Bug 436898

Summary: selecting a lot files in kaffeine's file dialog crashes the X server
Product: [Fedora] Fedora Reporter: Hin-Tak Leung <htl10>
Component: xorg-x11Assignee: X/OpenGL Maintenance List <xgl-maint>
Status: CLOSED CANTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: 8CC: mcepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-03-11 16:57:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hin-Tak Leung 2008-03-11 00:15:56 UTC 
Description of problem:

Kaffeine is a KDE movie player application. Instead of using the 'open
directory' functionality, I used the 'open...' functionality and selected
multiple files with control+mouse-click. When I did some 40+ files in a
directory, the X server resets and crashed.

Here is the tail end of the X server log (I could attach the whole if required):

Backtrace:
0: /usr/bin/X(xf86SigHandler+0x6d) [0x47fe2d]
1: /lib64/libc.so.6 [0x3271430f30]
2: /lib64/libc.so.6(memcpy+0xd2) [0x327147b382]
3: /usr/lib64/xorg/modules//glesx.so [0x2aaaaed147f7]
4: /usr/lib64/xorg/modules//glesx.so [0x2aaaaed73b0f]
5: /usr/lib64/xorg/modules//glesx.so [0x2aaaaed4bd56]
6: /usr/lib64/xorg/modules//glesx.so [0x2aaaaed4c484]
7: /usr/lib64/xorg/modules//glesx.so [0x2aaaaecc6137]
8: /usr/lib64/xorg/modules//glesx.so [0x2aaaaecc2737]
9: /usr/bin/X [0x492f3a]
10: /usr/lib64/xorg/modules/extensions//libextmod.so [0x2aaaaadb9ebd]
11: /usr/bin/X(Dispatch+0x1db) [0x44a54b]
12: /usr/bin/X(main+0x465) [0x4332b5]
13: /lib64/libc.so.6(__libc_start_main+0xf4) [0x327141e074]
14: /usr/bin/X(FontFileCompleteXLFD+0x259) [0x432579]

Fatal server error:
Caught signal 11.  Server aborting

(II) AIGLX: Suspending AIGLX clients for VT switch

Version-Release number of selected component (if applicable):
$ rpm -qf /usr/bin/X
xorg-x11-server-Xorg-1.3.0.0-42.fc8.x86_64

How reproducible:
Only once - the result is too unpleasant (and anyway, 'open directory' is the
correct usage of the application concerned), I haven't tried again.

Steps to Reproduce:
1. start kaffeine
2. using file->open..., and go to a directory with a lot of files, do
control-mouse-select to add multiple files
3.
  
Actual results:

X server crashed.


Expected results:
X server stays up, either the list get truncated or Kaffeine should throw an
error by itself.

Additional info:

Am using the ati fglrx proprietary driver... however, this seems to be a
simple case of buffer overrun from application uncaught in the X server
libraries? Since it dies at a memcpy()...
Comment 1 Matěj Cepl 2008-03-11 16:57:32 UTC 
It seems to me that this is crash in fglrx. So:

Thanks for the report. We are sorry that we cannot help you with your problem,
but we are not able to support binary-only drivers. If you would be able to
reproduce this issue using only open source software, please, reopen this bug
with the additional information, but in meantime I have no choice than to close
this bug as CANTFIX (because we really cannot fix it).
Comment 2 Hin-Tak Leung 2008-03-14 04:09:07 UTC 
FWIW, I restored the old libGL* and run the vesa driver, and tried it again,
couldn't get it to crash; and get back to the proprietary libGL* and fglrx driver
and tried also and it won't crash. So maybe it was a one-off event; and surely
I don't want to see it again :-).