Bug 240990 - Xorg X11 server receives SIGSEGV in SrvXkbResizeKeyType
Summary: Xorg X11 server receives SIGSEGV in SrvXkbResizeKeyType
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-server (Show other bugs)
(Show other bugs)
Version: 6
Hardware: All Linux
Target Milestone: ---
Assignee: X/OpenGL Maintenance List
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-05-23 15:55 UTC by Michal Ingeli
Modified: 2018-04-11 10:27 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-08-17 13:25:11 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Michal Ingeli 2007-05-23 15:55:06 UTC
Description of problem:

When I tried to start a remote X11 session to an Ubuntu box via XDMCP,
Xorg server on my Fedora box dies after receiving a fatal signal.

Version-Release number of selected component (if applicable):

Up-to-date FC6.

How reproducible:


Steps to Reproduce:
1. X -query ubuntubox
Actual results:

Program received signal SIGSEGV, Segmentation fault.
0x433f07c3 in _int_malloc () from /lib/libc.so.6
(gdb) bt
#0  0x433f07c3 in _int_malloc () from /lib/libc.so.6
#1  0x433f1ece in malloc () from /lib/libc.so.6
#2  0x081a7447 in Xalloc (amount=72) at utils.c:1373
#3  0x081a7ab5 in Xcalloc (amount=72) at utils.c:1414
#4  0x08196b2f in SrvXkbResizeKeyType (xkb=0x8993f78, type_ndx=17, map_count=6,
want_preserve=1, new_num_lvls=4)
    at XKBMAlloc.c:394
#5  0x081717ce in ProcXkbSetMap (client=0x89b0dd0) at xkb.c:1937
#6  0x081775ea in ProcXkbDispatch (client=0x48) at xkb.c:6159
#7  0x080880da in Dispatch () at dispatch.c:459
#8  0x0806fa65 in main (argc=4, argv=0xbfa374c4, envp=Cannot access memory at
address 0x0
) at main.c:447
(gdb) up 4
#4  0x08196b2f in SrvXkbResizeKeyType (xkb=0x8993f78, type_ndx=17, map_count=6,
want_preserve=1, new_num_lvls=4)
    at XKBMAlloc.c:394
(gdb) print *xkb
$1 = {dpy = 0x0, flags = 0, device_spec = 256, min_key_code = 8 '\b',
max_key_code = 255 '�', ctrls = 0x8997a50, 
  server = 0x89946c0, map = 0x8994eb8, indicators = 0x8997aa8, names =
0x89946f0, compat = 0x8995c28, geom = 0x8997d20}
(gdb) print *type
$2 = {mods = {mask = 0 '\0', real_mods = 0 '\0', vmods = 0}, num_levels = 0
'\0', map_count = 0 '\0', map = 0x0, 
  preserve = 0x0, name = 0, level_names = 0x0}
(gdb) frame 2
#2  0x081a7447 in Xalloc (amount=72) at utils.c:1373
1373        if ((ptr = (pointer)malloc(amount))) {
(gdb) print amount
$3 = 72

What seems weird to me is the place where the segmentation violation

_X_EXPORT void *
Xalloc(unsigned long amount)
    register pointer  ptr;

    if ((long)amount <= 0) {
        return (unsigned long *)NULL;
    /* aligned extra on long word boundary */
    amount = (amount + (sizeof(long) - 1)) & ~(sizeof(long) - 1);
#ifdef MEMBUG
    if (!Must_have_memory && Memory_fail &&
        ((random() % MEM_FAIL_SCALE) < Memory_fail))
        return (unsigned long *)NULL;
    if ((ptr = (pointer)malloc(amount))) {
        return (unsigned long *)ptr;
    if (Must_have_memory)
        FatalError("Out of memory");
    return (unsigned long *)NULL;

Additional info:

In case not enough information is provided, feel free to ask.

Comment 1 Matěj Cepl 2007-05-31 00:36:39 UTC
Thanks for the bug report.  We have reviewed the information you have provided
above, and there is some additional information we require that will be helpful
in our diagnosis of this issue.

Please attach your X server config file (/etc/X11/xorg.conf) and X server log
file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file
attachments using the bugzilla file attachment link below.

Could you please also try to run without any /etc/X11/xorg.conf whatsoever and
let X11 autodetect your display and video card? Attach to this bug
/var/log/Xorg.0.log from this attempt as well, please.

We will review this issue again once you've had a chance to attach this information.

Thanks in advance.

Comment 2 Matěj Cepl 2007-07-12 21:08:50 UTC
Reporter, could you please reply to the previous question? If you won't reply in
one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.

Comment 3 Matěj Cepl 2007-08-17 13:25:11 UTC
No information requested was provided, so I close this bug as INSUFFICIENT_DATA.
Reporter, if you could, please, reopen with additional information.

Note You need to log in before you can comment on or make changes to this bug.