Ubuntu
xserver-xorg-video-intel package

Bug #696957
Comment #0

Comment 0 for bug 696957

Revision history for this message

liam2 (cosinusoidaly) wrote on 2011-01-03: Large non-antialiased text causes xserver to abort

Binary package hint: xserver-xorg-video-intel

Problem:
If I disable font antialiasing and attempt to access
http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text.

Note: text does not need to be very large. For example http://joe-editor.sourceforge.net/ also triggers the bug.

Description: Ubuntu 10.10
Release: 10.10

xserver-xorg-video-intel:
  Installed: 2:2.12.0-1ubuntu5.1
  Candidate: 2:2.12.0-1ubuntu5.1
  Version table:
*** 2:2.12.0-1ubuntu5.1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages
        100 /var/lib/dpkg/status
     2:2.12.0-1ubuntu5 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages

Backtrace:
#0 0x00681416 in __kernel_vsyscall ()
No symbol table info available.
#1 0x00298941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimised out>
        pid = 3960820
        selftid = 1949
#2 0x0029be42 in abort () at abort.c:92
        act = {__sigaction_handler = {sa_handler = 0x468,
            sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888,
              3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820,
              3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108,
              198339232, 0, 4222451712, 198339336, 198339437, 198339336,
              198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0,
              0}}, sa_flags = 0, sa_restorer = 0x4}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#3 0x002918e8 in __assert_fail (
    assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)",
    file=0x200080 "../../uxa/uxa-glyphs.c", line=986,
    function=0x200124 "uxa_glyphs_via_mask") at assert.c:81
        buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n"
#4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58,
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1,
    list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986
        src_pixmap = 0xbd26440
        src_x = 0
        glyph = 0xbb34bb8
        src_y = 0
        priv = 0xbd26440
        screen = 0x9c01750
        mask = 0xbd26a48
        y = 52
        pixmap = 0xbd26938
        width = <value optimised out>
        dst_off_x = 6
        dst_off_y = 25
        box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93}
        component_alpha = 0
        glyph_atlas = <value optimised out>
        x = 2
        height = <value optimised out>
        error = 0
#5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8,
    maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570,
    glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151
        screen = 0x9c01750
        uxa_screen = <value optimised out>
        xDst = 2
        yDst = 198338872
        extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
        width = 0
        height = 0
        ret = <value optimised out>
        localDst = 0x8
#6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8,
    maskFormat=0xb2bb7f0, xSrc=<value optimised out>,
    ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170)
    at ../../../miext/damage/damage.c:718
        pScreen = <value optimised out>
#7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58,
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>,
    ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170)
    at ../../render/glyph.c:604
No locals.
#8 0x0811c463 in ProcRenderCompositeGlyphs (client=0xb62e338)
    at ../../render/render.c:1435
        glyphSet = 0xb72e468
        pSrc = 0xbb11b58
        pDst = 0xbb366a8
        pFormat = 0xb2bb7f0
        listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006',
            format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000',
            format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079,
            len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511,
            len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0,
            len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0,
            len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055,
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0,
            len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080,
            len = 184 '\270', format = 0x8104a2e}}
        lists = 0xbf81457c
        listsBase = 0xbf814570
        glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088,
          0xbaf1088, 0x0 <repeats 250 times>}
        glyph = <value optimised out>
        glyphs = 0xbf814188
        glyphsBase = 0xbf814170
        buffer = <value optimised out>
        end = 0xba105b0 "\225\021\003"
        nglyph = -1082048120
        nlist = 1
        space = <value optimised out>
        size = <value optimised out>
        rc = <value optimised out>
#9 0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/render.c:2051
No locals.
#10 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432
        result = <value optimised out>
        client = 0xb62e338
        nready = 0
        start_tick = 260
#11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20)
    at ../../dix/main.c:291
        i = 1
        alwaysCheckForInput = {0, 1}

Tracked bug down to uxa/uxa-glyphs.c in the xserver-xorg-video-intel driver. I looked at the latest git of the driver and knocked together the following patch which seems to work. Not sure of the quality of the code though:

     mask_pixmap =
      uxa_get_drawable_pixmap(this_atlas->pDrawable);
- assert (uxa_pixmap_is_offscreen(mask_pixmap));
-
- if (!uxa_screen->info->prepare_composite(op,
+ if (!uxa_pixmap_is_offscreen(mask_pixmap) ||
+ !uxa_screen->info->prepare_composite(op,
           localSrc, this_atlas, pDst,
           src_pixmap, mask_pixmap, dst_pixmap))
      return -1;
@@ -983,9 +986,8 @@

     src_pixmap =
      uxa_get_drawable_pixmap(this_atlas->pDrawable);
- assert (uxa_pixmap_is_offscreen(src_pixmap));
-
- if (!uxa_screen->info->prepare_composite(PictOpAdd,
+ if (!uxa_pixmap_is_offscreen(src_pixmap) ||
+ !uxa_screen->info->prepare_composite(PictOpAdd,
           this_atlas, NULL, mask,
           src_pixmap, NULL, pixmap))
      return -1;

Binary package hint: xserver-xorg-video-intel

Problem:
If I disable font antialiasing and attempt to access 
http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text.

Note: text does not need to be very large. For example http://joe-editor.sourceforge.net/ also triggers the bug.

