phosphor crashed with SIGSEGV in fileno_unlocked()

Bug #357556 reported by Timothy Pearson on 2009-04-08
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xscreensaver (Debian)
Fix Released
Unknown
xscreensaver (Fedora)
Fix Released
Medium
xscreensaver (Ubuntu)
Medium
Unassigned
Nominated for Jaunty by Timothy Pearson
Nominated for Karmic by Timothy Pearson

Bug Description

Binary package hint: xscreensaver

This happens with all the computers that I have, both under Intrepid and under Jaunty. The symptom is that after the screensaver has been running for a short time (between 30 seconds and half an hour), the screen will go black and no longer run the screensaver. Unlocking the screen and re-locking the screen (to restart the screensaver) causes the screensaver to display normally for the same period of time, and then once again crash and go back to a black screen.

A minimal patch has been created to fix the problem. Since this bug makes the Phosphor screensaver unusable as-is, and this is not a core component, I am requesting a stable version update for this package.

The worst case scenario is that this patch causes a regression in Phosphor, which does not work as is, so the risk is minimal.

Created attachment 329709
proposed fix

Description of problem:

When (without -pipe) the child exits, state->pipe is cleared but state->pid is not. Later on, state->pid is used to determine whether to send a message to the child (via state->pipe) it tests only the value of state->pid.

This can be forced by running with -window and resizing the window between child runs (which attempts to ioctl TIOCWINSZ on the pipe).

Version-Release number of selected component (if applicable):

xscreensaver-extras-5.08-1.fc9.x86_64

How reproducible:

The resize case, very. I think there's another semi-random crash case too though.

Steps to Reproduce:
1. Run phosphor with -window
2. Resize window
3.

Actual results:

SEGV

Expected results:

No SEGV

Additional info:

Attached patch does two things: clear state->pid once we know the child has exited, and check state->pipe before attempting to dereference it.

Well, I can reproduce what you see and your proposal patch
seems reasonable. I will release the modified xscreensaver,
thanks.

xscreensaver-5.08-5.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.

xscreensaver-5.08-5.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.

Timothy Pearson (kb9vqf) wrote :

StacktraceTop:*__GI_fileno (fp=0x0) at fileno.c:37
phosphor_reshape (dpy=0x8449128, window=92274705,
main (argc=) at screenhack.c:442

Changed in xscreensaver (Ubuntu):
importance: Undecided → Medium
tags: removed: need-i386-retrace
Timothy Pearson (kb9vqf) wrote :

Still occurs as of 4/11/2009 on all my computers...

Possibly related to these bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=481146
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505379

Timothy Pearson (kb9vqf) wrote :

GDB results:

Program received signal SIGSEGV, Segmentation fault.
*__GI_fileno (fp=0x0) at fileno.c:37
37 fileno.c: No such file or directory.
        in fileno.c
(gdb)

Timothy Pearson (kb9vqf) on 2009-04-12
visibility: private → public
Timothy Pearson (kb9vqf) wrote :

Seems to be generally unstable; here's another backtrace:

Program received signal SIGSTOP, Stopped (signal).
0xb7ff8430 in __kernel_vsyscall ()
(gdb) backtrace
#0 0xb7ff8430 in __kernel_vsyscall ()
#1 0xb7d9d1fc in __libc_writev (fd=3, vector=0xbfb138e0, count=3) at ../sysdeps/unix/sysv/linux/writev.c:46
#2 0xb7ca9dbc in ?? () from /usr/lib/libxcb.so.1
#3 0xb7caa30e in ?? () from /usr/lib/libxcb.so.1
#4 0xb7caa6b7 in xcb_writev () from /usr/lib/libxcb.so.1
#5 0xb7eb6afa in _XSend (dpy=0x9f3f128, data=0x0, size=0) at ../../src/xcb_io.c:332
#6 0xb7eb6c23 in _XReply (dpy=0x9f3f128, rep=0xbfb13970, extra=0, discard=1) at ../../src/xcb_io.c:450
#7 0xb7eaa507 in XSync (dpy=0x9f3f128, discard=0) at ../../src/Sync.c:48
#8 0x0804d87b in ?? ()
#9 0xb7cd7775 in __libc_start_main (main=0x804d180 <XPending@plt+12852>, argc=8, ubp_av=0xbfb13d04, init=0x8051fe0 <XPending@plt+32916>,
    fini=0x8051fd0 <XPending@plt+32900>, rtld_fini=0xb8007870 <_dl_fini>, stack_end=0xbfb13cfc) at libc-start.c:220
#10 0x08049f81 in ?? ()

Timothy Pearson (kb9vqf) wrote :

Two more backtraces:

Backtrace 1 (Jaunty):
Program received signal SIGSEGV, Segmentation fault.
*__GI_fileno (fp=0x0) at fileno.c:37
37 fileno.c: No such file or directory.
        in fileno.c
(gdb) backtrace
#0 *__GI_fileno (fp=0x0) at fileno.c:37
#1 0x0804a6a4 in ?? ()
#2 0x0804dd6e in ?? ()
#3 0xb7d00775 in __libc_start_main (main=0x804d180 <XPending@plt+12852>, argc=8, ubp_av=0xbfc3d634, init=0x8051fe0 <XPending@plt+32916>,
    fini=0x8051fd0 <XPending@plt+32900>, rtld_fini=0xb8030870 <_dl_fini>, stack_end=0xbfc3d62c) at libc-start.c:220
#4 0x08049f81 in ?? ()
(gdb)

Backtrace 2 (Intrepid):
Program received signal SIGSEGV, Segmentation fault.
0x00007fa263317140 in fileno_unlocked () from /lib/libc.so.6
(gdb) backtrace
#0 0x00007fa263317140 in fileno_unlocked () from /lib/libc.so.6
#1 0x000000000040327a in ?? ()
#2 0x0000000000406532 in ?? ()
#3 0x00007fa2632c3466 in __libc_start_main () from /lib/libc.so.6
#4 0x0000000000402b39 in ?? ()
#5 0x00007fff6ca77398 in ?? ()
#6 0x000000000000001c in ?? ()
#7 0x0000000000000008 in ?? ()
#8 0x00007fff6ca78b9c in ?? ()
#9 0x0000000000000000 in ?? ()
(gdb)

Changed in xscreensaver (Ubuntu):
status: New → Confirmed
Changed in xscreensaver (Debian):
status: Unknown → New
Changed in xscreensaver (Fedora):
status: Unknown → Fix Released
Changed in xscreensaver (Debian):
status: New → Confirmed
Timothy Pearson (kb9vqf) wrote :

This debdiff completely fixes the bug.

Timothy Pearson (kb9vqf) on 2009-06-29
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xscreensaver - 5.08-0ubuntu2

---------------
xscreensaver (5.08-0ubuntu2) karmic; urgency=low

  * Included patch for Phosphor segfault (LP: #357556)

 -- Timothy Pearson <email address hidden> Mon, 29 June 2009 12:07:00 -0600

Changed in xscreensaver (Ubuntu):
status: Confirmed → Fix Released
Changed in xscreensaver (Debian):
status: Confirmed → Fix Released
Changed in xscreensaver (Fedora):
importance: Unknown → Medium
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.