Package: xserver-xfree86 Version: 4.3.0.1.dfsg.1-8 Severity: normal
Script started on Thu 02 Dec 2004 04:40:39 PM MST [EMAIL PROTECTED]:~# gdb /usr/X11R6/bin/XFree86-debug GNU gdb 6.3-debian Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "ia64-linux"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run Starting program: /usr/X11R6/bin/XFree86-debug This is a pre-release version of XFree86, and is not supported in any way. Bugs may be reported to XFree86@XFree86.Org and patches submitted to [EMAIL PROTECTED] Before reporting bugs in pre-release versions, please check the latest version in the XFree86 CVS repository (http://www.XFree86.Org/cvs). XFree86 Version 4.3.0.1 (Debian (static) 4.3.0.dfsg.1-8 20040928150828 [EMAIL PROTECTED]) Release Date: 15 August 2003 X Protocol Version 11, Revision 0, Release 6.6 Build Operating System: Linux 2.4.25-dsa-mckinley-smp ia64 [ELF] Build Date: 28 September 2004 Before reporting problems, check http://www.XFree86.Org/ to make sure that you have the latest version. OS Kernel: Linux version 2.6.10-rc2 ([EMAIL PROTECTED]) (gcc version 3.3.3 20040110 (prerelease) (Debian)) #4 SMP Mon Nov 29 16:45:09 MST 2004 Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/XFree86.0.log", Time: Thu Dec 2 16:40:56 2004 (==) Using config file: "/etc/X11/XF86Config-4" Program received signal SIGSEGV, Segmentation fault. RADEONQueryConnectedDisplays (pScrn=0x600000000010a430, pInt10=0x600000000010d3c0) at radeon_driver.c:1275 1275 radeon_driver.c: No such file or directory. in radeon_driver.c (gdb) x/i $pc 0x4000000000834f21 <RADEONQueryConnectedDisplays+4161>: ld8 r14=[r14] (gdb) p $r14 $1 = 568 (gdb) bt #0 RADEONQueryConnectedDisplays (pScrn=0x600000000010a430, pInt10=0x600000000010d3c0) at radeon_driver.c:1275 #1 0x40000000008368b0 in RADEONGetBIOSParameters (pScrn=0x600000000010a430, pInt10=0x600000000010d3c0) at radeon_driver.c:1456 #2 0x400000000084dcf0 in RADEONPreInit (pScrn=0x600000000010a430, flags=0) at radeon_driver.c:4049 #3 0x4000000000de3780 in InitOutput (pScreenInfo=0x60000000000e93e0, argc=1, argv=0x60000fffffffb958) at xf86Init.c:574 #4 0x40000000010d2080 in main (argc=1, argv=0x60000fffffffb958, envp=0x60000fffffffb968) at main.c:361 (gdb) quit The program is running. Exit anyway? (y or n) y [EMAIL PROTECTED]:~# Script done on Thu 02 Dec 2004 04:41:33 PM MST The problem is pretty clear from the source. We call vbeDoEDID(), which usually returns a pointer, but can return NULL for failure. Then we dereference it without bothering to check for NULL: for (i = 0; i < 5; i++) { pRADEONEnt->MonInfo1 = vbeDoEDID(pVbe, NULL); } if (pRADEONEnt->MonInfo1->rawData[0x14] & 0x80) pRADEONEnt->MonType1 = MT_DFP; else pRADEONEnt->MonType1 = MT_CRT; Here's a patch: --- xc/programs/Xserver/hw/xfree86/drivers/ati/radeon_driver.c.orig 2004-11-30 13:59:17.314008332 -0700 +++ xc/programs/Xserver/hw/xfree86/drivers/ati/radeon_driver.c 2004-11-30 14:00:14.328656071 -0700 @@ -1272,7 +1272,7 @@ for (i = 0; i < 5; i++) { pRADEONEnt->MonInfo1 = vbeDoEDID(pVbe, NULL); } - if (pRADEONEnt->MonInfo1->rawData[0x14] & 0x80) + if (pRADEONEnt->MonInfo1 && pRADEONEnt->MonInfo1->rawData[0x14] & 0x80) pRADEONEnt->MonType1 = MT_DFP; else pRADEONEnt->MonType1 = MT_CRT; }
