Bug#235914: xlibmesa-dri: fontglide screensaver totally locks up machine every time

Mon, 08 Mar 2004 15:09:04 -0600 

retitle 235914 xfree86: [libXfont] SEGV in fs_read_list_info()
tag 235914 + upstream help
thanks

On Sat, Mar 06, 2004 at 02:46:07PM -0800, Jeff Bowden wrote:
> OK, I finally figured out to run XFree86-debug  with the "-ac" flag from 
> the console and connect to the process with gdb --pid=<pid>.   When I 
> run /usr/lib/xscreensaver/fontglide from another remote shell I get the 
> crash with the following output:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x40146fbf in memcpy () from /lib/tls/libc.so.6
> (gdb) bt
> #0  0x40146fbf in memcpy () from /lib/tls/libc.so.6
> #1  0x08c31070 in ?? ()
> #2  0xbffff7e0 in ?? ()
> #3  0x088cfadd in fs_read_list_info (fpe=0x8b566c0, blockrec=0x8c31070) 
> at fserve.c:2376
> #4  0x088ce1b4 in fs_read_reply (fpe=0x8b566c0, client=0x0) at fserve.c:1310
> #5  0x088ce2c8 in fs_wakeup (fpe=0x8b566c0, mask=0x8acb3e0) at fserve.c:1349
> #6  0x084b0eb5 in FontWakeup (data=0x0, count=1, 
> LastSelectMask=0x8acb3e0) at dixfonts.c:190
> #7  0x0848d67f in WakeupHandler (result=1, pReadmask=0x8acb3e0) at 
> dixutils.c:459
> #8  0x084b685f in WaitForSomething (pClientsReady=0xbffff834) at 
> WaitFor.c:353
> #9  0x084842bc in Dispatch () at dispatch.c:379
> #10 0x0849b95c in main (argc=2, argv=0xbffffd24, envp=0xbffffd30) at 
> main.c:469

Here's the part of fserve.c in question:

   2356     buf = (char *) rep + SIZEOF (fsListFontsWithXInfoReply);
   2357
   2358     /*
   2359      * The original FS implementation didn't match
   2360      * the spec, version 1 was respecified to match the FS.
   2361      * Version 2 matches the original intent
   2362      */
   2363     if (conn->fsMajorVersion <= 1)
   2364     {
   2365         memcpy (binfo->name, buf, rep->nameLength);
   2366         buf += _fs_pad_length (rep->nameLength);
   2367     }
   2368     pi = (fsPropInfo *) buf;
   2369     buf += SIZEOF (fsPropInfo);
   2370     po = (fsPropOffset *) buf;
   2371     buf += pi->num_offsets * SIZEOF (fsPropOffset);
   2372     pd = (pointer) buf;
   2373     buf += pi->data_len;
   2374     if (conn->fsMajorVersion > 1)
   2375     {
   2376         memcpy (binfo->name, buf, rep->nameLength);
   2377         buf += _fs_pad_length (rep->nameLength);
   2378     }

Help wanted!

-- 
G. Branden Robinson                |    Somewhere, there is a .sig so funny
Debian GNU/Linux                   |    that reading it will cause an
[EMAIL PROTECTED]                 |    aneurysm.  This is not that .sig.
http://people.debian.org/~branden/ |

Attachment: signature.asc
Description: Digital signature

Reply via email to