Bug 173798
Summary: | XPolygonRegion double free segv | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Caolan McNamara <caolanm> | ||||
Component: | libX11 | Assignee: | X/OpenGL Maintenance List <xgl-maint> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | David Lawrence <dkl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rawhide | CC: | mefoster, mgalgoci | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-02-09 11:13:48 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 150222 | ||||||
Attachments: |
|
Description
Caolan McNamara
2005-11-21 12:26:19 UTC
Created attachment 121295 [details]
sample program
*** Bug 173799 has been marked as a duplicate of this bug. *** ooo backtrace for reference #6 0x00553953 in XPolygonRegion () from /usr/lib/libX11.so.6 #7 0x00e71e7e in X11SalGraphics::drawPolyPolygon (this=0x52b2530, nPoly=4, pPoints=0xbf9d4220, pPtAry=0xbf9d41a0) at /usr/src/debug/SRC680_m141/vcl/unx/source/gdi/salgdi.cxx:843 #8 0x03c6e29b in SalGraphics::DrawPolyPolygon (this=0x52b2530, nPoly=4, pPoints=0xbf9d4220, pPtAry=0xbf9d41a0, pOutDev=0x52c35d0) at /usr/src/debug/SRC680_m141/vcl/source/gdi/salgdilayout.cxx:347 #9 0x03c069e1 in OutputDevice::ImplDrawPolyPolygon (this=0x52c35d0, nPoly=4, rPolyPoly=@0xbf9d42c8) at /usr/src/debug/SRC680_m141/vcl/source/gdi/outdev.cxx:344 #10 0x03c092b2 in OutputDevice::DrawPolyPolygon (this=0x52c35d0, rPolyPoly=@0xbf9d465c) at /usr/src/debug/SRC680_m141/vcl/source/gdi/outdev.cxx:2467 #11 0x087895f2 in XOutputDevice::ImpDrawFillPolyPolygon (this=0x539fe60, rPolyPoly=@0xbf9d465c, bRect=0 '\0', bPrinter=0 '\0') at /usr/src/debug/SRC680_m141/svx/source/xoutdev/_ximp.cxx:138 #12 0x08789eba in XOutputDevice::DrawFillPolyPolygon (this=0x539fe60, rPolyPoly=@0xbf9d465c, bRect=0 '\0') at /usr/src/debug/SRC680_m141/svx/source/xoutdev/_ximp.cxx:119 #13 0x08763908 in XOutputDevice::DrawXPolyPolygon (this=0x539fe60, rXPolyPoly=@0x3478574) at /usr/src/debug/SRC680_m141/svx/source/xoutdev/xout.cxx:365 #14 0x0855a709 in SdrPathObj::DoPaintObject (this=0x34784b0, rXOut=@0x539fe60, rInfoRec=@0x332f370) at /usr/src/debug/SRC680_m141/svx/source/svdraw/svdopath.cxx:411 #15 0x08522d37 in sdr::contact::ViewContactOfSdrObj::PaintObject (this=0x34799e0, rDisplayInfo=@0xbf9d4c30, rPaintRectangle=@0xbf9d4784, rAssociatedVOC=@0x5421620) at /usr/src/debug/SRC680_m141/svx/source/sdr/contact/viewcontactofsdrobj.cxx:260 #16 0x08528c79 in sdr::contact::ViewObjectContact::PaintObject (this=0x5421620, rDisplayInfo=@0xbf9d4c30) at /usr/src/debug/SRC680_m141/svx/source/sdr/contact/viewobjectcontact.cxx:288 #17 0xb6f8f6bb in sd::ViewRedirector::PaintObject (this=0xbf9d4d98, rOriginal=@0x5421620, rDisplayInfo=@0xbf9d4c30) at /usr/src/debug/SRC680_m141/sd/source/ui/view/sdview.cxx:454 #18 0x08528d8d in sdr::contact::ViewObjectContact::PaintObjectHierarchy (this=0x5421620, rDisplayInfo=@0xbf9d4c30) at /usr/src/debug/SRC680_m141/svx/source/sdr/contact/viewobjectcontact.cxx:367 #19 0x08528e26 in sdr::contact::ViewObjectContact::PaintDrawHierarchy (this=0x54214c8, rDisplayInfo=@0xbf9d4c30) at /usr/src/debug/SRC680_m141/svx/source/sdr/contact/viewobjectcontact.cxx:326 Please report to X.Org bugzilla, http://bugs.freedesktop.org in "xorg" component, and mark it as blocking bug 1690 the release blocker. Final freeze for RC3 is soon, so this will flag it for investigation for X11R7. After you file, please paste the upstream URL here for tracking. TIA *** Bug 175409 has been marked as a duplicate of this bug. *** This was fixed in X11R7.0 release already, indicated in upstream report: ------- Additional comment #3 from Kevin E. Martin on 2005-12-10 02:30 [reply] ------- Thanks Caolan! The sample code helped me track down the problem -- it turned out to be that Xlib requires not only malloc(0) return a valid pointer, but also realloc(ptr,0) return a valid pointer. However, most systems treat realloc(ptr,0) as free(ptr). I fixed it by updating the macro to set the MALLOC_0_RETURNS_NULL define. |