Description:    Ubuntu 10.10
Release:        10.10

xserver-xorg-video-intel:
  Installed: 2:2.12.0-1ubuntu5.1
  Candidate: 2:2.12.0-1ubuntu5.1
  Version table:
 *** 2:2.12.0-1ubuntu5.1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages
        100 /var/lib/dpkg/status
     2:2.12.0-1ubuntu5 0
        500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages

Backtrace:
#0  0x00681416 in __kernel_vsyscall ()
No symbol table info available.
#1  0x00298941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        resultvar = <value optimised out>
        pid = 3960820
        selftid = 1949
#2  0x0029be42 in abort () at abort.c:92
        act = {__sigaction_handler = {sa_handler = 0x468, 
            sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888, 
              3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820, 
              3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108, 
              198339232, 0, 4222451712, 198339336, 198339437, 198339336, 
              198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0, 
              0}}, sa_flags = 0, sa_restorer = 0x4}
        sigs = {__val = {32, 0 <repeats 31 times>}}
#3  0x002918e8 in __assert_fail (
    assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)", 
    file=0x200080 "../../uxa/uxa-glyphs.c", line=986, 
    function=0x200124 "uxa_glyphs_via_mask") at assert.c:81
        buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n"
#4  0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58, 
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, 
    list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986
        src_pixmap = 0xbd26440
        src_x = 0
        glyph = 0xbb34bb8
        src_y = 0
        priv = 0xbd26440
        screen = 0x9c01750
        mask = 0xbd26a48
        y = 52
        pixmap = 0xbd26938
        width = <value optimised out>
        dst_off_x = 6
        dst_off_y = 25
        box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93}
        component_alpha = 0
        glyph_atlas = <value optimised out>
        x = 2
        height = <value optimised out>
        error = 0
#5  uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8, 
    maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570, 
    glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151
        screen = 0x9c01750
        uxa_screen = <value optimised out>
        xDst = 2
        yDst = 198338872
        extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0}
        width = 0
        height = 0
        ret = <value optimised out>
        localDst = 0x8
#6  0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8, 
    maskFormat=0xb2bb7f0, xSrc=<value optimised out>, 
    ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170)
    at ../../../miext/damage/damage.c:718
        pScreen = <value optimised out>
#7  0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58, 
    pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>, 
    ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170)
    at ../../render/glyph.c:604
No locals.
#8  0x0811c463 in ProcRenderCompositeGlyphs (client=0xb62e338)
    at ../../render/render.c:1435
        glyphSet = 0xb72e468
        pSrc = 0xbb11b58
        pDst = 0xbb366a8
        pFormat = 0xb2bb7f0
        listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006', 
            format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000', 
            format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064, 
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, 
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, 
            len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0, 
            len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079, 
            len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511, 
            len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0, 
            len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0, 
            len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055, 
            len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, 
            len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080, 
            len = 184 '\270', format = 0x8104a2e}}
        lists = 0xbf81457c
        listsBase = 0xbf814570
        glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088, 
          0xbaf1088, 0x0 <repeats 250 times>}
        glyph = <value optimised out>
        glyphs = 0xbf814188
        glyphsBase = 0xbf814170
        buffer = <value optimised out>
        end = 0xba105b0 "\225\021\003"
        nglyph = -1082048120
        nlist = 1
        space = <value optimised out>
        size = <value optimised out>
        rc = <value optimised out>
#9  0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/render.c:2051
No locals.
#10 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432
        result = <value optimised out>
        client = 0xb62e338
        nready = 0
        start_tick = 260
#11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20)
    at ../../dix/main.c:291
        i = 1
        alwaysCheckForInput = {0, 1}

--- a/uxa/uxa-glyphs.c	2010-06-24 21:29:37.000000000 +0100
+++ b/uxa/uxa-glyphs.c	2010-12-31 19:51:49.000000000 +0000
@@ -164,8 +164,12 @@
 					       INTEL_CREATE_PIXMAP_TILING_X);
 		if (!pixmap)
 			goto bail;
-		assert (uxa_pixmap_is_offscreen(pixmap));
-
+	if (!uxa_pixmap_is_offscreen(pixmap)) {
+			/* Presume shadow is in-effect */
+			pScreen->DestroyPixmap(pixmap);
+			uxa_unrealize_glyph_caches(pScreen);
+			return TRUE;
+		}
 		component_alpha = NeedsComponent(pPictFormat->format);
 		picture = CreatePicture(0, &pixmap->drawable, pPictFormat,
 					CPComponentAlpha, &component_alpha,
@@ -780,9 +784,8 @@
 
 				mask_pixmap =
 					uxa_get_drawable_pixmap(this_atlas->pDrawable);
-				assert (uxa_pixmap_is_offscreen(mask_pixmap));
-
-				if (!uxa_screen->info->prepare_composite(op,
+					if (!uxa_pixmap_is_offscreen(mask_pixmap) ||
+				    !uxa_screen->info->prepare_composite(op,
 									 localSrc, this_atlas, pDst,
 									 src_pixmap, mask_pixmap, dst_pixmap))
 					return -1;
@@ -983,9 +986,8 @@
 
 				src_pixmap =
 					uxa_get_drawable_pixmap(this_atlas->pDrawable);
-				assert (uxa_pixmap_is_offscreen(src_pixmap));
-
-				if (!uxa_screen->info->prepare_composite(PictOpAdd,
+				if (!uxa_pixmap_is_offscreen(src_pixmap) ||
+				    !uxa_screen->info->prepare_composite(PictOpAdd,
 									 this_atlas, NULL, mask,
 									 src_pixmap, NULL, pixmap))
 					return -1;

Ubuntuxserver-xorg-video-intel package

Comment 0 for bug 696957

Ubuntu
xserver-xorg-video-intel package