[Bug 36855] SIGSEGV when opening email - Address out of bounds in RADEONUploadToScreenCS

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue May 17 09:20:33 PDT 2011 

https://bugs.freedesktop.org/show_bug.cgi?id=36855

Michel Dänzer <michel at daenzer.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|Driver/Radeon               |Server/general
         AssignedTo|xorg-driver-ati at lists.x.org |xorg-team at lists.x.org

--- Comment #10 from Michel Dänzer <michel at daenzer.net> 2011-05-17 09:20:33 PDT ---
(In reply to comment #8)
> Here's the valgrind log. The Xorg server don't crash under valgrind but I guess
> that's normal.

Yes, but the valgrind output doesn't mention RADEONUploadToScreenCS at all. The
only thing that seems possibly related to the crash is the invalid read below;
it looks like the X server or pixman is prematurely freeing memory still in use
by other parts of the X server, which could cause all kinds of problems.

It might be useful if you could get another valgrind log with libpixman-1-0-dbg
installed.

==6143== Invalid read of size 1
==6143==    at 0x40351DF: RecordAReply (record.c:613)
==6143==    by 0x8074E1D: _CallCallbacks (dixutils.c:743)
==6143==    by 0x80A7606: WriteToClient (callback.h:86)
==6143==    by 0x4034135: RecordFlushReplyBuffer (record.c:253)
==6143==    by 0x40341E3: RecordFlushAllContexts (record.c:870)
==6143==    by 0x8074E1D: _CallCallbacks (dixutils.c:743)
==6143==    by 0x80A76E7: FlushAllOutput (callback.h:86)
==6143==    by 0x80A7830: FlushIfCriticalOutputPending (io.c:711)
==6143==    by 0x806FF12: Dispatch (dispatch.c:364)
==6143==    by 0x806281B: main (main.c:287)
==6143==  Address 0x5d6cfc8 is 48 bytes inside a block of size 188 free'd
==6143==    at 0x4025BF0: free (vg_replace_malloc.c:366)
==6143==    by 0x4100AA9: pixman_image_unref (in
/usr/lib/libpixman-1.so.0.20.2)
==6143==    by 0x49AD630: free_pixman_pict (fbpict.c:362)
==6143==    by 0x49B29D9: fbRasterizeTrapezoid (fbtrap.c:65)
==6143==    by 0x49C7676: exaTrapezoids (exa_render.c:1175)
==6143==    by 0x811CC47: CompositeTrapezoids (picture.c:1746)
==6143==    by 0x8122B50: ProcRenderTrapezoids (render.c:783)
==6143==    by 0x811D182: ProcRenderDispatch (render.c:2057)
==6143==    by 0x8070166: Dispatch (dispatch.c:431)
==6143==    by 0x806281B: main (main.c:287)

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the xorg-driver-ati mailing list