Bug 240990
| Summary: | Xorg X11 server receives SIGSEGV in SrvXkbResizeKeyType | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Michal Ingeli <mi> |
| Component: | xorg-x11-server | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6 | CC: | lkundrak, mcepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-17 13:25:11 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. Could you please also try to run without any /etc/X11/xorg.conf whatsoever and let X11 autodetect your display and video card? Attach to this bug /var/log/Xorg.0.log from this attempt as well, please. We will review this issue again once you've had a chance to attach this information. Thanks in advance. Reporter, could you please reply to the previous question? If you won't reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you. No information requested was provided, so I close this bug as INSUFFICIENT_DATA. Reporter, if you could, please, reopen with additional information. |
Description of problem: When I tried to start a remote X11 session to an Ubuntu box via XDMCP, Xorg server on my Fedora box dies after receiving a fatal signal. Version-Release number of selected component (if applicable): Up-to-date FC6. How reproducible: Allways Steps to Reproduce: 1. X -query ubuntubox Actual results: Program received signal SIGSEGV, Segmentation fault. 0x433f07c3 in _int_malloc () from /lib/libc.so.6 (gdb) bt #0 0x433f07c3 in _int_malloc () from /lib/libc.so.6 #1 0x433f1ece in malloc () from /lib/libc.so.6 #2 0x081a7447 in Xalloc (amount=72) at utils.c:1373 #3 0x081a7ab5 in Xcalloc (amount=72) at utils.c:1414 #4 0x08196b2f in SrvXkbResizeKeyType (xkb=0x8993f78, type_ndx=17, map_count=6, want_preserve=1, new_num_lvls=4) at XKBMAlloc.c:394 #5 0x081717ce in ProcXkbSetMap (client=0x89b0dd0) at xkb.c:1937 #6 0x081775ea in ProcXkbDispatch (client=0x48) at xkb.c:6159 #7 0x080880da in Dispatch () at dispatch.c:459 #8 0x0806fa65 in main (argc=4, argv=0xbfa374c4, envp=Cannot access memory at address 0x0 ) at main.c:447 (gdb) (gdb) up 4 #4 0x08196b2f in SrvXkbResizeKeyType (xkb=0x8993f78, type_ndx=17, map_count=6, want_preserve=1, new_num_lvls=4) at XKBMAlloc.c:394 394 type->map=_XkbTypedRealloc(type->map,map_count,XkbKTMapEntryRec); (gdb) print *xkb $1 = {dpy = 0x0, flags = 0, device_spec = 256, min_key_code = 8 '\b', max_key_code = 255 '�', ctrls = 0x8997a50, server = 0x89946c0, map = 0x8994eb8, indicators = 0x8997aa8, names = 0x89946f0, compat = 0x8995c28, geom = 0x8997d20} (gdb) print *type $2 = {mods = {mask = 0 '\0', real_mods = 0 '\0', vmods = 0}, num_levels = 0 '\0', map_count = 0 '\0', map = 0x0, preserve = 0x0, name = 0, level_names = 0x0} (gdb) frame 2 #2 0x081a7447 in Xalloc (amount=72) at utils.c:1373 1373 if ((ptr = (pointer)malloc(amount))) { (gdb) print amount $3 = 72 What seems weird to me is the place where the segmentation violation occurs: _X_EXPORT void * Xalloc(unsigned long amount) { register pointer ptr; if ((long)amount <= 0) { return (unsigned long *)NULL; } /* aligned extra on long word boundary */ amount = (amount + (sizeof(long) - 1)) & ~(sizeof(long) - 1); #ifdef MEMBUG if (!Must_have_memory && Memory_fail && ((random() % MEM_FAIL_SCALE) < Memory_fail)) return (unsigned long *)NULL; #endif if ((ptr = (pointer)malloc(amount))) { return (unsigned long *)ptr; } if (Must_have_memory) FatalError("Out of memory"); return (unsigned long *)NULL; } Additional info: In case not enough information is provided, feel free to ask.