Bug 730021 - Xephyr: crash on reset
Summary: Xephyr: crash on reset
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xorg-x11-server
Version: 5.7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Adam Jackson
QA Contact: Desktop QE
URL:
Whiteboard:
: 729990 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-11 14:49 UTC by Tomas Pelka
Modified: 2013-11-05 19:39 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-05 19:39:49 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
backtrace (1.74 KB, text/plain)
2011-08-11 14:59 UTC, Tomas Pelka
no flags Details

Description Tomas Pelka 2011-08-11 14:49:40 UTC
Description of problem:
Getting segfault only when running reproducer for CVE-2011-2895 (see https://bugzilla.redhat.com/show_bug.cgi?id=725760#c2), segfaulting on new packages only using Xephyr. Xorg, Xnest are fine. 

Version-Release number of selected component (if applicable):
libXfont-1.2.2-1.0.4.el5_7

How reproducible:
100%

Steps to Reproduce:
1. follow instructions at https://bugzilla.redhat.com/show_bug.cgi?id=725760#c2 
2.
3.
  
Actual results:
SIGSEGV

Expected results:
no segfault

Additional info:

Program received signal SIGSEGV, Segmentation fault.
__glXMesaScreenDestroy (screen=0x9d5b2e8) at xf86glx.c:299
299		if (mesaScreen->xm_vis[i])
#0  __glXMesaScreenDestroy (screen=0x9d5b2e8) at xf86glx.c:299
        i = 0
#1  0x08125527 in __glXResetScreens () at glxscreens.c:321
        i = 0
#2  0x0812476c in ResetExtension (extEntry=0x9d540c8) at glxext.c:49
No locals.
#3  0x080750a6 in CloseDownExtensions () at extension.c:280
        i = 20
        j = 0
#4  0x0807921f in main (argc=4, argv=0xbfb8a4c4, envp=0x2415e0) at main.c:453
        i = <value optimized out>
        error = 9076504
        xauthfile = <value optimized out>
        alwaysCheckForInput = {0, 1}
A debugging session is active.

	Inferior 1 [process 5407] will be detached.

Quit anyway? (y or n) LND: Sending signal 11 to process 5407
Detaching from program: /usr/bin/Xephyr, process 5407

Comment 1 Tomas Pelka 2011-08-11 14:59:25 UTC
Created attachment 517825 [details]
backtrace

Actually Xephyr crash it self when executing as:

Xephyr :99 -reset -terminate

Backtrace attached.

Comment 2 Tomas Pelka 2011-08-11 15:13:49 UTC
*** Bug 729990 has been marked as a duplicate of this bug. ***

Comment 3 Vincent Danen 2011-08-11 21:22:29 UTC
I don't believe this is related to the CVE-2011-2895 fix.  I ran the runtest.sh script as part of the reproducer and commented out pretty much everything and it crashes both post- and pre-update:


elif [ "$1" = 'run' ]; then
        echo "using font directory: $PWD/fontdir"
        #xset +fp $PWD/fontdir
        #xset fp rehash
        #echo 'running xfontsel - expect BOOM'
        #xfontsel &
        #xfspid=$!
        sleep 30        # give it some time to run and crash
        #kill -HUP $xfspid


So it all it should be doing is sleeping, but the crash is immedaite:


[vdanen@odvcent5]~/tmp/libXfont-LZW-overflow% time sh runtest.sh prep :2 Xephyr running Xephyr on :2...

Xephyr unable to use SHM XImages
Extended Input Devices not yet supported. Impelement it at line 625 in kinput.c
runtest.sh: line 23:  5504 Segmentation fault      $serv $disp -reset -terminate

FAIL: X server crashed

sh runtest.sh prep :2 Xephyr  0.03s user 0.14s system 13% cpu 1.247 total


So this clearly has nothing to do with the libXfont changes.

Comment 4 RHEL Program Management 2012-01-09 14:38:17 UTC
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.8 and Red Hat does not plan to fix this issue the currently developed update.

Contact your manager or support representative in case you need to escalate this bug.

Comment 5 RHEL Program Management 2012-10-30 06:15:15 UTC
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.

Comment 6 Adam Jackson 2013-11-05 19:39:49 UTC
No further X updates are planned for RHEL5.


Note You need to log in before you can comment on or make changes to this bug.