Xorg.0.log?

Changed in libdmx:
status:	New → Incomplete

Revision history for this message

Bryce Harrington (bryce) wrote on 2008-10-31:

We're closing this bug since it is has been some time with no response from the original reporter. However, if the issue still exists please feel free to reopen with the requested information. Also, if you could, please test against the latest development version of Ubuntu, since this confirms the bug is one we may be able to pass upstream for help.

Changed in libdmx:
status:	Incomplete → Invalid

Revision history for this message

Pierre (pmoinier) wrote on 2009-01-22:

Xorg.0.log Edit (28.1 KiB, text/plain)

Hi!

I would like to reopen this bug, as I am experiencing exactly the same problem. I am attaching my /var/log/Xorg.0.log as it was requested by Bryce.

I hope to hear from someone soon...

Best regards,

-Pierre.

Revision history for this message

Orion Lawlor (olawlor) wrote on 2009-02-04:

I too am experiencing this problem after upgrading to Ubuntu 8.04--all libdmx client applications die, including Chromium, Blockbuster, and my own programs.

One workaround for this problem is to use the /usr/lib/libX11.so.6 library from Ubuntu 6.06 or 7.10, because this problem only seems to affect that library in 8.04 and 8.10:

olawlor@powerwall0:~/dev/api/xdmx/old_libs$ ln -fs 8.10/lib/libX11.so.6 . && ./test
DMX: 10 screens
test: ../../src/xcb_io.c:462: _XRead: Assertion `dpy->xcb->reply_consumed + size <= dpy->xcb->reply_length' failed.
Aborted

olawlor@powerwall0:~/dev/api/xdmx/old_libs$ ln -fs 8.04/lib/libX11.so.6 . && ./test
DMX: 10 screens
test: ../../src/xcb_io.c:453: _XRead: Assertion `dpy->xcb->reply_consumed + size <= dpy->xcb->reply_length' failed.
Aborted

olawlor@powerwall0:~/dev/api/xdmx/old_libs$ ln -fs 7.10/lib/libX11.so.6 . && ./test
DMX: 10 screens
DMX screen 0:
display: powerwall0:0 (logical 0)
screen: 1680x2100 at 0,0
root: 1680x2100 at 0,0 (global 0,0)
DMX screen 1:
... and so on, working perfectly fine ...

Here's how I fetched the working Ubuntu 7.10 /usr/lib/libX11.so.6 library for i386:

wget http://mirrors.kernel.org/ubuntu/pool/main/libx/libx11/libx11-6_1.1.1-1ubuntu4_i386.deb
ar x libx11-6_1.1.1-1ubuntu4_i386.deb
tar xzvf data.tar.gz
ln -s usr/lib/libX11.so.6 .

The same working 7.10 library for other platforms can be downloaded here:
http://packages.ubuntu.com/gutsy/libx11-6